Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"The requested resource is in use" Malware


  • This topic is locked This topic is locked
27 replies to this topic

#1 IcedBong

IcedBong

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 27 March 2017 - 07:35 PM

Hey tried to get some keys for Kaspersky and for the first time I got infected with a virus, I've tried everything and hope you guys can help me dont really feel like re installing windows.
 
Here are the logs, thanks in advance, will also donate for your time when we're done. :)

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by IcedBong (administrator) on ANIVIA (27-03-2017 20:31:11)
Running from C:\Users\IcedBong\Desktop
Loaded Profiles: IcedBong (Available Profiles: IcedBong)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\DAODx.exe
() C:\Windows\System32\tprdpw32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Akamai Technologies, Inc.) C:\Users\IcedBong\AppData\Local\Akamai\netsession_win.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Akamai Technologies, Inc.) C:\Users\IcedBong\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(winscr) C:\Users\IcedBong\AppData\Local\ntuserlitelist\winscr\winscr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2157056 2009-05-17] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-26] (AVAST Software)
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\Run: [Akamai NetSession Interface] => C:\Users\IcedBong\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {070e862d-9d9f-11e3-9e17-20cf3078e135} - E:\LGAutoRun.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {3dd3d18f-55d7-11e6-b892-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {6de0c3f3-6cac-11e6-9e5e-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {7d98a93f-89c8-11e6-a719-bcaec51da91f} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d66-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d74-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-26] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 72.45.32.147 72.45.32.148
Tcpip\..\Interfaces\{842433F0-A907-41D8-B5AE-17EDB63B7847}: [DhcpNameServer] 72.45.32.147 72.45.32.148

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-940105315-3209186146-3874473534-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=102913&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-940105315-3209186146-3874473534-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=102913&q={searchTerms}&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-26] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-26] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF ProfilePath: C:\Users\IcedBong\AppData\Roaming\Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552 [2017-03-27]
FF Homepage: Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552 -> hxxps://www.google.com/
FF Extension: (ADB Helper) - C:\Users\IcedBong\AppData\Roaming\Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552\Extensions\adbhelper@mozilla.org [2017-03-16]
FF Extension: (Valence) - C:\Users\IcedBong\AppData\Roaming\Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552\Extensions\fxdevtools-adapters@mozilla.org [2017-01-27]
FF Extension: (uBlock Origin) - C:\Users\IcedBong\AppData\Roaming\Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552\Extensions\uBlock0@raymondhill.net.xpi [2017-03-14]
FF Extension: (Site Deployment Checker) - C:\Users\IcedBong\AppData\Roaming\Mozilla\Firefox\Profiles\o99z2pal.default-1461110592552\features\{52997dd0-d624-46fa-89bf-c5fa5411ec98}\deployment-checker@mozilla.org.xpi [2017-03-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-940105315-3209186146-3874473534-1000: @my.com/Games -> C:\Users\IcedBong\AppData\Local\MyComGames\NPMyComDetector.dll [2017-03-06] (MY.COM B.V.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default [2017-03-27]
CHR Extension: (Google Slides) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-26]
CHR Extension: (Google Docs) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-27]
CHR Extension: (Google Drive) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-27]
CHR Extension: (YouTube) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-27]
CHR Extension: (Google Docs Offline) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR Extension: (Gmail) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\IcedBong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-26] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-26] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-26] (AVAST Software)
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-26] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-26] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-03-26] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-03-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-26] (AVAST Software)
S3 autorun; C:\huadio.tmp [5311 2013-09-13] (Windows ® 2000 DDK provider) [File not signed]
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
S3 mapmem_dv; C:\mapmem.tmp [3808 2013-09-13] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-26] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R1 YSDrv; C:\Windows\System32\DRIVERS\YSDrv.sys [270608 2017-03-26] (BigNox Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U1 aswbdisk; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 20:31 - 2017-03-27 20:32 - 00016264 _____ C:\Users\IcedBong\Desktop\FRST.txt
2017-03-27 20:30 - 2017-03-27 20:31 - 00000000 ____D C:\FRST
2017-03-27 20:30 - 2017-03-27 20:30 - 02424832 _____ (Farbar) C:\Users\IcedBong\Desktop\FRST64.exe
2017-03-27 19:56 - 2017-03-27 19:56 - 00000000 ____D C:\Windows\pss
2017-03-27 10:15 - 2017-03-27 10:15 - 04623024 _____ (Enigma Software Group USA, LLC.) C:\Users\IcedBong\Desktop\SpyHunter-Installer-k.com
2017-03-27 10:12 - 2017-03-27 10:12 - 00003142 _____ C:\Windows\System32\Tasks\{27EB2B57-03AF-4CD0-9D0A-8E3AB03165AD}
2017-03-27 10:11 - 2017-03-27 10:11 - 02659840 _____ C:\Users\IcedBong\Desktop\SH-Alt-Install.exe
2017-03-27 10:05 - 2017-03-27 10:05 - 00892944 _____ (Microsoft Corporation) C:\Users\IcedBong\Desktop\mssstool64.exe
2017-03-27 09:53 - 2017-03-27 09:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\IcedBong\Desktop\rkill.exe
2017-03-27 09:52 - 2017-03-27 09:52 - 00912452 _____ C:\Users\IcedBong\Desktop\rkill.zip
2017-03-27 09:50 - 2017-03-27 09:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\IcedBong\Desktop\LeagueOfHeroes.exe
2017-03-26 23:55 - 2017-03-26 23:55 - 00000000 ___HD C:\$AV_ASW
2017-03-26 23:45 - 2017-03-26 23:45 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490586340
2017-03-26 23:45 - 2017-03-26 23:45 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-26 23:45 - 2017-03-26 23:45 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-26 23:45 - 2017-03-26 23:45 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-03-26 23:45 - 2017-03-26 23:45 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-26 23:43 - 2017-03-27 00:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-26 23:42 - 2017-03-27 00:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-26 23:40 - 2017-03-26 23:40 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-26 23:39 - 2017-03-26 23:39 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\AVAST Software
2017-03-26 23:38 - 2017-03-26 23:38 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-03-26 23:38 - 2017-03-26 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-26 23:35 - 2017-03-26 23:36 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-26 23:35 - 2017-03-26 23:35 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-26 23:35 - 2017-03-26 23:35 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-26 23:35 - 2017-03-26 23:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-03-26 23:35 - 2017-03-26 23:33 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-26 23:35 - 2017-03-26 23:32 - 00461640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-03-26 23:35 - 2017-03-26 23:32 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-26 23:35 - 2017-03-26 23:32 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-26 23:35 - 2017-03-26 23:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-26 23:35 - 2017-03-26 23:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-26 23:32 - 2017-03-26 23:32 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-03-26 23:31 - 2017-03-26 23:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-26 23:31 - 2017-03-26 23:40 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-26 23:23 - 2017-03-27 00:46 - 00000000 ____D C:\Users\IcedBong\AppData\Local\llssoft
2017-03-26 23:15 - 2017-03-26 23:15 - 00292160 _____ C:\Windows\Minidump\032617-21996-01.dmp
2017-03-26 23:13 - 2017-03-27 00:46 - 00000000 ____D C:\Users\IcedBong\AppData\Local\ntuserlitelist
2017-03-26 23:13 - 2017-03-26 23:22 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-26 23:13 - 2017-03-26 23:15 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 23:13 - 2017-03-26 23:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 23:13 - 2017-03-26 23:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2017-03-26 23:13 - 2017-03-26 23:13 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\c
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\microlabs
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.proxycheck
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\ProgramData\1490584389
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-26 23:12 - 2017-03-26 23:21 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-26 23:12 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microleaves
2017-03-26 23:12 - 2017-03-26 23:12 - 00002048 _____ C:\Users\IcedBong\AppData\Local\uninstallro.exe
2017-03-26 23:12 - 2017-03-26 23:12 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\AGData
2017-03-26 19:25 - 2017-03-26 19:25 - 00000000 ____D C:\Program Files\DIFX
2017-03-26 19:25 - 2017-03-26 10:18 - 00270608 _____ (BigNox Corporation) C:\Windows\system32\Drivers\YSDrv.sys
2017-03-15 11:34 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 11:34 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 11:34 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 11:34 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 11:34 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 11:34 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 11:34 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 11:34 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 11:34 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 11:34 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 11:34 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 11:34 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 11:34 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 11:34 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 11:34 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 11:34 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 11:34 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 11:34 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 11:34 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 11:34 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 11:34 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 11:34 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 11:34 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 11:34 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 11:34 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 11:34 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 11:34 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 11:34 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 11:34 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 11:34 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 11:34 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 11:34 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 11:34 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 11:34 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 11:34 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 11:34 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 11:34 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 11:34 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 11:34 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 11:34 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 11:34 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 11:34 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 11:34 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 11:34 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 11:34 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 11:34 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 11:34 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 11:34 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 11:34 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 11:34 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 11:34 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 11:34 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 11:34 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 11:34 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 11:34 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 11:34 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 11:34 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 11:34 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 11:34 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 11:34 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 11:34 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 11:34 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 11:34 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 11:34 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 11:34 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 11:34 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 11:34 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 11:34 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 11:34 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 11:34 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 11:34 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 11:34 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 11:34 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 11:34 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 11:34 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 11:34 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 11:34 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 11:34 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 11:34 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 11:34 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 11:34 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 11:34 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 11:34 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 11:34 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 11:34 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 11:34 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 11:34 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 11:34 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 11:34 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 11:34 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 11:34 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 11:34 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 11:34 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 11:34 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 11:34 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 11:34 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 11:34 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 11:34 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 11:34 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 11:34 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 11:34 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 11:34 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 11:34 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 11:34 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 11:34 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 11:34 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 11:34 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 11:34 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 11:34 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 11:34 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 11:34 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 11:34 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 11:34 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 11:34 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 11:34 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 11:32 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 11:32 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 11:32 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 11:32 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 11:32 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 11:32 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 11:32 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 11:32 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 11:32 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-14 13:51 - 2017-03-26 23:14 - 661901499 _____ C:\Windows\MEMORY.DMP
2017-03-14 13:51 - 2017-03-14 13:52 - 00296288 _____ C:\Windows\Minidump\031417-18205-01.dmp
2017-03-10 02:41 - 2017-03-10 02:41 - 00000331 _____ C:\Users\IcedBong\Desktop\farm seto kaiba.txt
2017-03-09 12:27 - 2017-03-09 12:27 - 00000045 _____ C:\Users\IcedBong\nuuid.ini
2017-03-09 12:27 - 2017-03-09 12:27 - 00000041 _____ C:\Users\IcedBong\inst.ini
2017-03-09 12:27 - 2017-03-09 12:27 - 00000000 ____D C:\Users\IcedBong\Nox_share
2017-03-09 12:26 - 2017-03-26 19:25 - 00000000 ____D C:\Users\IcedBong\vmlogs
2017-03-09 12:26 - 2017-03-26 19:25 - 00000000 ____D C:\Users\IcedBong\.BigNox
2017-03-09 12:26 - 2017-03-09 12:26 - 00000963 _____ C:\Users\IcedBong\Desktop\Nox.lnk
2017-03-09 12:26 - 2017-03-09 12:26 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-03-09 12:25 - 2017-03-26 22:06 - 00000000 ____D C:\Users\IcedBong\AppData\Local\Nox
2017-03-09 12:25 - 2017-03-09 12:25 - 00000000 ____D C:\Program Files (x86)\Nox
2017-03-09 12:25 - 2017-03-09 12:25 - 00000000 ____D C:\Program Files (x86)\Bignox
2017-03-06 00:07 - 2017-03-27 00:37 - 00000000 ____D C:\Users\IcedBong\AppData\Local\MyComGames
2017-03-06 00:07 - 2017-03-12 10:03 - 00000000 ____D C:\MyGames
2017-03-06 00:07 - 2017-03-06 00:58 - 00000119 _____ C:\Users\IcedBong\Desktop\Revelation Online.url
2017-03-06 00:07 - 2017-03-06 00:58 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-03-06 00:07 - 2017-03-06 00:07 - 00002025 _____ C:\Users\IcedBong\Desktop\My.com Game Center.lnk
2017-03-04 02:20 - 2017-03-04 02:20 - 00000000 ____D C:\LGMobileUpgrade
2017-03-04 02:16 - 2017-03-04 02:31 - 00000065 _____ C:\Windows\SysWOW64\lgAxconfig.ini
2017-03-04 02:16 - 2017-03-04 02:16 - 00000000 ____D C:\ProgramData\LGMOBILEAX
2017-03-02 12:08 - 2017-03-26 19:26 - 00000000 ____D C:\Users\IcedBong\.android

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 20:26 - 2016-11-18 17:01 - 00000000 ____D C:\Users\IcedBong\AppData\LocalLow\Mozilla
2017-03-27 20:13 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-27 20:13 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-27 20:05 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-27 00:09 - 2013-09-12 08:25 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-27 00:09 - 2013-09-12 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-27 00:09 - 2013-09-12 08:24 - 00000000 ____D C:\Program Files\WinRAR
2017-03-26 23:46 - 2013-10-27 22:04 - 00000000 ____D C:\Users\IcedBong\AppData\Local\Google
2017-03-26 23:44 - 2015-11-18 20:03 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-26 23:43 - 2014-07-06 19:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-26 23:39 - 2013-11-09 11:03 - 00000000 ____D C:\Temp
2017-03-26 23:37 - 2016-08-02 20:35 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android
2017-03-26 23:37 - 2016-08-02 20:35 - 00000000 ____D C:\Program Files (x86)\Android
2017-03-26 23:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-26 23:35 - 2017-02-22 22:49 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-26 23:34 - 2013-09-13 05:59 - 00000000 ____D C:\Windows\ELAMBKUP
2017-03-26 23:31 - 2017-02-22 22:49 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-26 23:15 - 2013-09-12 18:32 - 00000000 ____D C:\Windows\Minidump
2017-03-26 23:13 - 2013-09-13 04:47 - 00000000 ____D C:\Users\IcedBong
2017-03-26 23:01 - 2017-02-04 12:19 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-26 10:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-03-25 06:00 - 2015-07-25 13:44 - 00000442 _____ C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
2017-03-21 16:07 - 2017-02-23 00:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7C947A6C.sys
2017-03-18 09:45 - 2016-11-18 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-18 09:45 - 2013-09-13 04:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-17 22:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-03-16 01:32 - 2017-02-08 23:14 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-15 16:51 - 2009-07-14 00:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 16:43 - 2014-12-10 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 16:43 - 2014-04-30 02:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 16:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 16:01 - 2013-09-12 07:46 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 15:56 - 2013-09-12 07:46 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 14:08 - 2013-09-13 01:57 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 14:07 - 2013-09-13 01:56 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 14:07 - 2013-09-13 01:56 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 14:07 - 2013-09-13 01:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 14:07 - 2013-09-13 01:56 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-06 20:51 - 2017-02-14 20:08 - 00001492 _____ C:\Users\IcedBong\Desktop\metrorebate.txt
2017-03-06 00:28 - 2016-10-30 19:53 - 00000000 ____D C:\Users\IcedBong\AppData\Local\launcher
2017-03-04 01:48 - 2016-08-27 20:13 - 00000000 ____D C:\ProgramData\SP_FT_Logs

==================== Files in the root of some directories =======

2015-12-26 14:58 - 2016-01-08 20:22 - 0000003 _____ () C:\Users\IcedBong\AppData\Roaming\patchedversion.txt
2017-03-26 23:12 - 2017-03-26 23:12 - 0002048 _____ () C:\Users\IcedBong\AppData\Local\uninstallro.exe
2016-11-21 21:46 - 2016-11-21 21:46 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-03-27 10:11 - 2017-03-27 10:13 - 3516080 _____ (Enigma Software Group USA, LLC.) C:\Users\IcedBong\AppData\Local\Temp\esgsetup.exe
2017-03-27 20:13 - 2017-03-27 20:14 - 169149456 _____ (Microsoft Corporation) C:\Users\IcedBong\AppData\Local\Temp\imagepackage64.exe
2017-03-27 20:13 - 2017-03-27 20:13 - 140741392 _____ (Microsoft Corporation) C:\Users\IcedBong\AppData\Local\Temp\mpam-fex64.exe
2017-03-26 23:36 - 2015-08-21 13:41 - 2139648 ____R () C:\Users\IcedBong\AppData\Local\Temp\UnInstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-25 01:33

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by IcedBong (27-03-2017 20:32:48)
Running from C:\Users\IcedBong\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-09-13 08:47:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-940105315-3209186146-3874473534-500 - Administrator - Disabled)
Guest (S-1-5-21-940105315-3209186146-3874473534-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-940105315-3209186146-3874473534-1008 - Limited - Enabled)
IcedBong (S-1-5-21-940105315-3209186146-3874473534-1000 - Administrator - Enabled) => C:\Users\IcedBong

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS E-Green Uninstall (HKLM-x32\...\EGREEN) (Version:  - )
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.1.0.50406 - ATI Technologies Inc.) Hidden
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Discord (HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.00.22 - )
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MyComGames) (Version: 3.196 - My.com B.V.)
Nero 9 Essentials (HKLM-x32\...\{51cc1012-cbff-4820-846d-e35c6a7920c1}) (Version:  - Nero AG)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.5 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Revelation Online (HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\Revelation Online) (Version: 1.27 - My.com B.V.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - BigNox Corporation YSDrv System  (01/20/2017 4.3.12) (HKLM\...\1FF524CF3E58304F349D809470EC4A689914A4D5) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-940105315-3209186146-3874473534-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0049184B-8DD9-40BF-A782-85F2582D9C5C} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {044DAFA8-1DE8-4361-B445-7F851B10D0D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)
Task: {187E495D-6860-47CB-862A-AEC1A346BB7A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {1DE88E71-7A8B-4BFA-B13D-38B291CD381B} - System32\Tasks\{7627F050-2A78-4788-AE9B-7380B3C402CF} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {31378AA9-A15D-4465-A034-68B61261BA45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {35634C60-FC47-46CD-8617-2CA9D5E3BBD5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36E86828-FD1F-4601-8406-66242425E310} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-26] (AVAST Software)
Task: {3C9B93D6-DE0C-4A79-AFA1-AEA744C7F33A} - System32\Tasks\{F80E6E34-3646-4AB7-B620-7680D7F6047F} => pcalua.exe -a D:\setup.exe -d D:\
Task: {40B1356D-BBE6-40F9-A42F-C12BD50ACB3E} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {47DC3C66-6F7B-4498-BFAE-7C9F62F74AE2} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {4E27547D-1088-418A-9423-BEDBAA265CBD} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {4FC52CD2-3B6F-4FB8-A11E-14138904DC92} - System32\Tasks\{6FF4935E-4F88-4B74-88AA-FB994F798F9B} => pcalua.exe -a "C:\Program Files (x86)\AutoHotkey\uninst.exe"
Task: {542629DE-F90C-48DE-9658-C3B000E4B480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {5B84F5C0-CE79-4C0A-8E91-3982EAFD85DB} - System32\Tasks\{B5B23849-0F60-4A2A-818F-F6B4A09C3C66} => pcalua.exe -a D:\HF225_win7\infinstallWIN7.exe -d D:\HF225_win7
Task: {6510BF20-F6A6-43AA-B014-E12A7ADBAF6E} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {6EDE5A6B-9AA1-408F-AD8C-88107DC4DC05} - System32\Tasks\SafeZone scheduled Autoupdate 1490586340 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {7D332C54-F56F-4C30-B4FA-B68D509E921D} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {7F219F97-DA28-482B-BC66-503F53482520} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {88F45256-843D-471F-8964-79223EE50CA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)
Task: {923E7D74-9F78-42FD-B155-0DFF345B5A38} - System32\Tasks\{E75201A3-945B-41C7-BD3C-6B36EAC61CE2} => pcalua.exe -a E:\UsbDriverSetup.exe -d E:\
Task: {9641FDC9-B450-4ACC-AFD9-C1C20EF9A0F5} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {9CACC6B2-3E1D-40C8-AFD5-6F2AF06FF6BD} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {CC59301A-B218-46C5-A077-3D27369CFB43} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {D51DFEA5-75F4-4B7D-8E83-44C938EF1F07} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-26] (AVAST Software)
Task: {D52BE523-34FB-46A7-ACD6-971D4459020D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DDC9BE6E-3412-404B-82DC-E991305549A9} - System32\Tasks\{27EB2B57-03AF-4CD0-9D0A-8E3AB03165AD} => pcalua.exe -a C:\Users\IcedBong\Desktop\SH-Alt-Install.exe -d C:\Users\IcedBong\Desktop
Task: {E2309E12-9D48-45AD-B7D4-4DBC21575B33} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {ED9803A6-7B09-4C6D-B1FA-ABA1CF8824A5} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-03-30 02:32 - 2009-03-30 02:32 - 00032768 ____R () C:\Windows\DAODx.exe
2017-03-26 23:13 - 2017-03-26 23:13 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe
2013-09-13 02:14 - 2009-05-07 04:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-09-13 02:14 - 2009-05-07 04:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-13 02:14 - 2008-01-18 02:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-09-13 02:14 - 2009-05-15 04:43 - 47581696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2017-01-13 20:09 - 2017-01-13 20:09 - 00896512 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-01-20 20:18 - 2017-01-20 20:18 - 01087488 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2015-07-28 22:45 - 2015-07-28 22:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-940105315-3209186146-3874473534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\IcedBong\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 72.45.32.147 - 72.45.32.148
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Dataup =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B37CBAAC-7E98-4A01-80AC-87C37EE6E0C8}] => (Allow) C:\Users\IcedBong\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EABC7333-0CFD-4436-9C2E-C2CA5FDD9B1C}] => (Allow) C:\Users\IcedBong\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C49D52EA-A384-4FF1-A740-964B0C9FE59A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35079E6A-A53A-44B8-BA1B-92113D41474F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11BB991A-7C26-480F-B86C-9550647364B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2211C3FE-C7E6-4774-A18A-06030E0026F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9EBB460-35B3-44E5-AD0D-25A842736A8A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E9F2E7FE-48B4-4E0C-9902-86068695F2E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E83C37D7-4518-406E-AFFA-F80000DD5CC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{491366A9-283C-4729-9ED0-716B0E71D0B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{EBBC5D76-9A2A-41FE-B6B0-2EEB0209BE30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{8BCE3190-AC15-49E9-B1E2-7338946F70F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{43917999-89C5-4778-9527-CC6170DA30AF}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{0F4C266C-B426-4D48-B98D-05DD18DD2E69}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{7D7D6472-0F72-47A7-8D56-B8444F69678D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{14918BC0-83CB-44CB-9DEF-42FD75DF162F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{B2683132-C59E-4779-B652-BBB4662B04EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1177432-13E4-4152-B028-12145EAA7E0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D42DD380-59CC-4F64-B42B-6BD372BEABC4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{18488865-4C7F-4B9B-9D16-79ABC9EA697F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BD7779B7-ED54-422A-A67B-E46957D70DD9}] => (Allow) C:\Users\IcedBong\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49E546A3-0616-4C7F-BCA3-D07D90FB3E5F}] => (Allow) C:\Users\IcedBong\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0CC183ED-6412-43E9-9F81-F002C449A957}C:\users\icedbong\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\icedbong\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2DECAB0F-67BA-4BB2-981A-C1B0B75D41D4}C:\users\icedbong\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\icedbong\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{813A5E1C-8190-4F45-849D-318162157EFD}C:\users\icedbong\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\icedbong\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4E8ABED2-77F5-4B2C-919B-77B786CE3857}C:\users\icedbong\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\icedbong\appdata\local\akamai\netsession_win.exe
FirewallRules: [{CDEA43D8-8684-4F21-97E0-9F5502B4EC5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04B53201-8F95-48F2-A4B1-40D1B7811744}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A3CF1120-794F-4F5C-9B25-BFEF7DBA4585}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{A0763219-116A-4D0A-84C0-6AE657FA1535}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{89568445-D2D5-4082-9B76-75B36E1C3BDE}] => (Allow) C:\Users\IcedBong\Desktop\LVOC\LVOC.exe
FirewallRules: [{D329E6FE-1F93-43B7-A262-A5C7907E1C0B}] => (Allow) C:\Users\IcedBong\Desktop\LVOC\LVOC.exe
FirewallRules: [{0CC3447F-0FAB-4D85-BDDE-D3C63B344B38}] => (Allow) C:\Users\IcedBong\Desktop\LVOC\LVOC.exe
FirewallRules: [{B980144E-86B2-4238-AF18-591DF3368885}] => (Allow) C:\Users\IcedBong\Desktop\LVOC\LVOC.exe
FirewallRules: [TCP Query User{77E9A920-518E-4E57-AD24-26B4D65B15AF}C:\users\icedbong\appdata\local\pokemon\app-0.2.1\pokemon go live map.exe] => (Allow) C:\users\icedbong\appdata\local\pokemon\app-0.2.1\pokemon go live map.exe
FirewallRules: [UDP Query User{B14B4243-2142-424C-9B1A-ECA12CEBF07B}C:\users\icedbong\appdata\local\pokemon\app-0.2.1\pokemon go live map.exe] => (Allow) C:\users\icedbong\appdata\local\pokemon\app-0.2.1\pokemon go live map.exe
FirewallRules: [TCP Query User{08200FFC-89F0-4546-95DD-71E700E5932A}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{195A90F1-DDB9-414A-935C-970FF778429C}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [TCP Query User{092D2EE4-2306-48FA-9686-42682C174650}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C38176F1-DE46-40A6-8010-E7C1A0D57D06}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{6C27DA8A-74CA-4948-A9B5-610E0904B063}C:\nexon\library\icarus\appdata\bin64\launcher.exe] => (Allow) C:\nexon\library\icarus\appdata\bin64\launcher.exe
FirewallRules: [UDP Query User{663B08B1-E1AB-4436-AE4D-50B630149F9C}C:\nexon\library\icarus\appdata\bin64\launcher.exe] => (Allow) C:\nexon\library\icarus\appdata\bin64\launcher.exe
FirewallRules: [{AB8D55E9-8309-4E11-9E5A-8DD04F68BA55}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{814AB9A1-39E2-4F1E-B1D1-52CF41EBCBFC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FE0AA6B8-DA60-4337-9C3E-67C86BB6C81A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F831D4E-563A-4668-BB6E-C707C94D82A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{8A70982F-AF05-4A81-A38D-7E6749830954}C:\users\icedbong\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\icedbong\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{52BF0CB2-EDCF-42DF-9857-8F6F9D116DA7}C:\users\icedbong\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\icedbong\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{F4D0477B-A879-499F-90F3-4FD7C4BFD35C}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{4B9069B4-5DE7-4C00-9752-2DD8C212BDA3}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{2DC456E0-8C38-4301-B46C-B41D9C8D022A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe
FirewallRules: [{E9ED48B6-8350-4EF4-9E1B-372B24BB2528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe
FirewallRules: [{FB2B5DC3-4302-47B8-952C-B52A7AE8EDD9}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{B793FAFC-215B-43F9-A413-FD80F2A5E523}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2087CE36-E1AE-4FBD-982F-1EB41BA4D329}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================

15-03-2017 15:51:02 Windows Update
21-03-2017 12:12:00 Windows Update
26-03-2017 23:36:15 Device Driver Package Install: Avast Network Service

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: Google, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2017 08:06:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 08:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 07:58:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (03/27/2017 07:53:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 10:30:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 10:25:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 09:45:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 12:41:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 12:38:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 12:34:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/27/2017 08:28:41 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:28:31 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:28:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:28:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:28:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:28:05 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:27:58 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:27:52 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:27:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (03/27/2017 08:27:39 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


CodeIntegrity:
===================================
  Date: 2013-10-28 21:53:58.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 21:53:58.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 21:53:58.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 21:47:06.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 21:47:06.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-28 21:47:06.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 22:33:34.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 22:33:34.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 22:33:34.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-27 22:27:28.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 640 Processor
Percentage of memory in use: 69%
Total physical RAM: 4094.18 MB
Available physical RAM: 1254.42 MB
Total Virtual: 8186.54 MB
Available Virtual: 4919.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:275.29 GB) NTFS
Drive d: (WDO_Media64) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 52D53EE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by IcedBong, 28 March 2017 - 08:31 AM.


BC AdBot (Login to Remove)

 


#2 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 27 March 2017 - 09:10 PM

Do I pm someone or wait for a reply?

Edited by IcedBong, 27 March 2017 - 09:12 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 10:55 AM

Greetings IcedBong and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 March 2017 - 11:44 AM

Thanks for your time Gary and everyone that helps in this forum.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 11:46 AM

You are welcome. You can expect some steps to take within a couple of hours.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 12:48 PM

Thank you for your continued patience. Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Traffic Exchange

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {070e862d-9d9f-11e3-9e17-20cf3078e135} - E:\LGAutoRun.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {3dd3d18f-55d7-11e6-b892-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {6de0c3f3-6cac-11e6-9e5e-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {7d98a93f-89c8-11e6-a719-bcaec51da91f} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d66-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d74-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
C:\Users\IcedBong\AppData\Local\microlabs
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
C:\Windows\System32\drivers\ndistpr64.sys
S3 mapmem_dv; C:\mapmem.tmp [3808 2013-09-13] () [File not signed]
C:\mapmem.tmp
2017-03-26 23:13 - 2017-03-27 00:46 - 00000000 ____D C:\Users\IcedBong\AppData\Local\ntuserlitelist
2017-03-26 23:13 - 2017-03-26 23:22 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-26 23:13 - 2017-03-26 23:15 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 23:13 - 2017-03-26 23:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 23:13 - 2017-03-26 23:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2017-03-26 23:13 - 2017-03-26 23:13 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\c
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\microlabs
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.proxycheck
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\ProgramData\1490584389
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-26 23:12 - 2017-03-26 23:21 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-26 23:12 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microleaves
2017-03-26 23:12 - 2017-03-26 23:12 - 00002048 _____ C:\Users\IcedBong\AppData\Local\uninstallro.exe
2017-03-26 23:12 - 2017-03-26 23:12 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\AGData
2017-03-26 23:12 - 2017-03-26 23:12 - 0002048 _____ () C:\Users\IcedBong\AppData\Local\uninstallro.exe
2016-11-21 21:46 - 2016-11-21 21:46 - 0000016 _____ () C:\ProgramData\mntemp
2017-03-26 23:36 - 2015-08-21 13:41 - 2139648 ____R () C:\Users\IcedBong\AppData\Local\Temp\UnInstall.exe
Task: {0049184B-8DD9-40BF-A782-85F2582D9C5C} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {187E495D-6860-47CB-862A-AEC1A346BB7A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {1DE88E71-7A8B-4BFA-B13D-38B291CD381B} - System32\Tasks\{7627F050-2A78-4788-AE9B-7380B3C402CF} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {3C9B93D6-DE0C-4A79-AFA1-AEA744C7F33A} - System32\Tasks\{F80E6E34-3646-4AB7-B620-7680D7F6047F} => pcalua.exe -a D:\setup.exe -d D:\
Task: {47DC3C66-6F7B-4498-BFAE-7C9F62F74AE2} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {4E27547D-1088-418A-9423-BEDBAA265CBD} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {6510BF20-F6A6-43AA-B014-E12A7ADBAF6E} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {7D332C54-F56F-4C30-B4FA-B68D509E921D} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {7F219F97-DA28-482B-BC66-503F53482520} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {923E7D74-9F78-42FD-B155-0DFF345B5A38} - System32\Tasks\{E75201A3-945B-41C7-BD3C-6B36EAC61CE2} => pcalua.exe -a E:\UsbDriverSetup.exe -d E:\
Task: {9641FDC9-B450-4ACC-AFD9-C1C20EF9A0F5} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {9CACC6B2-3E1D-40C8-AFD5-6F2AF06FF6BD} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {ED9803A6-7B09-4C6D-B1FA-ABA1CF8824A5} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Traffic Exchange uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 March 2017 - 01:13 PM

Couldn't find Traffic Exchange on the list, so couldn't unisntall it.

 

Here's the fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by IcedBong (28-03-2017 14:03:25) Run:1
Running from C:\Users\IcedBong\Desktop
Loaded Profiles: IcedBong (Available Profiles: IcedBong)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {070e862d-9d9f-11e3-9e17-20cf3078e135} - E:\LGAutoRun.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {3dd3d18f-55d7-11e6-b892-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {6de0c3f3-6cac-11e6-9e5e-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {7d98a93f-89c8-11e6-a719-bcaec51da91f} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d66-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\...\MountPoints2: {8a374d74-5904-11e6-a507-bcaec51da91f} - E:\Auto.exe
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
C:\Users\IcedBong\AppData\Local\microlabs
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
C:\Windows\System32\drivers\ndistpr64.sys
S3 mapmem_dv; C:\mapmem.tmp [3808 2013-09-13] () [File not signed]
C:\mapmem.tmp
2017-03-26 23:13 - 2017-03-27 00:46 - 00000000 ____D C:\Users\IcedBong\AppData\Local\ntuserlitelist
2017-03-26 23:13 - 2017-03-26 23:22 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-26 23:13 - 2017-03-26 23:15 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 23:13 - 2017-03-26 23:15 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 23:13 - 2017-03-26 23:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 23:13 - 2017-03-26 23:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
2017-03-26 23:13 - 2017-03-26 23:13 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
2017-03-26 23:13 - 2017-03-26 23:13 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 23:13 - 2017-03-26 23:13 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\c
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\microlabs
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Local\AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.proxycheck
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\.AnonymizerLauncher
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\ProgramData\1490584389
2017-03-26 23:13 - 2017-03-26 23:13 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-26 23:12 - 2017-03-26 23:21 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-26 23:12 - 2017-03-26 23:13 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\Microleaves
2017-03-26 23:12 - 2017-03-26 23:12 - 00002048 _____ C:\Users\IcedBong\AppData\Local\uninstallro.exe
2017-03-26 23:12 - 2017-03-26 23:12 - 00000000 ____D C:\Users\IcedBong\AppData\Roaming\AGData
2017-03-26 23:12 - 2017-03-26 23:12 - 0002048 _____ () C:\Users\IcedBong\AppData\Local\uninstallro.exe
2016-11-21 21:46 - 2016-11-21 21:46 - 0000016 _____ () C:\ProgramData\mntemp
2017-03-26 23:36 - 2015-08-21 13:41 - 2139648 ____R () C:\Users\IcedBong\AppData\Local\Temp\UnInstall.exe
Task: {0049184B-8DD9-40BF-A782-85F2582D9C5C} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {187E495D-6860-47CB-862A-AEC1A346BB7A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {1DE88E71-7A8B-4BFA-B13D-38B291CD381B} - System32\Tasks\{7627F050-2A78-4788-AE9B-7380B3C402CF} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {3C9B93D6-DE0C-4A79-AFA1-AEA744C7F33A} - System32\Tasks\{F80E6E34-3646-4AB7-B620-7680D7F6047F} => pcalua.exe -a D:\setup.exe -d D:\
Task: {47DC3C66-6F7B-4498-BFAE-7C9F62F74AE2} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {4E27547D-1088-418A-9423-BEDBAA265CBD} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {6510BF20-F6A6-43AA-B014-E12A7ADBAF6E} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {7D332C54-F56F-4C30-B4FA-B68D509E921D} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {7F219F97-DA28-482B-BC66-503F53482520} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {923E7D74-9F78-42FD-B155-0DFF345B5A38} - System32\Tasks\{E75201A3-945B-41C7-BD3C-6B36EAC61CE2} => pcalua.exe -a E:\UsbDriverSetup.exe -d E:\
Task: {9641FDC9-B450-4ACC-AFD9-C1C20EF9A0F5} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {9CACC6B2-3E1D-40C8-AFD5-6F2AF06FF6BD} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {ED9803A6-7B09-4C6D-B1FA-ABA1CF8824A5} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{070e862d-9d9f-11e3-9e17-20cf3078e135} => key removed successfully
HKCR\CLSID\{070e862d-9d9f-11e3-9e17-20cf3078e135} => key not found.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd3d18f-55d7-11e6-b892-bcaec51da91f} => key removed successfully
HKCR\CLSID\{3dd3d18f-55d7-11e6-b892-bcaec51da91f} => key not found.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de0c3f3-6cac-11e6-9e5e-bcaec51da91f} => key removed successfully
HKCR\CLSID\{6de0c3f3-6cac-11e6-9e5e-bcaec51da91f} => key not found.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d98a93f-89c8-11e6-a719-bcaec51da91f} => key removed successfully
HKCR\CLSID\{7d98a93f-89c8-11e6-a719-bcaec51da91f} => key not found.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a374d66-5904-11e6-a507-bcaec51da91f} => key removed successfully
HKCR\CLSID\{8a374d66-5904-11e6-a507-bcaec51da91f} => key not found.
HKU\S-1-5-21-940105315-3209186146-3874473534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a374d74-5904-11e6-a507-bcaec51da91f} => key removed successfully
HKCR\CLSID\{8a374d74-5904-11e6-a507-bcaec51da91f} => key not found.
Dataup => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
C:\Users\IcedBong\AppData\Local\microlabs => moved successfully
drmkpro64 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
Could not move "C:\Windows\System32\drivers\ndistpr64.sys" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\mapmem_dv => key removed successfully
mapmem_dv => service removed successfully
C:\mapmem.tmp => moved successfully

"C:\Users\IcedBong\AppData\Local\ntuserlitelist" folder move:

Could not move "C:\Users\IcedBong\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.

C:\Program Files (x86)\s5 => moved successfully
C:\Windows\Tasks\Traffic Exchange Updater.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 3.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\Windows\Tasks\Traffic Exchange v2 - 1.job => moved successfully
Could not move "C:\Windows\system32\tprdpw32.exe" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\ndistpr64.sys" => Scheduled to move on reboot.
C:\Windows\System32\Tasks\Traffic Exchange Guardian => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange Guard => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange Updater => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 3 => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 2 => moved successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 1 => moved successfully
C:\Users\IcedBong\AppData\Roaming\c => moved successfully
"C:\Users\IcedBong\AppData\Local\microlabs" => not found.
C:\Users\IcedBong\AppData\Local\AnonymizerLauncher => moved successfully
C:\Users\IcedBong\.proxycheck => moved successfully
C:\Users\IcedBong\.AnonymizerLauncher => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\ProgramData\1490584389 => moved successfully
C:\Program Files (x86)\Microleaves => moved successfully
C:\Program Files (x86)\AnonymizerGadget => moved successfully
C:\Users\IcedBong\AppData\Roaming\Microleaves => moved successfully
C:\Users\IcedBong\AppData\Local\uninstallro.exe => moved successfully
C:\Users\IcedBong\AppData\Roaming\AGData => moved successfully
"C:\Users\IcedBong\AppData\Local\uninstallro.exe" => not found.
C:\ProgramData\mntemp => moved successfully
C:\Users\IcedBong\AppData\Local\Temp\UnInstall.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0049184B-8DD9-40BF-A782-85F2582D9C5C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0049184B-8DD9-40BF-A782-85F2582D9C5C} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{187E495D-6860-47CB-862A-AEC1A346BB7A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{187E495D-6860-47CB-862A-AEC1A346BB7A} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DE88E71-7A8B-4BFA-B13D-38B291CD381B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE88E71-7A8B-4BFA-B13D-38B291CD381B} => key removed successfully
C:\Windows\System32\Tasks\{7627F050-2A78-4788-AE9B-7380B3C402CF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7627F050-2A78-4788-AE9B-7380B3C402CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C9B93D6-DE0C-4A79-AFA1-AEA744C7F33A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C9B93D6-DE0C-4A79-AFA1-AEA744C7F33A} => key removed successfully
C:\Windows\System32\Tasks\{F80E6E34-3646-4AB7-B620-7680D7F6047F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80E6E34-3646-4AB7-B620-7680D7F6047F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47DC3C66-6F7B-4498-BFAE-7C9F62F74AE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47DC3C66-6F7B-4498-BFAE-7C9F62F74AE2} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E27547D-1088-418A-9423-BEDBAA265CBD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E27547D-1088-418A-9423-BEDBAA265CBD} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange Guard => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6510BF20-F6A6-43AA-B014-E12A7ADBAF6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6510BF20-F6A6-43AA-B014-E12A7ADBAF6E} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D332C54-F56F-4C30-B4FA-B68D509E921D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D332C54-F56F-4C30-B4FA-B68D509E921D} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F219F97-DA28-482B-BC66-503F53482520} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F219F97-DA28-482B-BC66-503F53482520} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v2 - 1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{923E7D74-9F78-42FD-B155-0DFF345B5A38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{923E7D74-9F78-42FD-B155-0DFF345B5A38} => key removed successfully
C:\Windows\System32\Tasks\{E75201A3-945B-41C7-BD3C-6B36EAC61CE2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E75201A3-945B-41C7-BD3C-6B36EAC61CE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9641FDC9-B450-4ACC-AFD9-C1C20EF9A0F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9641FDC9-B450-4ACC-AFD9-C1C20EF9A0F5} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CACC6B2-3E1D-40C8-AFD5-6F2AF06FF6BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CACC6B2-3E1D-40C8-AFD5-6F2AF06FF6BD} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange v209 - 2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED9803A6-7B09-4C6D-B1FA-ABA1CF8824A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED9803A6-7B09-4C6D-B1FA-ABA1CF8824A5} => key removed successfully
C:\Windows\System32\Tasks\Traffic Exchange Guardian => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guardian => key removed successfully
C:\Windows\Tasks\Traffic Exchange Updater.job => not found.
C:\Windows\Tasks\Traffic Exchange v2 - 1.job => not found.
C:\Windows\Tasks\Traffic Exchange v2 - 2.job => not found.
C:\Windows\Tasks\Traffic Exchange v2 - 3.job => not found.
C:\Windows\Tasks\Traffic Exchange v209 - 1.job => not found.
C:\Windows\Tasks\Traffic Exchange v209 - 2.job => not found.
C:\Windows\Tasks\Traffic Exchange v209 - 3.job => not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup => key could not remove, key could be protected
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-03-2017 14:06:41)

"C:\Windows\System32\drivers\ndistpr64.sys" => Could not move
C:\Users\IcedBong\AppData\Local\ntuserlitelist => Is moved successfully
"C:\Windows\system32\tprdpw32.exe" => Could not move
"C:\Windows\system32\Drivers\ndistpr64.sys" => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup => key could not remove, key could be protected

==== End of Fixlog 14:06:41 ====

 

 

Could not install AdwCleaner cause of the "resource in use" error form the virus..

 

Thanks again for your help.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 02:35 PM

Thank you. Please boot into Safe Mode with Networking to complete the following.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 3 links below (if one of them does not work try another...) and save it to your desktop:

rkill.scr
rkill.com
rkill.exe

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
C:\Windows\system32\tprdpw32.exe
C:\Windows\system32\Drivers\ndistpr64.sys
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 March 2017 - 03:43 PM

Won't let me run any of the Rkills you posted.. was able to boot in safe mode from msconfig, otherwise pressing f8 does nothing

 

Here's the fixlog only thing that I was able to do.. so discouraging :(

 

*****************
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
C:\Windows\system32\tprdpw32.exe
C:\Windows\system32\Drivers\ndistpr64.sys
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
drmkpro64 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
Could not move "C:\Windows\system32\tprdpw32.exe" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\ndistpr64.sys" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 28-03-2017 16:39:10)

"C:\Windows\system32\tprdpw32.exe" => Could not move
"C:\Windows\system32\Drivers\ndistpr64.sys" => Could not move

Result of scheduled keys to remove after reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected

==== End of Fixlog 16:39:10 ====

 

 

Thank again for your time, it sucks that we can't run any adware killer cause of this virus.. :(



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 04:14 PM

Don't despair, we have other ways of doing things. :)

Please do this.

===================================================

Farbar's Recovery Scan Tool Fix in the Recovery Environment

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM-x32\...\Run: [cpx] => "C:\Users\IcedBong\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\IcedBong\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
R2 Dataup; C:\Users\IcedBong\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\IcedBong\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
C:\Windows\system32\tprdpw32.exe
C:\Windows\system32\Drivers\ndistpr64.sys
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Step 1 - Entering into the System Recovery Options (select one of the 3 options)

Option #1
To enter System Recovery Options in Windows 8/10:Option #2
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options screen appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account an click Next
Option #3
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc
  • Restart your computer
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and identify the drive letter of your USB drive
  • At the command prompt type e:\frst (for 32 bit computers) or e:\frst64 (for 64 bit computers)) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 March 2017 - 04:23 PM

My F8 key isn't working, I press it and I only get a list of boot into 3 diff the data floppy disk or CD ROM.. Im going to try and find my windows CD, say I can't find it how do I get into recovery mode on windows 7

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 04:40 PM

No worries.

Hold off a second. I am testing a program that should work for us without needing the CD.

Rest assured we will resolve this, a little more patience is all that is required.

Be back soon with some instructions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 04:47 PM

I may become unavailable soon (jury service :( ) so rather than have you wait please follow the instructions in the link below. I usually like to provide specific steps but this will be more efficient for you.

https://support.malwarebytes.com/customer/portal/articles/2097176?b_id=6400
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 IcedBong

IcedBong
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 March 2017 - 04:57 PM

I'm on my way to get the flash drive lol good luck in jury duty. I'll post back once I'm done ty again

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:59 PM

Posted 28 March 2017 - 04:57 PM

You won't need a flash drive for this.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users