Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

s5m Seems To Have Gotten A Lot More Sophisticated


  • This topic is locked This topic is locked
29 replies to this topic

#1 Joshuaduhs

Joshuaduhs

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 30 April 2017 - 09:57 AM

I tried using the unsigned version of Zamana (I think that's what it's called), but it still won't run. I've tried the "unsigned" version of a lot of things, and it still isn't working. I get an error saying the requested resource is in use. I get the same error when I try to install any other trusted anti-malware, so that's unfortunate. I'm at a loss on what to do. If I have to do a fresh install, that's another 20 hours downloading all of the games I have on this machine. I'm writing this post on a secondary machine. The gaming machine that's having problems has been unplugged from the internet.

 

Yeah, unfortunately, even the best of us randomly happen upon s5m. i just happened to be looking for a download whose original site no longer exists. I did run a scan using the FRST scan tool. I am attaching it here.

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 30 April 2017 - 08:28 PM

Hi Joshuaduhs :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you cannot run MBAR, please let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 30 April 2017 - 11:35 PM

MBAR will not run. "The requested resource is in use". Like I've said, this SmartService bug has gotten extremely sophisticated and has been updated to block out all of the "unsigned" software that this site has been touting.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 07:00 AM

Try to launch the mbar.cmd file in the MBAR folder. Is MBAR able to run that way, or not?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 08:06 AM

The cmd worked. I had to reboot out of safe mode, but once I wasn't in safe mode, the cmd prompt file got MBAR to work. It's scanning right now and has so far found 10 infections. What should I report back with?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 08:07 AM

Copy/paste the content of the "mbar-log-TODAY'S-date.txt" log that will be created in the MBAR folder after MBAR is done scanning and removing threats from your system.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 08:15 AM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.04.03.08
  rootkit: v2017.04.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.0.15063.0
Joshua :: DESKTOP-G1T5L3N [administrator]
 
5/1/2017 6:03:29 AM
mbar-log-2017-05-01 (06-03-29).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 292623
Time elapsed: 7 minute(s), 41 second(s)
 
Memory Processes Detected: 1
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> 4516 -> Delete on reboot. [476d39b3adfbb08626993f105ca6ed13]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 11
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\340b96fc16b53d920bfca21a8460e6b3 (Adware.Wajam.Generic) -> Delete on reboot. [b301a14b515737ff4c8acbb97e82f907]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Yelloader) -> Delete on reboot. [4173bb314c5cc86e8c53e77c4fb3649c]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Adware.DotDo.Generic) -> Delete on reboot. [71435696208835016b19473435cbbc44]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Adware.DotDo.Generic) -> Delete on reboot. [71435696208835016b19473435cbbc44]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016 (Adware.NetUtils) -> Delete on reboot. [b2029a52406891a5a4ccfb5e9b677789]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C3BBC25-4B40-4959-AF29-80B20215CAA4} (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1f953eae87211125e983caf035cbba46]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F1D96213-71A7-4A1F-B021-96863D840902} (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [fbb9fcf06e3a0c2aafbdfac07e82ba46]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ab03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [4371707cc7e157df8b4cc2f752aeda26]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\dc03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [b8fc09e308a0ca6c8e49eecb7d83d42c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [328222cab7f17cba1af32d9447ba9e62]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSTALLER (Adware.Tuto4PC) -> Delete on reboot. [367e8d5f9711af8759e7dbc0b84825db]
 
Registry Values Detected: 6
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|298194 (Trojan.Dropper.E) -> Data: "C:\Users\Joshua\AppData\Roaming\407474\52536.exe" -> Delete on reboot. [9a1a18d48f1946f0e34e84535da623dd]
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|687934 (Trojan.Dropper.E) -> Data: "C:\Users\Joshua\AppData\Roaming\470013\42432.exe" -> Delete on reboot. [4b69faf2d9cf270f5bd6409759aa7c84]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C3BBC25-4B40-4959-AF29-80B20215CAA4}|Path (Adware.DotDo.PrxySvrRST) -> Data: \dc03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 -> Delete on reboot. [1f953eae87211125e983caf035cbba46]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F1D96213-71A7-4A1F-B021-96863D840902}|Path (Adware.DotDo.PrxySvrRST) -> Data: \ab03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 -> Delete on reboot. [fbb9fcf06e3a0c2aafbdfac07e82ba46]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSTALLER|ImagePath (Adware.Tuto4PC) -> Data: "C:\Users\Joshua\AppData\Local\Temp\ds93_l\DisplayService.exe" -> Delete on reboot. [367e8d5f9711af8759e7dbc0b84825db]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\Joshua\AppData\Local\ghhagz\ct.exe" /svc -> Delete on reboot. [803406e6cddbea4c604e0f4a8d7507f9]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 8
C:\Users\Joshua\AppData\Local\Temp\89-a4b77-693-829ad-42442955fedfd (Adware.Tuto4PC.Generic) -> Delete on reboot. [32829b51beea5dd9dd9d2bb8dc248977]
C:\Users\Joshua\AppData\Local\Temp\ds93_l (Adware.Tuto4PC) -> Delete on reboot. [5460c02c9711dc5ab6147a86d1309967]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3 (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3 (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\DQ4537KR90 (Adware.Tuto4PC.Generic) -> Delete on reboot. [13a10be15f494fe7dd10af52ea1720e0]
C:\Users\Joshua\AppData\Local\Temp\ZJSX31SNL5 (Adware.Tuto4PC.Generic) -> Delete on reboot. [4470ce1ea404ff37f9f4b64b11f0c43c]
C:\Users\Joshua\AppData\Roaming\407474 (Trojan.Dropper.E) -> Delete on reboot. [9a1a18d48f1946f0e34e84535da623dd]
C:\Users\Joshua\AppData\Roaming\470013 (Trojan.Dropper.E) -> Delete on reboot. [4b69faf2d9cf270f5bd6409759aa7c84]
 
Files Detected: 55
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [06010fff408a9d867ca7b51afc3d0c5e]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [476d39b3adfbb08626993f105ca6ed13]
C:\Windows\System32\drivers\340b96fc16b53d920bfca21a8460e6b3.sys (Adware.Wajam.Generic) -> Delete on reboot. [5231b9037cdca985e0842d6c80260cd8]
C:\Users\Joshua\AppData\Local\ghhagz\ct.exe (Adware.Yelloader) -> Delete on reboot. [4173bb314c5cc86e8c53e77c4fb3649c]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adware.DotDo.Generic) -> Delete on reboot. [71435696208835016b19473435cbbc44]
C:\Users\Joshua\AppData\Local\Temp\3QFH6E4.exe (Adware.Tuto4PC) -> Delete on reboot. [51631dcfd4d46fc7e925f4dc8e7207f9]
C:\Users\Joshua\AppData\Local\Temp\49OM6RA.exe (Adware.Tuto4PC) -> Delete on reboot. [3d7748a4d2d62f07b91864eb6c964cb4]
C:\Users\Joshua\AppData\Local\Temp\89-a4b77-693-829ad-42442955fedfd\QRVREKMSVT.exe (Adware.Amonetize) -> Delete on reboot. [961e8567f5b31026cba54b33ef125da3]
C:\Users\Joshua\AppData\Local\Temp\8RJyaDpVR\linker.exe (Trojan.Agent) -> Delete on reboot. [595b7c705f49b680e289c440000207f9]
C:\Users\Joshua\AppData\Local\Temp\hdbqYaBb8\linker.exe (Trojan.Agent) -> Delete on reboot. [4c6800ecd5d3c373a8c39b69c73b5ea2]
C:\Users\Joshua\AppData\Local\ddnow.exe (Adware.DotDo) -> Delete on reboot. [753fca2232762313d9443daf02fe08f8]
C:\Users\Joshua\AppData\Local\georgians.exe (Adware.DotDo) -> Delete on reboot. [ffb56e7eb0f8b185fd6eba3521e06898]
C:\Users\Joshua\AppData\Local\sc468283861.exe (Adware.DotDo) -> Delete on reboot. [1a9a3ab2495f2b0bb1b7fd526898748c]
C:\Users\Joshua\AppData\Local\sc68283861.exe (Adware.DotDo) -> Delete on reboot. [ae06569603a50531f672ff50a35d1ae6]
C:\Users\Joshua\AppData\Local\wrqtnzwuk\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [2a8aae3ebfe97fb7c819eb788280f30d]
C:\Windows\dll.dll (Adware.DotDo) -> Delete on reboot. [9a1a28c408a0c96d8e26704af70a23dd]
C:\Windows\System32\Tasks\ab03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [dcd8d61654546acc46c9f1c6d52b9868]
C:\Windows\System32\Tasks\dc03AQK2NXCGu3TptSD7Om-ni-2017-04-29-ni-19698-ni-1 (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [882c7775a008d75f52bda41335cb2ad6]
C:\Users\Joshua\AppData\Local\Temp\89-a4b77-693-829ad-42442955fedfd\CDMHIIIZSG.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [32829b51beea5dd9dd9d2bb8dc248977]
C:\Users\Joshua\AppData\Local\Temp\89-a4b77-693-829ad-42442955fedfd\QRVREKMSVT.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [32829b51beea5dd9dd9d2bb8dc248977]
C:\Users\Joshua\AppData\Local\Temp\ds93_l\DisplayService.InstallLog (Adware.Tuto4PC) -> Delete on reboot. [5460c02c9711dc5ab6147a86d1309967]
C:\Users\Joshua\AppData\Local\Temp\ds93_l\DisplayService.InstallState (Adware.Tuto4PC) -> Delete on reboot. [5460c02c9711dc5ab6147a86d1309967]
C:\Users\Joshua\AppData\Local\Temp\ds93_l\InstallUtil.InstallLog (Adware.Tuto4PC) -> Delete on reboot. [5460c02c9711dc5ab6147a86d1309967]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\pops.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\0BPGKXH9U3\pops.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [83318963d8d0241247a62fd2e51ce719]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\pops.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\AHUZ1TCQD3\pops.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [2094ea02a60254e2c7264db42ad74eb2]
C:\Users\Joshua\AppData\Local\Temp\DQ4537KR90\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [13a10be15f494fe7dd10af52ea1720e0]
C:\Users\Joshua\AppData\Local\Temp\DQ4537KR90\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [13a10be15f494fe7dd10af52ea1720e0]
C:\Users\Joshua\AppData\Local\Temp\DQ4537KR90\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [13a10be15f494fe7dd10af52ea1720e0]
C:\Users\Joshua\AppData\Local\Temp\DQ4537KR90\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [13a10be15f494fe7dd10af52ea1720e0]
C:\Users\Joshua\AppData\Local\Temp\ZJSX31SNL5\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4470ce1ea404ff37f9f4b64b11f0c43c]
C:\Users\Joshua\AppData\Local\Temp\ZJSX31SNL5\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [4470ce1ea404ff37f9f4b64b11f0c43c]
C:\Users\Joshua\AppData\Local\Temp\ZJSX31SNL5\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [4470ce1ea404ff37f9f4b64b11f0c43c]
C:\Users\Joshua\AppData\Local\Temp\ZJSX31SNL5\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4470ce1ea404ff37f9f4b64b11f0c43c]
C:\Windows\System32\drivers\NetUtils2016.sys (Adware.NetUtils) -> Delete on reboot. [999995e6e594d8f7aa72029c8eb2b952]
C:\Users\Joshua\AppData\Roaming\407474\52536.exe (Trojan.Dropper.E) -> Delete on reboot. [9a1a18d48f1946f0e34e84535da623dd]
C:\Users\Joshua\AppData\Roaming\407474\52536.exe.config (Trojan.Dropper.E) -> Delete on reboot. [9a1a18d48f1946f0e34e84535da623dd]
C:\Users\Joshua\AppData\Roaming\470013\42432.exe (Trojan.Dropper.E) -> Delete on reboot. [4b69faf2d9cf270f5bd6409759aa7c84]
C:\Users\Joshua\AppData\Roaming\470013\42432.exe.config (Trojan.Dropper.E) -> Delete on reboot. [4b69faf2d9cf270f5bd6409759aa7c84]
C:\Users\Joshua\AppData\Local\setupone.exe (Adware.Agent.Proxy) -> Delete on reboot. [5c587775783052e4cb494bad53b09c64]
C:\Users\Joshua\AppData\Local\aatxtname.txt (Adware.Agent.Trace) -> Delete on reboot. [10a412da58506dc96fa7fefa2fd4bf41]
C:\Users\Joshua\AppData\Local\tr5b.txt (Adware.Agent.Trace) -> Delete on reboot. [249047a5129686b0bf59c92f4bb8ab55]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (127.0.0.1 clients2.google.com ) Good: () -> Replace on reboot. [585c6983129658deb9b74a08758ba060]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (162.222.194.13       cocomo.tremorhub.com) Good: () -> Replace on reboot. [01b3dc100e9a46f0499c6c4906fadd23]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (rosoft Corp.
#
# This is a sample HOS) Good: () -> Replace on reboot. [872d9d4f00a89a9c5f86b4016e927789]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (icrosoft Corp.
#
# This is a samp) Good: () -> Replace on reboot. [437131bb9f09191d26bf31845aa6946c]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
There it is. I rebooted after MBAR was done, and two blank notepad documents popped up. That has been a problem since the infection happened. So, clearly, I'm not fully out of the doghouse.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 08:48 AM

Not yet. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 06:22 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/1/17
Scan Time: 4:14 PM
Logfile: Export Summary.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1846
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-G1T5L3N\Joshua
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345371
Time Elapsed: 1 min, 14 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 1
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\gplyra.exe, Quarantined, [193], [316518],1.0.1846
 
Module: 3
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\gplyra.exe, Quarantined, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\msvcr120.dll, Quarantined, [193], [316518],1.0.1846
Trojan.ProxyAgent, C:\USERS\JOSHUA\APPDATA\LOCAL\AMLING.DLL, Quarantined, [228], [392223],1.0.1846
 
Registry Key: 35
PUP.Optional.DotDo.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\epitomize, Delete-on-Reboot, [763], [120009],1.0.1846
Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tw1170437, Delete-on-Reboot, [72], [394063],1.0.1846
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [97], [170024],1.0.1846
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [97], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [97], [170024],1.0.1846
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [97], [170024],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0292E0BB-2FD6-4E79-8159-DEA3089A0E46}, Delete-on-Reboot, [1381], [258996],1.0.1846
PUP.Optional.SearchModule, HKLM\SOFTWARE\SearchModule, Delete-on-Reboot, [627], [388629],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{63381674-302B-4D2F-BB27-DF65108B97CD}, Delete-on-Reboot, [1381], [260959],1.0.1846
PUP.Optional.Social2Search, HKLM\SOFTWARE\Socia2S Browser Enhancer, Delete-on-Reboot, [344], [345866],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB96AA70-3480-4028-8E8B-36AC6A387FF9}, Delete-on-Reboot, [1381], [258996],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F8F6F6DF-4815-4534-A833-C9BC4288A888}, Delete-on-Reboot, [1381], [260959],1.0.1846
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\SMUPD, Delete-on-Reboot, [335], [238822],1.0.1846
PUP.Optional.SearchModule, HKLM\SOFTWARE\WOW6432NODE\SearchModule, Delete-on-Reboot, [627], [388629],1.0.1846
PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Socia2S Browser Enhancer, Delete-on-Reboot, [344], [345866],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\134481239, Delete-on-Reboot, [1381], [260960],1.0.1846
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSERVICE, Delete-on-Reboot, [633], [357969],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\234481239, Delete-on-Reboot, [1381], [260960],1.0.1846
PUP.Optional.SpeeDownloader, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\SpeeDownloader, Delete-on-Reboot, [8940], [387288],1.0.1846
PUP.Optional.Wajam, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\WajIEnhance, Delete-on-Reboot, [97], [244670],1.0.1846
PUP.Optional.Tuto4PC, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\wewewe, Delete-on-Reboot, [85], [339689],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\a32485583, Delete-on-Reboot, [1381], [260960],1.0.1846
PUP.Optional.SystemHealer, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\SYSTEM HEALER, Delete-on-Reboot, [944], [261796],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\b32485583, Delete-on-Reboot, [1381], [260960],1.0.1846
PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\SCREENSHOT PRO, Delete-on-Reboot, [1870], [342231],1.0.1846
PUP.Optional.Spoutly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{730E03E4-350E-48E5-9D3E-4329903D454D}, Delete-on-Reboot, [8163], [386530],1.0.1846
PUP.Optional.SearchModule, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUpd, Delete-on-Reboot, [627], [242742],1.0.1846
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowService, Delete-on-Reboot, [633], [391768],1.0.1846
PUP.Optional.Goobzo.ShrtCln, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, Delete-on-Reboot, [2816], [371293],1.0.1846
PUP.Optional.ProxyGate, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DragonBoost, Delete-on-Reboot, [954], [375419],1.0.1846
PUP.Optional.Goobzo.BITSRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpd, Delete-on-Reboot, [8939], [384281],1.0.1846
PUP.Optional.Goobzo.BITSRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdd, Delete-on-Reboot, [8939], [384281],1.0.1846
PUP.Optional.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gplyra, Delete-on-Reboot, [193], [317317],1.0.1846
PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}, Delete-on-Reboot, [1870], [342233],1.0.1846
PUP.Optional.ProxyGate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pgt_svc, Delete-on-Reboot, [954], [380406],1.0.1846
 
Registry Value: 27
PUP.Optional.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gplyra, Delete-on-Reboot, [193], [316518],1.0.1846
Trojan.ProxyAgent, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amling, Delete-on-Reboot, [228], [392223],1.0.1846
Trojan.Clicker, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|413065, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|571672, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|222390, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|497182, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|884844, Delete-on-Reboot, [26], [394412],1.0.1846
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [98], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [98], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0292E0BB-2FD6-4E79-8159-DEA3089A0E46}|PATH, Delete-on-Reboot, [1381], [258996],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{63381674-302B-4D2F-BB27-DF65108B97CD}|PATH, Delete-on-Reboot, [1381], [260959],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB96AA70-3480-4028-8E8B-36AC6A387FF9}|PATH, Delete-on-Reboot, [1381], [258996],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F8F6F6DF-4815-4534-A833-C9BC4288A888}|PATH, Delete-on-Reboot, [1381], [260959],1.0.1846
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\SMUPD|SCF, Delete-on-Reboot, [335], [238822],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AUTOAUTO, Delete-on-Reboot, [1381], [184007],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERPEE, Delete-on-Reboot, [1381], [255563],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AUTOAUTO, Delete-on-Reboot, [1381], [184007],1.0.1846
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSERVICE|IMAGEPATH, Delete-on-Reboot, [633], [357969],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERPEE, Delete-on-Reboot, [1381], [255563],1.0.1846
PUP.Optional.SystemHealer, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Delete-on-Reboot, [944], [261796],1.0.1846
PUP.Optional.ScreenShotPro, HKLM\SOFTWARE\SCREENSHOT PRO|PARTNERID, Delete-on-Reboot, [1870], [342231],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|RUTOAUTO, Delete-on-Reboot, [1381], [255559],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DUTOAUTO, Delete-on-Reboot, [1381], [255557],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERPEE, Delete-on-Reboot, [1381], [255558],1.0.1846
PUP.Optional.Goobzo.BITSRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpd|IMAGEPATH, Delete-on-Reboot, [8939], [384281],1.0.1846
PUP.Optional.Goobzo.BITSRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdd|IMAGEPATH, Delete-on-Reboot, [8939], [384281],1.0.1846
PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUPD|SCF, Delete-on-Reboot, [335], [238822],1.0.1846
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 13
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\USERS\JOSHUA\APPDATA\ROAMING\gplyra, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\USERS\JOSHUA\APPDATA\ROAMING\System Healer, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM HEALER, Delete-on-Reboot, [944], [181295],1.0.1846
PUP.Optional.ScreenShotPro, C:\Users\Joshua\AppData\Roaming\Screenshot Pro\dump, Delete-on-Reboot, [1870], [342236],1.0.1846
PUP.Optional.ScreenShotPro, C:\USERS\JOSHUA\APPDATA\ROAMING\SCREENSHOT PRO, Delete-on-Reboot, [1870], [342236],1.0.1846
PUP.Optional.Goobzo, C:\PROGRAMDATA\SEARCHMODULE, Delete-on-Reboot, [335], [189917],1.0.1846
PUP.Optional.ScreenShotPro, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Screenshot Pro\dump, Delete-on-Reboot, [1870], [345520],1.0.1846
PUP.Optional.ScreenShotPro, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\SCREENSHOT PRO, Delete-on-Reboot, [1870], [345520],1.0.1846
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\USERS\JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET, Delete-on-Reboot, [1104], [329210],1.0.1846
PUP.Optional.Social2Search.Generic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Socia2S Browser Enhancer, Delete-on-Reboot, [1152], [326625],1.0.1846
 
File: 103
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\aes_helper.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\blake.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\blake256.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\bmw.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\bmw256.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\cubehash.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\darkcoin-mod.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\decred.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\echo.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\fugue.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\groestl.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\groestl256.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\jh.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\keccak.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\keccak1600.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\luffa.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\lyra2.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\lyra2re.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\lyra2rev2.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\lyra2v2.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\neoscrypt.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\shabal.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\shavite.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\simd.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\skein.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\skein256.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\kernel\vanilla.cl, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\decredGeForce GTX 1050gw256l4tc4032.bin, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\gplyra.conf, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\gplyra.exe, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\msvcr120.dll, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra\start.cmd, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.BitCoinMiner, C:\Users\Joshua\AppData\Roaming\gplyra\gplyra-uninst.exe, Delete-on-Reboot, [193], [316518],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Danish.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Dutch.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\English.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\French.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\German.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Italian.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Norwegian.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Parameters.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Portuguese.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Spanish.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\Swedish.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\tmpLang.json, Delete-on-Reboot, [944], [181294],1.0.1846
PUP.Optional.SystemHealer, C:\Users\Joshua\AppData\Roaming\System Healer\Languages\tmpParam.json, Delete-on-Reboot, [944], [181294],1.0.1846
Trojan.ProxyAgent, C:\USERS\JOSHUA\APPDATA\LOCAL\AMLING.DLL, Delete-on-Reboot, [228], [392223],1.0.1846
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\HAST.EXE, Delete-on-Reboot, [763], [120009],1.0.1846
Trojan.Downloader, C:\PROGRAMDATA\TW1170437.EXE, Delete-on-Reboot, [72], [394063],1.0.1846
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\Launch System Healer.lnk, Delete-on-Reboot, [944], [181295],1.0.1846
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\System Healer on the Web.url, Delete-on-Reboot, [944], [181295],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\ROAMING\280973\429920.EXE, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\ROAMING\657336\703594.EXE, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\ROAMING\872717\391858.EXE, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\ROAMING\156531\300682.EXE, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\ROAMING\332015\429863.EXE, Delete-on-Reboot, [26], [394412],1.0.1846
Trojan.Downloader, C:\USERS\JOSHUA\APPDATA\ROAMING\TQAZK6R.EXE, Delete-on-Reboot, [72], [394413],1.0.1846
PUP.Optional.ScreenShotPro, C:\USERS\JOSHUA\APPDATA\ROAMING\SCREENSHOT PRO\DUMP\BUGREPORTCONFIG.INI, Delete-on-Reboot, [1870], [342236],1.0.1846
Rootkit.Agent.PUA, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\NDISTPR64.SYS-K.MBAM, Delete-on-Reboot, [6707], [384893],1.0.1846
PUP.Optional.Goobzo, C:\PROGRAMDATA\SEARCHMODULE\SMHE.JS, Delete-on-Reboot, [335], [189917],1.0.1846
PUP.Optional.Linkury.ACMB1, C:\USERS\JOSHUA\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [98], [302554],1.0.1846
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [129], [392467],1.0.1846
Trojan.Downloader, C:\USERS\JOSHUA\APPDATA\ROAMING\SBVMLMX.EXE, Delete-on-Reboot, [72], [394413],1.0.1846
PUP.Optional.ScreenShotPro, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\SCREENSHOT PRO\DUMP\BUGREPORTCONFIG.INI, Delete-on-Reboot, [1870], [345520],1.0.1846
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1048], [345397],1.0.1846
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [1048], [345397],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, Delete-on-Reboot, [6], [302488],1.0.1846
PUP.Optional.AnonymizerGadget, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\ANONYMIZERGADGETSETUP.1.000.1680.EXE, Delete-on-Reboot, [1495], [338559],1.0.1846
Trojan.Dropper, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\I4J1LK0TQ\I4J1LK0TQ.EXE, Delete-on-Reboot, [19], [394411],1.0.1846
Adware.NetUtils, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, Delete-on-Reboot, [1070], [385134],1.0.1846
PUP.Optional.Goobzo, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\SMW795C.TMP, Delete-on-Reboot, [335], [111931],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\1493503654\S5-20170325.ZIP, Delete-on-Reboot, [26], [387411],1.0.1846
PUP.Optional.Wajam, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\WAJAM_INSTALL.EXE, Delete-on-Reboot, [97], [244651],1.0.1846
Adware.Agent, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\075CB7235735471C9311761EC0F910D6\SETUP.EXE, Delete-on-Reboot, [243], [372569],1.0.1846
PUP.Optional.BitCoinMiner, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\AAQ0YCGUT\QZUDKIYRK.EXE, Delete-on-Reboot, [193], [363441],1.0.1846
Adware.DotDo, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\FD407616A1E04D53B3A105A50FE92C66\SETUP.EXE, Delete-on-Reboot, [38], [371956],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\873F0BF2F6DD42D3A42FCC8C876B9BFE\SETUP.EXE, Delete-on-Reboot, [6], [394161],1.0.1846
Trojan.Dropper, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\IS-K8VMF.TMP\UP.EXE, Delete-on-Reboot, [19], [394411],1.0.1846
PUP.Optional.SystemHealer, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\EEH5JLEL1\EEH5JLEL1.EXE, Delete-on-Reboot, [944], [363442],1.0.1846
Trojan.Clicker, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\1493503655\S5M_INSTALL_325.ZIP, Delete-on-Reboot, [26], [387412],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\NB3NFRA3K\NB3NFRA3K.EXE, Delete-on-Reboot, [6], [394161],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\HOVQWKLDA\SETUP.EXE, Delete-on-Reboot, [6], [394161],1.0.1846
Trojan.Dropper, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\IS-IV119.TMP\INS.EXE, Delete-on-Reboot, [19], [394411],1.0.1846
Adware.Elex, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\636C6013C27D48AB9ACC3D1AF3322A04\SETUP_0425.EXE, Delete-on-Reboot, [2], [393229],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\QLHZLVL11\QLHZLVL11.EXE, Delete-on-Reboot, [6], [394161],1.0.1846
Adware.ChinAd, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\WAK49UIER\SETUP.EXE, Delete-on-Reboot, [1096], [354687],1.0.1846
PUP.Optional.BitCoinMiner, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\SP15E7GNR\SP15E7GNR.EXE, Delete-on-Reboot, [193], [363441],1.0.1846
PUP.Optional.SearchModule, C:\WINDOWS\TEMP\SM_CACHE_IEXPLORE.EXE.CACHE, Delete-on-Reboot, [627], [242733],1.0.1846
PUP.Optional.HDWallPaper, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\U60ZGHNTR\U60ZGHNTR.EXE, Delete-on-Reboot, [129], [314890],1.0.1846
PUP.Optional.Amonetize, C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\WPH13PDS3\WPH13PDS3.EXE, Delete-on-Reboot, [6], [394161],1.0.1846
PUP.Optional.ProxyGate, C:\USERS\JOSHUA\APPDATA\LOCAL\UNINSTALLRO.EXE, Delete-on-Reboot, [954], [375420],1.0.1846
Adware.Agent.Proxy, C:\WINDOWS\OUTNUMBERED.EXE, Delete-on-Reboot, [9106], [121621],1.0.1846
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\TREVELYAN.EXE, Delete-on-Reboot, [763], [118538],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\134481239, Delete-on-Reboot, [1381], [260957],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\234481239, Delete-on-Reboot, [1381], [260957],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\a32485583, Delete-on-Reboot, [1381], [260957],1.0.1846
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\b32485583, Delete-on-Reboot, [1381], [260957],1.0.1846
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\USERS\JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET\ANONYMIZERGADGET.LNK, Delete-on-Reboot, [1104], [329210],1.0.1846
PUP.Optional.Social2Search.Generic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Socia2S Browser Enhancer\Social2Search Website.lnk, Delete-on-Reboot, [1152], [326625],1.0.1846
PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2S Browser Enhancer\Settings.lnk, Delete-on-Reboot, [1152], [326625],1.0.1846
PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2S Browser Enhancer\SignIn with Twitter.lnk, Delete-on-Reboot, [1152], [326625],1.0.1846
PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2S Browser Enhancer\uninstall.lnk, Delete-on-Reboot, [1152], [326625],1.0.1846
Rootkit.Agent.PUA, C:\WINDOWS\SYSTEM32\DRIVERS\NDISTPR64.SYS, Delete-on-Reboot, [6707], [384261],1.0.1846
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

 

Here is the export summary.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 06:41 PM

Good :) Now let's do a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 06:58 PM

Junkware Removal tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Joshua (Administrator) on Mon 05/01/2017 at 16:50:36.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\users\Public\Documents\guid (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\d88a83bba0bfba960cd3f1456e65023d (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/01/2017 at 16:52:03.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

I am going to come back and edit the other log back into this reply after the reboot.

 

AdwCleaner Log

 

# AdwCleaner v6.046 - Logfile created 01/05/2017 at 17:01:09
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-01.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Joshua - DESKTOP-G1T5L3N
# Running from : C:\Users\Joshua\Desktop\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: AdBlockerService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Joshua\AppData\Roaming\AGData
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\SysNative\drivers\340b96fc16b53d920bfca21a8460e6b3.sys
[-] File deleted: C:\Windows\rsrcs.dll
[-] File deleted: C:\Users\Joshua\AppData\Roaming\Installer.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cutoauto]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowService
[-] Key deleted: HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\Software\VideoBox
[#] Key deleted on reboot: HKCU\Software\VideoBox
[-] Key deleted: HKLM\SOFTWARE\xs
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\DtsEncodeTools
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Value deleted: HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2821 Bytes] - [01/05/2017 17:01:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [2934 Bytes] - [01/05/2017 17:00:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2967 Bytes] ##########
 

 

 


Edited by Joshuaduhs, 01 May 2017 - 07:04 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 07:05 PM

Good :) Now please run a new scan with FRST, and provide me a fresh set of logs (FRST.txt and Addition.txt).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 07:13 PM

Here is the new FRST scan log and a new Additional text file.

 

 

# AdwCleaner v6.046 - Logfile created 01/05/2017 at 17:01:09

# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-01.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Joshua - DESKTOP-G1T5L3N
# Running from : C:\Users\Joshua\Desktop\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: AdBlockerService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Joshua\AppData\Roaming\AGData
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\SysNative\drivers\340b96fc16b53d920bfca21a8460e6b3.sys
[-] File deleted: C:\Windows\rsrcs.dll
[-] File deleted: C:\Users\Joshua\AppData\Roaming\Installer.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cutoauto]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowService
[-] Key deleted: HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\Software\VideoBox
[#] Key deleted on reboot: HKCU\Software\VideoBox
[-] Key deleted: HKLM\SOFTWARE\xs
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\DtsEncodeTools
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Value deleted: HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Spoutly.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2821 Bytes] - [01/05/2017 17:01:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [2934 Bytes] - [01/05/2017 17:00:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2967 Bytes] ##########
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017

Ran by Joshua (01-05-2017 17:09:02)
Running from C:\Users\Joshua\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-18 03:28:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2998069279-3493425543-4111803104-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2998069279-3493425543-4111803104-503 - Limited - Disabled)
Guest (S-1-5-21-2998069279-3493425543-4111803104-501 - Limited - Disabled)
Joshua (S-1-5-21-2998069279-3493425543-4111803104-1001 - Administrator - Enabled) => C:\Users\Joshua
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AZiO KB577U Driver (HKLM-x32\...\{5BC3BD17-1A8C-4237-83EC-9620EE62A266}) (Version: 1.0 - AZiO)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Race The Sun (HKLM\...\Steam App 253030) (Version:  - Flippfly LLC)
Saints Row 2 (HKLM-x32\...\1430740458_is1) (Version: 2.1.0.5 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vivaldi (HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Vivaldi) (Version: 1.9.818.44 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {C5F942EE-0A9F-48BE-BEF3-C11B5729600B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe [2017-04-27] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-17 20:35 - 2017-02-23 01:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-01 16:12 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-04-28 10:40 - 2017-04-26 09:14 - 02926200 _____ () C:\Users\Joshua\AppData\Local\Vivaldi\Application\1.9.818.44\libglesv2.dll
2017-04-28 10:40 - 2017-04-26 09:14 - 00088184 _____ () C:\Users\Joshua\AppData\Local\Vivaldi\Application\1.9.818.44\libegl.dll
2017-04-17 20:35 - 2011-11-12 08:20 - 00053248 _____ () C:\Program Files (x86)\AZiO KB577U Driver\UniFunc.dll
2017-04-17 20:42 - 2017-03-09 17:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-04-17 20:42 - 2017-04-25 16:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2017-04-17 20:42 - 2016-08-31 18:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-04-17 20:41 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-04-17 20:41 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-04-17 20:41 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-04-17 20:41 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-04-17 20:41 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-04-17 20:42 - 2016-08-31 18:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-04-17 20:42 - 2016-08-31 18:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-04-17 20:42 - 2017-04-25 16:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-04-17 20:42 - 2017-01-30 14:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-04-17 20:42 - 2017-04-25 16:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2017-05-01 16:17 - 00001156 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\Desktop\d8b80813df287a1441d7b4e252a36247.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: epitomize => 2
MSCONFIG\Services: Installer => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8CB5729D-8E97-46BD-8234-34A29752016B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6BCC8910-19F2-48C0-B68F-3EA086B361D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48BB04D8-A2E2-4561-B347-9CD3BDF4AA98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFFC969D-7137-4E92-8866-ED81EE46F00E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBAC3932-63F7-4E6A-A9B8-70788D9F9415}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D6E9ED7-4A63-47D3-BCD5-538D0407A58D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C97F9516-D494-4B81-AD5A-A4649471E2C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64DF4DFB-7E8E-4721-BEBC-890680831773}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{224E6646-82B4-4BBB-B622-5F4BD3154270}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5D6EECC8-A71D-45B8-BFA8-D6BA50ED7DFC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{568D46ED-3B26-4073-AB64-322E087F32D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{00AF8A15-A31D-4AD4-9738-E60A51E35E15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [TCP Query User{677414B9-0F4A-4EAB-BD39-7D92A788DBC8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{1236E2C9-9D6D-4A33-9711-FD490413521A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{426E4181-82D5-4E74-8F04-80F0160F29B7}C:\gog games\saints row 2\sr2_pc.exe] => (Allow) C:\gog games\saints row 2\sr2_pc.exe
FirewallRules: [UDP Query User{1A0D191D-AF8F-46ED-9418-BB29BC6EF8C5}C:\gog games\saints row 2\sr2_pc.exe] => (Allow) C:\gog games\saints row 2\sr2_pc.exe
FirewallRules: [{44FFF46C-20C6-4C68-91C0-BDC83A797603}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{E068B893-C150-4D17-A1D1-40A190EBE015}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{BF2650EE-E580-4257-87A2-FC3D5AF4A4D5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{E6AF79F2-B267-4B1D-9EC6-95EF0EE09DF8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{7C133EBF-168E-4B08-9AEB-361B20048B45}] => (Allow) C:\Users\Joshua\AppData\Local\ddnowyes.exe
FirewallRules: [{93376EA3-C81B-47D7-9F18-732D0EDDD9B6}] => (Allow) C:\Users\Joshua\AppData\Local\Temp\fd407616a1e04d53b3a105a50fe92c66\setup.exe
FirewallRules: [{7FB7A916-236D-488A-ADC5-89EB301FFE2F}] => (Allow) C:\Users\Joshua\AppData\Local\73397901.exe
FirewallRules: [{BE2F19E9-0495-41E7-B788-CE709F4B497E}] => (Allow) C:\Users\Joshua\AppData\Local\tinstall.exe
FirewallRules: [{82672A5F-E3AD-4AF3-92C5-29B93503153D}] => (Allow) C:\Users\Joshua\AppData\Local\sc68283861.exe
FirewallRules: [{2B2865A8-AE8C-44B5-A253-70A4826195EC}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{F65BE71B-7A4C-45CD-A781-CE896534D266}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{EB5DED01-8DB7-40D1-8D60-EEC049AF5D7A}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{02C44417-CF76-4907-8FE1-F52ABCB26562}] => (Allow) C:\Users\Joshua\AppData\Local\ddnow.exe
FirewallRules: [{6698DA94-509A-4892-897F-0A3A6E53F6AE}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{47265D72-9BE6-4A08-8E2F-142329F0328F}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{D43C0F98-098F-4EC8-9A89-58EFAFE632FE}] => (Allow) C:\Program Files (x86)\mindfulness\unstuck.exe
FirewallRules: [{A4E05575-44D7-492E-8A5C-15BDB88907A3}] => (Allow) C:\Program Files (x86)\mindfulness\letourneau.exe
FirewallRules: [{222677EA-56BE-409E-88F3-F3DDF29B55B7}] => (Allow) C:\Program Files (x86)\mellowing\preparedness.exe
FirewallRules: [{142CC194-5210-4125-99CC-44B781A39165}] => (Allow) C:\Program Files (x86)\Consist\mischief.exe
FirewallRules: [{A0412AE1-D317-46FC-B565-53882ECF262D}] => (Allow) C:\Windows\hast.exe
FirewallRules: [TCP Query User{49BA2CE5-FCA4-4252-BF7C-00E5842D870C}C:\users\joshua\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\joshua\appdata\local\vivaldi\application\vivaldi.exe
FirewallRules: [UDP Query User{FE3D3379-7DD9-4A45-9EDA-636423A3194C}C:\users\joshua\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\joshua\appdata\local\vivaldi\application\vivaldi.exe
 
==================== Restore Points =========================
 
17-04-2017 20:34:24 Windows Update
20-04-2017 18:41:38 Installed DirectX
29-04-2017 15:35:25 Windows Modules Installer
01-05-2017 16:50:38 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: I-O DATA GV-USB2
Description: I-O DATA GV-USB2
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: I-O DATA GV-USB2
Description: I-O DATA GV-USB2
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: I-O DATA GV-USB2
Description: I-O DATA GV-USB2
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2017 05:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-G1T5L3N.local already in use; will try DESKTOP-G1T5L3N-2.local instead
 
Error: (05/01/2017 05:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 DESKTOP-G1T5L3N.local. AAAA FE80:0000:0000:0000:6542:E129:56FB:D125
 
Error: (05/01/2017 05:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:6542:E129:56FB:D125:5353   16 DESKTOP-G1T5L3N.local. AAAA 2605:E000:ABEA:C000:0000:0000:0000:0009
 
Error: (05/01/2017 06:23:52 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Error: (05/01/2017 06:23:52 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Error: (05/01/2017 06:11:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/30/2017 07:27:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G1T5L3N)
Description: Package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (04/30/2017 07:25:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G1T5L3N)
Description: Package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (04/30/2017 07:23:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G1T5L3N)
Description: Package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (04/30/2017 07:22:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G1T5L3N)
Description: Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/01/2017 05:04:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/01/2017 05:03:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/01/2017 05:03:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/01/2017 05:02:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (05/01/2017 05:01:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-G1T5L3N)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (05/01/2017 05:00:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (05/01/2017 05:00:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/01/2017 05:00:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/01/2017 05:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/01/2017 05:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-04-29 15:18:25.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.097
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.094
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:18:25.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:11:18.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-29 15:11:18.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 13%
Total physical RAM: 16340.68 MB
Available physical RAM: 14088.05 MB
Total Virtual: 18772.68 MB
Available Virtual: 16321.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:862.93 GB) NTFS
Drive e: (DUARTE J) (Fixed) (Total:465.65 GB) (Free:206.9 GB) FAT32
Drive f: () (Removable) (Total:29.86 GB) (Free:28.97 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6CD8C816)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 6B997A42)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0B)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.9 GB) (Disk ID: 00001553)
Partition 1: (Active) - (Size=29.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 01 May 2017 - 07:24 PM

The first log is the AdwCleaner clean log, not FRST.txt.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Joshuaduhs

Joshuaduhs
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 May 2017 - 07:44 PM

Oops. Sorry.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017

Ran by Joshua (administrator) on DESKTOP-G1T5L3N (01-05-2017 17:08:19)
Running from C:\Users\Joshua\Desktop
Loaded Profiles: Joshua (Available Profiles: Joshua)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\update_notifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AZiO) C:\Program Files (x86)\AZiO KB577U Driver\KbClient_FD3.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Vivaldi Technologies AS) C:\Users\Joshua\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [preparedness.exemischief.exe] => "C:\Program Files (x86)\mindfulness\unstuck.exe"
HKLM\...\Run: [toys] => "C:\Program Files (x86)\mindfulness\unstuck.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Launch DearMo DK1000DA] => C:\Program Files (x86)\AZiO KB577U Driver\KbClient_FD3.exe [663635 2012-05-17] (AZiO)
HKLM-x32\...\Run: [toys] => "C:\Program Files (x86)\mindfulness\unstuck.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\Joshua\AppData\Local\Vivaldi\Application\update_notifier.exe [4088440 2017-04-26] (Vivaldi Technologies AS)
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [toys] => "C:\Program Files (x86)\mindfulness\unstuck.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [ok541365] => "C:\Program Files (x86)\mindfulness\letourneau.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [officials] => "C:\Program Files (x86)\mellowing\officials.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [collocation] => "C:\Program Files (x86)\mindfulness\unstuck.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [calibration] => "C:\Program Files (x86)\mellowing\preparedness.exe"
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\...\Run: [mapmaking] => "C:\Program Files (x86)\Consist\mischief.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\buggy.lnk [2017-04-29]
ShortcutTarget: buggy.lnk -> C:\Program Files (x86)\mindfulness\unstuck.exe (No File)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok541365.lnk [2017-04-29]
ShortcutTarget: ok541365.lnk -> C:\Program Files (x86)\mindfulness\unstuck.exe (No File)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok541365buggy.lnk [2017-04-29]
ShortcutTarget: ok541365buggy.lnk -> C:\Program Files (x86)\Consist\mischief.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{56e550d9-d36a-42b3-ad63-5e3a5a4afeca}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2998069279-3493425543-4111803104-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-17]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-17]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-17]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 tw1037906; C:\ProgramData\tw1037906.exe [X]
S4 tw1046484; C:\ProgramData\tw1046484.exe [X]
S4 tw1087296; C:\ProgramData\tw1087296.exe [X]
S4 tw990144328; C:\ProgramData\tw990144328.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 KbFilter_Kb_FlexDef3; C:\Windows\System32\drivers\KbFilter_FlexDef3.sys [22016 2010-09-03] (Siliten)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-01] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_e619501ce2023445\nvlddmkm.sys [14569520 2017-03-23] (NVIDIA Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-01 17:08 - 2017-05-01 17:08 - 02428416 _____ (Farbar) C:\Users\Joshua\Desktop\FRST64.exe
2017-05-01 17:08 - 2017-05-01 17:08 - 00012388 _____ C:\Users\Joshua\Desktop\FRST.txt
2017-05-01 17:08 - 2017-05-01 17:08 - 00000000 ____D C:\Users\Joshua\Desktop\FRST-OlderVersion
2017-05-01 16:56 - 2017-05-01 16:56 - 04102600 _____ C:\Users\Joshua\Desktop\adwcleaner_6.046.exe
2017-05-01 16:55 - 2017-05-01 17:01 - 00000000 ____D C:\AdwCleaner
2017-05-01 16:52 - 2017-05-01 16:52 - 00000844 _____ C:\Users\Joshua\Desktop\JRT.txt
2017-05-01 16:49 - 2017-05-01 16:49 - 01663672 _____ (Malwarebytes) C:\Users\Joshua\Desktop\JRT.exe
2017-05-01 16:36 - 2017-05-01 16:36 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\WinRAR
2017-05-01 16:36 - 2017-05-01 16:36 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-01 16:36 - 2017-05-01 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-01 16:36 - 2017-05-01 16:36 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-05-01 16:35 - 2017-05-01 16:35 - 00636242 _____ C:\Users\Joshua\Downloads\AppNee.com.Adobe.CS6.All.Products.Universal.Crack.DLL.amtlib.x64.7z
2017-05-01 16:33 - 2017-05-01 16:42 - 2365586577 _____ C:\Users\Joshua\Downloads\MasterCollection_CS6_LS16.7z
2017-05-01 16:33 - 2017-05-01 16:33 - 01055720 _____ (Adobe Systems Incorporated) C:\Users\Joshua\Downloads\MasterCollection_CS6_LS16.exe
2017-05-01 16:31 - 2017-05-01 16:36 - 00000000 ____D C:\Users\Joshua\Documents\Crack Adobe CS6
2017-05-01 16:18 - 2017-05-01 16:18 - 00025871 _____ C:\Users\Joshua\Desktop\Export Summary.txt
2017-05-01 16:12 - 2017-05-01 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-01 16:12 - 2017-05-01 16:12 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-01 16:12 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-01 06:03 - 2017-05-01 17:02 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-01 06:03 - 2017-05-01 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-01 06:03 - 2017-05-01 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-30 08:01 - 2017-05-01 06:11 - 00000000 ____D C:\Users\Joshua\Desktop\mbar
2017-04-30 07:45 - 2017-05-01 17:08 - 00000000 ____D C:\FRST
2017-04-30 01:14 - 2017-04-30 01:14 - 00945664 ____H (t ) C:\Windows\system32\BIT42F8.tmp
2017-04-30 01:14 - 2017-04-30 01:14 - 00945664 ____H (t ) C:\Windows\system32\BIT3B85.tmp
2017-04-29 17:07 - 2017-04-29 17:07 - 00000566 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music.lnk
2017-04-29 16:55 - 2017-04-29 16:55 - 00000000 ____D C:\Users\Joshua\AppData\Local\ElevatedDiagnostics
2017-04-29 16:36 - 2017-05-01 06:01 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-29 16:35 - 2017-04-29 16:35 - 00000000 ____D C:\Windows\pss
2017-04-29 16:13 - 2017-04-29 23:01 - 60107896 _____ (Malwarebytes ) C:\Users\Joshua\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-29 16:09 - 2017-04-29 16:11 - 00000096 _____ C:\Users\Joshua\Documents\save.reg
2017-04-29 15:45 - 2017-04-29 15:45 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Macromedia
2017-04-29 15:39 - 2017-04-29 15:41 - 00000132 _____ C:\ProgramData\log.binb
2017-04-29 15:08 - 2017-04-29 15:08 - 00000055 _____ C:\Windows\key.ini
2017-04-29 15:07 - 2017-05-01 16:17 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\872717
2017-04-29 15:07 - 2017-05-01 16:17 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\657336
2017-04-29 15:07 - 2017-05-01 16:17 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\332015
2017-04-29 15:07 - 2017-05-01 16:17 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\280973
2017-04-29 15:07 - 2017-05-01 16:17 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\156531
2017-04-29 15:07 - 2017-05-01 06:12 - 00000000 ____D C:\Users\Joshua\AppData\Local\wrqtnzwuk
2017-04-29 15:07 - 2017-05-01 06:12 - 00000000 ____D C:\Users\Joshua\AppData\Local\ghhagz
2017-04-29 15:07 - 2017-04-29 15:39 - 00003520 _____ C:\ProgramData\log.ewbt
2017-04-29 15:07 - 2017-04-29 15:39 - 00000128 _____ C:\ProgramData\log.ewbb
2017-04-29 15:07 - 2017-04-29 15:08 - 00000000 ____D C:\Windows\system32\SSL
2017-04-29 15:07 - 2017-04-29 15:07 - 00140800 _____ C:\Users\Joshua\AppData\Local\installer.dat
2017-04-29 15:07 - 2017-04-29 15:07 - 00011568 _____ C:\Users\Joshua\AppData\Local\InstallationConfiguration.xml
2017-04-29 15:07 - 2017-04-29 15:07 - 00001658 _____ C:\Users\Joshua\AppData\Roaming\TQAZK6R.exe.config
2017-04-29 15:07 - 2017-04-29 15:07 - 00001658 _____ C:\Users\Joshua\AppData\Roaming\SBVMLMX.exe.config
2017-04-29 15:07 - 2017-04-29 15:07 - 00000000 ____D C:\Windows\system32\sstmp
2017-04-29 15:07 - 2017-04-29 15:07 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-29 15:07 - 2017-04-29 15:07 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\c
2017-04-29 15:07 - 2017-04-29 15:07 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
2017-04-29 15:07 - 2017-04-29 15:07 - 00000000 _____ C:\Users\Joshua\AppData\Local\run.txt
2017-04-27 12:08 - 2017-04-27 12:08 - 00002483 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2017-04-27 12:08 - 2017-04-27 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2017-04-27 12:08 - 2017-04-27 12:08 - 00000000 ____D C:\Program Files (x86)\SquareEnix
2017-04-26 07:40 - 2017-04-26 07:40 - 86181579 _____ C:\Users\Joshua\Downloads\Even Stevens - The Kiss.mp4
2017-04-25 20:59 - 2017-04-25 20:59 - 96046608 _____ C:\Users\Joshua\Downloads\Even Stevens - Starstruck.mp4
2017-04-25 15:41 - 2017-04-25 15:41 - 102328006 _____ C:\Users\Joshua\Downloads\Even Stevens - Influenza and Musical.mp4
2017-04-25 14:44 - 2017-04-28 10:40 - 00002339 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-04-25 14:44 - 2017-04-28 10:40 - 00002331 _____ C:\Users\Joshua\Desktop\Vivaldi.lnk
2017-04-25 14:43 - 2017-04-28 10:40 - 00000000 ____D C:\Users\Joshua\AppData\Local\Vivaldi
2017-04-25 14:43 - 2017-04-25 14:43 - 41004664 _____ (Vivaldi Technologies AS) C:\Users\Joshua\Downloads\Vivaldi.1.8.770.56.exe
2017-04-24 14:44 - 2017-04-29 15:07 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\NVIDIA
2017-04-20 19:25 - 2017-04-22 22:09 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\vlc
2017-04-20 19:24 - 2017-04-20 19:24 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-04-20 19:24 - 2017-04-20 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-20 19:23 - 2017-04-20 19:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-04-20 19:03 - 2017-04-25 19:16 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\obs-studio
2017-04-20 18:51 - 2017-04-20 18:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-20 18:51 - 2017-04-20 18:51 - 00000000 ____D C:\Program Files\MSBuild
2017-04-20 18:51 - 2017-04-20 18:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-20 18:51 - 2017-04-20 18:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-20 18:50 - 2017-02-10 11:26 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-04-20 18:50 - 2017-02-10 11:26 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 18:50 - 2017-02-10 11:26 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-04-20 18:50 - 2017-02-10 11:21 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-04-20 18:50 - 2017-02-10 11:21 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 18:50 - 2017-02-10 11:21 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-04-20 18:41 - 2017-04-20 18:42 - 00000000 ____D C:\Users\Joshua\AppData\Local\THQ
2017-04-20 18:41 - 2017-04-20 18:41 - 00001689 _____ C:\Users\Public\Desktop\Saints Row 2.lnk
2017-04-20 18:41 - 2017-04-20 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row 2 [GOG.com]
2017-04-20 18:38 - 2017-04-20 18:38 - 00000000 ____D C:\GOG Games
2017-04-20 18:37 - 2017-04-20 18:37 - 00001279 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-04-20 18:37 - 2017-04-20 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-04-20 18:37 - 2017-04-20 18:37 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-04-20 17:18 - 2017-04-20 17:19 - 113034688 _____ (obsproject.com) C:\Users\Joshua\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
2017-04-20 17:16 - 2017-04-20 17:23 - 4194304000 _____ C:\Users\Joshua\Downloads\setup_saints_row2_2.1.0.5-1.bin
2017-04-20 17:16 - 2017-04-20 17:23 - 1986710059 _____ C:\Users\Joshua\Downloads\setup_saints_row2_2.1.0.5-2.bin
2017-04-20 15:22 - 2017-04-20 15:22 - 34953688 _____ (GOG.com ) C:\Users\Joshua\Downloads\setup_saints_row2_2.1.0.5.exe
2017-04-18 23:01 - 2017-04-18 23:01 - 00000000 ____D C:\Users\Joshua\AppData\Local\PeerDistRepub
2017-04-18 04:20 - 2017-04-18 03:27 - 00000000 ____D C:\Windows\Panther
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-04-18 03:28 - 2017-04-18 03:28 - 00000000 _SHDL C:\Documents and Settings
2017-04-18 03:24 - 2017-05-01 17:02 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 03:24 - 2017-05-01 16:40 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-04-18 03:24 - 2017-04-29 15:19 - 00217024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-18 03:24 - 2017-04-18 03:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-18 03:24 - 2017-04-18 03:24 - 00000000 ____D C:\Windows\ServiceProfiles
2017-04-17 23:09 - 2017-04-17 23:06 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-17 23:08 - 2017-04-17 23:09 - 00000000 ____D C:\Windows\system32\MRT
2017-04-17 23:08 - 2017-04-17 23:08 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-17 23:08 - 2017-03-31 17:57 - 01411640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-04-17 23:08 - 2017-03-31 17:57 - 00626520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-04-17 23:08 - 2017-03-31 17:57 - 00311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-17 23:08 - 2017-03-31 17:51 - 05477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-04-17 23:08 - 2017-03-31 17:51 - 01760264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-17 23:08 - 2017-03-31 17:29 - 01518088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-17 23:08 - 2017-03-31 17:28 - 00354360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-04-17 23:08 - 2017-03-31 17:25 - 06756920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-17 23:08 - 2017-03-31 17:25 - 00986592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-17 23:08 - 2017-03-31 17:19 - 23675392 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-04-17 23:08 - 2017-03-31 17:11 - 02957824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-04-17 23:08 - 2017-03-31 17:11 - 00038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-17 23:08 - 2017-03-31 17:09 - 20505600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-04-17 23:08 - 2017-03-31 17:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-04-17 23:08 - 2017-03-31 17:08 - 19334144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-17 23:08 - 2017-03-31 17:04 - 00364032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-04-17 23:08 - 2017-03-31 17:04 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-04-17 23:08 - 2017-03-31 17:03 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-17 23:08 - 2017-03-31 17:02 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-17 23:08 - 2017-03-31 17:01 - 00429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2017-04-17 23:08 - 2017-03-31 16:58 - 23680512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-17 23:08 - 2017-03-31 16:58 - 01506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-17 23:08 - 2017-03-31 16:56 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-04-17 23:08 - 2017-03-31 16:55 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2017-04-17 23:08 - 2017-03-31 16:52 - 08247296 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-04-17 23:08 - 2017-03-31 16:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-17 23:08 - 2017-03-31 16:52 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-17 23:08 - 2017-03-31 16:50 - 01657344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-04-17 23:08 - 2017-03-31 14:00 - 00032004 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin
2017-04-17 23:08 - 2017-03-25 00:58 - 00388000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-04-17 23:07 - 2017-03-31 18:05 - 01604312 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-04-17 23:07 - 2017-03-31 18:05 - 00750560 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-04-17 23:07 - 2017-03-31 18:04 - 01147296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-04-17 23:07 - 2017-03-31 18:04 - 01024416 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-04-17 23:07 - 2017-03-31 18:04 - 00382368 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-17 23:07 - 2017-03-31 17:59 - 08319392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-17 23:07 - 2017-03-31 17:52 - 02444184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-17 23:07 - 2017-03-31 17:52 - 00409504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-17 23:07 - 2017-03-31 17:51 - 00205728 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-04-17 23:07 - 2017-03-31 17:50 - 02085280 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2017-04-17 23:07 - 2017-03-31 17:48 - 07904784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-04-17 23:07 - 2017-03-31 17:47 - 01323880 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-17 23:07 - 2017-03-31 17:06 - 03672064 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-04-17 23:07 - 2017-03-31 17:05 - 00047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-17 23:07 - 2017-03-31 17:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-04-17 23:07 - 2017-03-31 16:59 - 11869696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-17 23:07 - 2017-03-31 16:58 - 06296064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-04-17 23:07 - 2017-03-31 16:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2017-04-17 23:07 - 2017-03-31 16:55 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-04-17 23:07 - 2017-03-31 16:55 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\XpsDocumentTargetPrint.dll
2017-04-17 23:07 - 2017-03-31 16:53 - 12787200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-17 23:07 - 2017-03-31 16:50 - 01605632 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-17 23:07 - 2017-03-31 16:48 - 01356800 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-04-17 23:07 - 2017-03-31 16:47 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-04-17 23:07 - 2017-03-31 16:45 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-17 23:07 - 2017-03-31 16:44 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-17 23:07 - 2017-03-25 01:28 - 00543648 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-04-17 22:47 - 2017-04-18 00:28 - 00000000 ____D C:\Users\Joshua\Documents\Overwatch
2017-04-17 22:43 - 2017-04-17 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-04-17 22:32 - 2017-04-17 22:32 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-17 22:30 - 2017-04-25 19:11 - 00000000 ____D C:\Users\Joshua\AppData\Local\Battle.net
2017-04-17 22:30 - 2017-04-20 18:51 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-04-17 22:30 - 2017-04-17 22:30 - 00000000 ____D C:\Users\Joshua\AppData\Local\Blizzard Entertainment
2017-04-17 22:30 - 2017-04-17 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-04-17 22:30 - 2017-04-17 22:30 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-17 22:29 - 2017-04-21 09:58 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-04-17 22:28 - 2017-04-17 22:30 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Battle.net
2017-04-17 22:27 - 2017-04-17 22:28 - 00000000 ____D C:\ProgramData\Battle.net
2017-04-17 22:27 - 2017-04-17 22:27 - 03251696 _____ (Blizzard Entertainment) C:\Users\Joshua\Downloads\Overwatch-Setup.exe
2017-04-17 21:07 - 2017-04-17 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-04-17 21:01 - 2017-04-29 16:57 - 00000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2017-04-17 21:01 - 2017-04-17 21:14 - 00000000 ____D C:\Users\Joshua\Heaven
2017-04-17 21:01 - 2017-04-17 21:01 - 00000000 ____D C:\Users\Joshua\AppData\Local\DBG
2017-04-17 21:00 - 2017-04-17 21:13 - 01307648 _____ C:\Users\Joshua\AppData\Local\file__0.localstorage
2017-04-17 20:57 - 2017-04-17 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2017-04-17 20:57 - 2017-04-17 20:57 - 00000000 ____D C:\Program Files (x86)\Unigine
2017-04-17 20:56 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-04-17 20:56 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-04-17 20:56 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-04-17 20:56 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-04-17 20:56 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-04-17 20:56 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-04-17 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-04-17 20:56 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-04-17 20:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-04-17 20:56 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-04-17 20:56 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-04-17 20:56 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-04-17 20:56 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-04-17 20:56 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-04-17 20:56 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-04-17 20:56 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-04-17 20:56 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-04-17 20:56 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-04-17 20:56 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-04-17 20:56 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-04-17 20:56 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-04-17 20:56 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-04-17 20:56 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-04-17 20:56 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-04-17 20:56 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-04-17 20:56 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-04-17 20:56 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-04-17 20:56 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-04-17 20:56 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-04-17 20:56 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-04-17 20:56 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-04-17 20:56 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-04-17 20:56 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-04-17 20:56 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-04-17 20:56 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-04-17 20:56 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-04-17 20:56 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-04-17 20:56 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-04-17 20:56 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-04-17 20:56 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-04-17 20:56 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-04-17 20:56 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-04-17 20:56 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-04-17 20:56 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-04-17 20:56 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-04-17 20:56 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-04-17 20:56 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-04-17 20:56 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-04-17 20:56 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-04-17 20:56 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-04-17 20:56 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-04-17 20:56 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-04-17 20:56 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-04-17 20:56 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-04-17 20:56 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-04-17 20:55 - 2017-04-17 20:55 - 00000000 ____D C:\Users\Joshua\Documents\My Games
2017-04-17 20:55 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-04-17 20:55 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-04-17 20:55 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-04-17 20:55 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-04-17 20:55 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-04-17 20:55 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-04-17 20:55 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-04-17 20:55 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-04-17 20:55 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-04-17 20:55 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-04-17 20:55 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-04-17 20:55 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-04-17 20:55 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-04-17 20:55 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-04-17 20:55 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-04-17 20:55 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-04-17 20:55 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-04-17 20:55 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-04-17 20:55 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-04-17 20:55 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-04-17 20:55 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-04-17 20:55 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-04-17 20:55 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-04-17 20:55 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-04-17 20:55 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-04-17 20:55 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-04-17 20:55 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-04-17 20:55 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-04-17 20:55 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-04-17 20:55 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-04-17 20:55 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-04-17 20:55 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-04-17 20:55 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-04-17 20:55 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-04-17 20:55 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-04-17 20:55 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-04-17 20:55 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-04-17 20:55 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-04-17 20:55 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-04-17 20:55 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-17 20:55 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-04-17 20:55 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-17 20:55 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-04-17 20:55 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-17 20:55 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-04-17 20:55 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-04-17 20:55 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-04-17 20:55 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-04-17 20:55 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-04-17 20:55 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-17 20:55 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-04-17 20:55 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-04-17 20:55 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-04-17 20:55 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-04-17 20:55 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-04-17 20:55 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-04-17 20:55 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-04-17 20:55 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-04-17 20:55 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-04-17 20:55 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-04-17 20:49 - 2017-04-17 20:49 - 00000000 ____D C:\Users\Joshua\AppData\Local\Comms
2017-04-17 20:47 - 2017-04-17 20:50 - 00000000 ____D C:\Users\Joshua\Documents\AZiO
2017-04-17 20:46 - 2017-04-17 20:46 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Joshua\Downloads\ffxivsetup.exe
2017-04-17 20:44 - 2017-04-17 20:47 - 258728440 _____ (Unigine Corp. ) C:\Users\Joshua\Downloads\Unigine_Heaven-4.0.exe
2017-04-17 20:43 - 2017-04-17 20:43 - 00000000 ____D C:\Users\Joshua\AppData\Local\Steam
2017-04-17 20:43 - 2017-04-17 20:43 - 00000000 ____D C:\Users\Joshua\AppData\Local\CEF
2017-04-17 20:41 - 2017-05-01 17:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-17 20:41 - 2017-04-17 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-17 20:40 - 2017-04-29 15:09 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Apple Computer
2017-04-17 20:40 - 2017-04-17 20:40 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Users\Joshua\AppData\Local\Apple Computer
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Users\Joshua\AppData\Local\Apple
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files\iTunes
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files\iPod
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files\Bonjour
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-17 20:40 - 2017-04-17 20:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-17 20:39 - 2017-04-17 20:40 - 00000000 ____D C:\ProgramData\Apple
2017-04-17 20:38 - 2017-05-01 16:48 - 00000000 ____D C:\Users\Joshua\AppData\Local\ClassicShell
2017-04-17 20:38 - 2017-04-17 20:38 - 00000000 ____D C:\ProgramData\USOShared
2017-04-17 20:37 - 2017-04-17 20:37 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-04-17 20:37 - 2017-04-17 20:37 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\ClassicShell
2017-04-17 20:37 - 2017-04-17 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2017-04-17 20:37 - 2017-04-17 20:37 - 00000000 ____D C:\ProgramData\ClassicShell
2017-04-17 20:37 - 2017-04-17 20:37 - 00000000 ____D C:\Program Files\Classic Shell
2017-04-17 20:37 - 2017-04-17 20:37 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-17 20:37 - 2017-02-23 01:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-04-17 20:37 - 2017-01-25 17:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-04-17 20:37 - 2017-01-25 17:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-04-17 20:37 - 2017-01-25 17:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-04-17 20:37 - 2017-01-25 17:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-04-17 20:36 - 2017-04-17 20:37 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-04-17 20:35 - 2017-05-01 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-17 20:35 - 2017-05-01 16:17 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-17 20:35 - 2017-04-27 12:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-17 20:35 - 2017-04-17 20:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-17 20:35 - 2017-04-17 20:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-17 20:35 - 2017-04-17 20:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-17 20:35 - 2017-04-17 20:36 - 00000000 ____D C:\Program Files (x86)\AZiO KB577U Driver
2017-04-17 20:35 - 2017-04-17 20:35 - 00002370 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-17 20:35 - 2017-04-17 20:35 - 00000000 ___RD C:\Users\Joshua\OneDrive
2017-04-17 20:35 - 2017-04-17 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AZiO KB577U
2017-04-17 20:35 - 2017-03-23 15:44 - 00521656 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-04-17 20:35 - 2017-02-23 01:43 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-04-17 20:35 - 2017-02-23 01:28 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-04-17 20:35 - 2017-02-23 01:28 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-04-17 20:35 - 2017-02-22 23:38 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-04-17 20:35 - 2010-09-03 18:42 - 00022016 _____ (Siliten) C:\Windows\system32\Drivers\KbFilter_FlexDef3.sys
2017-04-17 20:34 - 2017-04-29 15:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-17 20:34 - 2017-04-17 20:44 - 00000000 ____D C:\Users\Joshua\AppData\Local\Google
2017-04-17 20:33 - 2017-05-01 17:06 - 01157468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-17 20:33 - 2017-04-17 20:33 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-17 20:32 - 2017-04-29 15:11 - 00000000 ____D C:\Users\Joshua\AppData\Local\Packages
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Adobe
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 ____D C:\Users\Joshua\AppData\Local\VirtualStore
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 ____D C:\Users\Joshua\AppData\Local\TileDataLayer
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 ____D C:\Users\Joshua\AppData\Local\Publishers
2017-04-17 20:32 - 2017-04-17 20:32 - 00000000 ____D C:\Users\Joshua\AppData\Local\ConnectedDevicesPlatform
2017-04-17 20:31 - 2017-04-29 15:57 - 00000000 ____D C:\Users\Joshua
2017-04-17 20:31 - 2017-04-17 20:31 - 00000020 ___SH C:\Users\Joshua\ntuser.ini
2017-04-17 20:31 - 2017-04-17 20:31 - 00000000 _SHDL C:\Users\Joshua\My Documents
2017-04-17 20:31 - 2017-04-17 20:31 - 00000000 _SHDL C:\Users\Joshua\Documents\My Videos
2017-04-17 20:31 - 2017-04-17 20:31 - 00000000 _SHDL C:\Users\Joshua\Documents\My Pictures
2017-04-17 20:31 - 2017-04-17 20:31 - 00000000 _SHDL C:\Users\Joshua\Documents\My Music
2017-04-17 20:30 - 2017-04-17 20:30 - 00000000 ____D C:\Windows\CSC
2017-04-17 20:30 - 2017-03-18 13:56 - 02233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-04-17 00:01 - 2017-04-17 00:01 - 00041194 _____ C:\Windows\swaggering.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-01 17:01 - 2017-03-18 04:40 - 01048576 _____ C:\Windows\system32\config\BBI
2017-04-29 15:45 - 2017-03-18 13:51 - 00000000 ____D C:\Windows\CbsTemp
2017-04-29 15:11 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-29 15:11 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\AppReadiness
2017-04-29 15:09 - 2017-03-18 14:01 - 00000000 ____D C:\Windows\INF
2017-04-20 22:53 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\rescache
2017-04-18 07:09 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\appcompat
2017-04-18 04:20 - 2017-03-18 14:03 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-04-18 03:27 - 2017-03-18 04:40 - 00000000 ____D C:\Windows\system32\Sysprep
2017-04-18 03:25 - 2017-03-18 19:31 - 00000000 ____D C:\Windows\HoloShell
2017-04-18 03:25 - 2017-03-18 14:03 - 00000000 ___RD C:\Windows\PrintDialog
2017-04-18 03:25 - 2017-03-18 14:03 - 00000000 ___RD C:\Windows\MiracastView
2017-04-18 03:25 - 2017-03-18 14:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-18 03:25 - 2017-03-18 04:40 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-04-17 20:38 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-17 20:35 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\Help
2017-04-17 20:31 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-04-17 20:30 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\system32\spool
2017-04-17 20:30 - 2017-03-18 14:03 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-04-17 20:28 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-03 09:56 - 2017-03-18 14:06 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-03 09:56 - 2017-03-18 14:06 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-04-29 15:07 - 2017-04-29 15:07 - 0001658 _____ () C:\Users\Joshua\AppData\Roaming\SBVMLMX.exe.config
2017-04-29 15:07 - 2017-04-29 15:07 - 0001658 _____ () C:\Users\Joshua\AppData\Roaming\TQAZK6R.exe.config
2017-04-17 21:00 - 2017-04-17 21:13 - 1307648 _____ () C:\Users\Joshua\AppData\Local\file__0.localstorage
2017-04-29 15:07 - 2017-04-29 15:07 - 0011568 _____ () C:\Users\Joshua\AppData\Local\InstallationConfiguration.xml
2017-04-29 15:07 - 2017-04-29 15:07 - 0140800 _____ () C:\Users\Joshua\AppData\Local\installer.dat
2017-04-29 15:07 - 2017-04-29 15:07 - 0000000 _____ () C:\Users\Joshua\AppData\Local\run.txt
2017-04-29 15:39 - 2017-04-29 15:41 - 0000132 _____ () C:\ProgramData\log.binb
2017-04-29 15:07 - 2017-04-29 15:39 - 0000128 _____ () C:\ProgramData\log.ewbb
2017-04-29 15:07 - 2017-04-29 15:39 - 0003520 _____ () C:\ProgramData\log.ewbt
 
Some files in TEMP:
====================
2017-04-29 15:07 - 2017-04-29 15:07 - 1042800 _____ (Star Line                                                   ) C:\Users\Joshua\AppData\Local\Temp\AdBlocker.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 0125440 _____ () C:\Users\Joshua\AppData\Local\Temp\g151C.tmp.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 0274432 _____ () C:\Users\Joshua\AppData\Local\Temp\g151D.tmp.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 0471552 _____ () C:\Users\Joshua\AppData\Local\Temp\g151E.tmp.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 0590690 _____ (                                                            ) C:\Users\Joshua\AppData\Local\Temp\speedownloader.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 1199825 _____ () C:\Users\Joshua\AppData\Local\Temp\unins000.exe
2017-04-29 15:07 - 2017-04-29 15:07 - 1250190 _____ (VideoBox                                                    ) C:\Users\Joshua\AppData\Local\Temp\vbsetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-27 22:54
 
==================== End of FRST.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users