Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

10000 pivx stolen. $20000AUD Trojan horse?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Mickeyspit

Mickeyspit

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 05 May 2017 - 09:05 PM

Hello I am trying to find evidence that a key logger was used and a file was taken from my computer.
Can anyone recommend and software that will show evidence of the hack?

Please read attached post.
https://bitcointalk.org/index.php?topic=1900406.20

Edited by Mickeyspit, 05 May 2017 - 09:06 PM.


BC AdBot (Login to Remove)

 


#2 Mickeyspit

Mickeyspit
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 06 May 2017 - 12:31 AM

hi can someone please analyze these logs im looking for evidence of a key logger and something that would enable a hacker to steal a file from my computer.
 
 
 
# AdwCleaner v6.045 - Logfile created 06/05/2017 at 14:52:42
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Mick - MICK-PC
# Running from : C:\Users\Mick\Desktop\New folder\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files\WinZip Smart Monitor
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: winamp.en.softonic.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [957 Bytes] - [06/05/2017 14:52:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [1256 Bytes] - [06/05/2017 14:48:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1102 Bytes] ##########
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
ComboFix 17-05-04.01 - Mick 05/05/2017  20:23:50.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.24488.21976 [GMT 10:00]
Running from: c:\users\Mick\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Mick\AppData\Local\assembly\tmp
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-05 to 2017-05-05  )))))))))))))))))))))))))))))))
.
.
2017-05-05 10:36 . 2017-05-05 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-05 10:30 . 2017-05-05 10:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3896.dll
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\users\Mick\AppData\Local\GlassWire
2017-05-05 10:20 . 2015-05-29 04:15 33248 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\programdata\GlassWire
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\program files (x86)\GlassWire
2017-05-04 10:05 . 2017-05-04 10:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-05-04 09:50 . 2017-05-04 09:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3672.dll
2017-05-03 10:33 . 2017-05-05 10:31 -------- d-----w- c:\users\Mick\AppData\Local\assembly
2017-05-03 10:12 . 2017-05-05 10:20 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-03 10:11 . 2017-05-05 10:20 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-03 10:11 . 2017-05-05 10:20 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-05-03 10:11 . 2017-05-05 10:20 82720 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-03 10:11 . 2017-03-22 01:02 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-05-03 10:11 . 2017-05-03 10:11 -------- d-----w- c:\program files\Malwarebytes
2017-05-03 03:44 . 2017-05-03 03:52 -------- d-----w- c:\users\Mick\AppData\Local\WinZip
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\program files\WinZip Smart Monitor
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\programdata\WinZip
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\program files\WinZip
2017-05-03 03:40 . 2017-05-03 03:40 -------- d-----w- c:\programdata\UniqueId
2017-05-02 10:58 . 2017-05-02 10:58 -------- d--h--w- c:\programdata\CanonIJScan
2017-05-02 09:19 . 2017-04-06 23:10 12993592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\mpengine.dll
2017-05-01 13:52 . 2017-05-01 13:52 -------- d-----w- c:\program files\PuTTY
2017-04-11 23:04 . 2017-02-23 08:17 136064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2017-04-11 23:04 . 2017-04-11 23:04 -------- d-----w- c:\program files (x86)\VulkanRT
2017-04-11 23:04 . 2017-01-26 00:13 103936 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:12 326656 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-04-11 23:04 . 2017-01-26 00:09 118272 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:09 322560 ----a-w- c:\windows\system32\vulkan-1.dll
2017-04-10 22:55 . 2017-05-05 10:21 -------- d-----w- c:\users\Mick\AppData\Roaming\PIVX
2017-04-10 22:54 . 2017-04-11 15:13 -------- d-----w- c:\program files\Pivx
2017-04-10 22:35 . 2017-04-13 23:53 -------- d-----w- c:\users\Mick\AppData\Local\CrashDumps
2017-04-09 05:41 . 2017-04-09 05:41 -------- d-----w- C:\Tor Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-05 10:20 . 2016-08-18 04:52 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-11 23:05 . 2016-07-07 23:33 148601744 -c--a-w- c:\windows\system32\MRT.exe
2017-03-23 06:06 . 2016-08-18 05:54 521656 ----a-w- c:\windows\system32\OpenCL.dll
2017-03-23 06:05 . 2016-08-18 05:54 429112 ----a-w- c:\windows\SysWow64\OpenCL.dll
2017-03-23 06:04 . 2017-03-23 06:04 34959288 ----a-w- c:\windows\system32\nvoglv64.dll
2017-03-23 06:04 . 2017-03-23 06:04 28232248 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-03-23 06:04 . 2017-03-23 06:04 14437944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-03-23 06:03 . 2017-03-23 06:03 620088 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03 968120 ----a-w- c:\windows\system32\NvIFR64.dll
2017-03-23 06:03 . 2017-03-23 06:03 509496 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03 921144 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-03-23 06:03 . 2017-03-23 06:03 56368 ----a-w- c:\windows\system32\nvhdap64.dll
2017-03-23 06:03 . 2017-03-23 06:03 1608760 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-03-23 06:03 . 2017-03-23 06:03 226232 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-03-23 06:02 . 2017-03-23 06:02 997816 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-03-23 06:02 . 2017-03-23 06:02 1060280 ----a-w- c:\windows\system32\NvFBC64.dll
2017-03-23 06:02 . 2017-03-23 06:02 1598392 ----a-w- c:\windows\system32\nvdispgenco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02 1993784 ----a-w- c:\windows\system32\nvdispco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02 3634104 ----a-w- c:\windows\system32\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02 3194296 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02 40200760 ----a-w- c:\windows\system32\nvcompiler.dll
2017-03-23 06:02 . 2017-03-23 06:02 35281464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-03-23 05:47 . 2016-08-18 05:53 20065848 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-03-23 05:47 . 2017-03-23 05:47 17441120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-03-23 05:47 . 2016-08-18 05:53 505960 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-03-23 05:47 . 2017-03-23 05:47 420736 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-03-23 05:47 . 2017-03-23 05:47 11125136 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47 9077760 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47 19182360 ----a-w- c:\windows\system32\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47 14811968 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47 163448 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-03-23 05:47 . 2017-03-23 05:47 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-03-23 05:47 . 2017-03-23 05:47 180768 ----a-w- c:\windows\system32\nvinitx.dll
2017-03-23 05:47 . 2017-03-23 05:47 702320 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-03-23 05:47 . 2017-03-23 05:47 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-03-23 05:46 . 2017-03-23 05:46 589976 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-03-23 05:46 . 2017-03-23 05:46 517280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-03-23 05:46 . 2017-03-23 05:46 437928 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-03-23 05:46 . 2017-03-23 05:46 16551672 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-03-23 05:46 . 2017-03-23 05:46 13502952 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-03-23 05:46 . 2017-03-23 05:46 11229096 ----a-w- c:\windows\system32\nvcuda.dll
2017-03-23 05:46 . 2017-03-23 05:46 9396624 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-03-23 05:46 . 2016-08-18 05:53 4108520 ----a-w- c:\windows\system32\nvapi64.dll
2017-03-23 05:46 . 2017-03-23 05:46 3623928 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-03-19 14:48 . 2017-03-19 14:48 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-08 04:21 . 2017-04-11 17:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-02-23 08:43 . 2017-02-24 10:26 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-23 08:28 . 2016-08-18 05:54 6401984 ----a-w- c:\windows\system32\nvcpl.dll
2017-02-23 08:28 . 2016-08-18 05:54 2479160 ----a-w- c:\windows\system32\nvsvc64.dll
2017-02-23 08:28 . 2016-08-18 05:54 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2017-02-23 08:28 . 2016-08-18 05:54 69568 ----a-w- c:\windows\system32\nvshext.dll
2017-02-23 08:28 . 2016-08-18 05:54 548288 ----a-w- c:\windows\system32\nv3dappshext.dll
2017-02-23 08:28 . 2016-08-18 05:54 392128 ----a-w- c:\windows\system32\nvmctray.dll
2017-02-23 08:28 . 2016-08-18 05:54 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2017-02-23 06:38 . 2016-08-18 05:54 7807027 ----a-w- c:\windows\system32\nvcoproc.bin
2017-02-22 23:42 . 2017-03-15 10:00 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 10:00 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 10:00 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-15 10:00 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-11 15:58 . 2017-03-15 10:52 462848 ----a-w- c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 10:52 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 10:52 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 10:52 803328 ----a-w- c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 10:52 628736 ----a-w- c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 10:52 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 10:52 40960 ----a-w- c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 10:52 625664 ----a-w- c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 10:52 250880 ----a-w- c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 10:52 481792 ----a-w- c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 10:52 215040 ----a-w- c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 10:52 32768 ----a-w- c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 10:52 1648128 ----a-w- c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 10:52 1180160 ----a-w- c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 10:52 733696 ----a-w- c:\windows\HelpPane.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2016-07-07 399224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-07-05 3948600]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2016-10-30 121688]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2017-03-21 5791696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
.
c:\users\Mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PIVX.lnk - c:\program files\Pivx\pivx-qt.exe -min [2017-4-19 29835280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 CLink4Service;Corsair Link 4;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys [x]
S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 WinZip Smart Monitor Service;WinZip Smart Monitor Service;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - GWDRV
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-08 9068040]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2016-11-08 1476104]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{1c267702-557a-4890-b0dd-4a9edef2a76a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000106
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,dc,27,65,ce,29,00,3e,62,e1,c6,0c,a3,8d,b0,36,97,f1,60,9f,e8,
   da,15,39,bc,61,33,1d,31,72,b2,97,68,0f,77,7a,f2,0a,7d,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-05  20:54:43
ComboFix-quarantined-files.txt  2017-05-05 10:54
.
Pre-Run: 176,136,314,880 bytes free
Post-Run: 175,593,807,872 bytes free
.
- - End Of File - - D614F7A0C7EC6FF5116106D2B68FC1F4
ComboFix 17-05-04.01 - Mick 05/05/2017  20:23:50.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.24488.21976 [GMT 10:00]
Running from: c:\users\Mick\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Mick\AppData\Local\assembly\tmp
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-05 to 2017-05-05  )))))))))))))))))))))))))))))))
.
.
2017-05-05 10:36 . 2017-05-05 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-05 10:30 . 2017-05-05 10:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3896.dll
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\users\Mick\AppData\Local\GlassWire
2017-05-05 10:20 . 2015-05-29 04:15 33248 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\programdata\GlassWire
2017-05-05 10:20 . 2017-05-05 10:20 -------- d-----w- c:\program files (x86)\GlassWire
2017-05-04 10:05 . 2017-05-04 10:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-05-04 09:50 . 2017-05-04 09:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3672.dll
2017-05-03 10:33 . 2017-05-05 10:31 -------- d-----w- c:\users\Mick\AppData\Local\assembly
2017-05-03 10:12 . 2017-05-05 10:20 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-03 10:11 . 2017-05-05 10:20 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-03 10:11 . 2017-05-05 10:20 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-05-03 10:11 . 2017-05-05 10:20 82720 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-03 10:11 . 2017-03-22 01:02 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-05-03 10:11 . 2017-05-03 10:11 -------- d-----w- c:\program files\Malwarebytes
2017-05-03 03:44 . 2017-05-03 03:52 -------- d-----w- c:\users\Mick\AppData\Local\WinZip
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\program files\WinZip Smart Monitor
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\programdata\WinZip
2017-05-03 03:41 . 2017-05-03 03:41 -------- d-----w- c:\program files\WinZip
2017-05-03 03:40 . 2017-05-03 03:40 -------- d-----w- c:\programdata\UniqueId
2017-05-02 10:58 . 2017-05-02 10:58 -------- d--h--w- c:\programdata\CanonIJScan
2017-05-02 09:19 . 2017-04-06 23:10 12993592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\mpengine.dll
2017-05-01 13:52 . 2017-05-01 13:52 -------- d-----w- c:\program files\PuTTY
2017-04-11 23:04 . 2017-02-23 08:17 136064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2017-04-11 23:04 . 2017-04-11 23:04 -------- d-----w- c:\program files (x86)\VulkanRT
2017-04-11 23:04 . 2017-01-26 00:13 103936 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:12 326656 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-04-11 23:04 . 2017-01-26 00:09 118272 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:09 322560 ----a-w- c:\windows\system32\vulkan-1.dll
2017-04-10 22:55 . 2017-05-05 10:21 -------- d-----w- c:\users\Mick\AppData\Roaming\PIVX
2017-04-10 22:54 . 2017-04-11 15:13 -------- d-----w- c:\program files\Pivx
2017-04-10 22:35 . 2017-04-13 23:53 -------- d-----w- c:\users\Mick\AppData\Local\CrashDumps
2017-04-09 05:41 . 2017-04-09 05:41 -------- d-----w- C:\Tor Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-05 10:20 . 2016-08-18 04:52 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-11 23:05 . 2016-07-07 23:33 148601744 -c--a-w- c:\windows\system32\MRT.exe
2017-03-23 06:06 . 2016-08-18 05:54 521656 ----a-w- c:\windows\system32\OpenCL.dll
2017-03-23 06:05 . 2016-08-18 05:54 429112 ----a-w- c:\windows\SysWow64\OpenCL.dll
2017-03-23 06:04 . 2017-03-23 06:04 34959288 ----a-w- c:\windows\system32\nvoglv64.dll
2017-03-23 06:04 . 2017-03-23 06:04 28232248 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-03-23 06:04 . 2017-03-23 06:04 14437944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-03-23 06:03 . 2017-03-23 06:03 620088 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03 968120 ----a-w- c:\windows\system32\NvIFR64.dll
2017-03-23 06:03 . 2017-03-23 06:03 509496 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03 921144 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-03-23 06:03 . 2017-03-23 06:03 56368 ----a-w- c:\windows\system32\nvhdap64.dll
2017-03-23 06:03 . 2017-03-23 06:03 1608760 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-03-23 06:03 . 2017-03-23 06:03 226232 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-03-23 06:02 . 2017-03-23 06:02 997816 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-03-23 06:02 . 2017-03-23 06:02 1060280 ----a-w- c:\windows\system32\NvFBC64.dll
2017-03-23 06:02 . 2017-03-23 06:02 1598392 ----a-w- c:\windows\system32\nvdispgenco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02 1993784 ----a-w- c:\windows\system32\nvdispco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02 3634104 ----a-w- c:\windows\system32\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02 3194296 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02 40200760 ----a-w- c:\windows\system32\nvcompiler.dll
2017-03-23 06:02 . 2017-03-23 06:02 35281464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-03-23 05:47 . 2016-08-18 05:53 20065848 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-03-23 05:47 . 2017-03-23 05:47 17441120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-03-23 05:47 . 2016-08-18 05:53 505960 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-03-23 05:47 . 2017-03-23 05:47 420736 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-03-23 05:47 . 2017-03-23 05:47 11125136 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47 9077760 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47 19182360 ----a-w- c:\windows\system32\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47 14811968 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47 163448 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-03-23 05:47 . 2017-03-23 05:47 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-03-23 05:47 . 2017-03-23 05:47 180768 ----a-w- c:\windows\system32\nvinitx.dll
2017-03-23 05:47 . 2017-03-23 05:47 702320 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-03-23 05:47 . 2017-03-23 05:47 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-03-23 05:46 . 2017-03-23 05:46 589976 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-03-23 05:46 . 2017-03-23 05:46 517280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-03-23 05:46 . 2017-03-23 05:46 437928 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-03-23 05:46 . 2017-03-23 05:46 16551672 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-03-23 05:46 . 2017-03-23 05:46 13502952 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-03-23 05:46 . 2017-03-23 05:46 11229096 ----a-w- c:\windows\system32\nvcuda.dll
2017-03-23 05:46 . 2017-03-23 05:46 9396624 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-03-23 05:46 . 2016-08-18 05:53 4108520 ----a-w- c:\windows\system32\nvapi64.dll
2017-03-23 05:46 . 2017-03-23 05:46 3623928 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-03-19 14:48 . 2017-03-19 14:48 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-08 04:21 . 2017-04-11 17:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-02-23 08:43 . 2017-02-24 10:26 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-23 08:28 . 2016-08-18 05:54 6401984 ----a-w- c:\windows\system32\nvcpl.dll
2017-02-23 08:28 . 2016-08-18 05:54 2479160 ----a-w- c:\windows\system32\nvsvc64.dll
2017-02-23 08:28 . 2016-08-18 05:54 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2017-02-23 08:28 . 2016-08-18 05:54 69568 ----a-w- c:\windows\system32\nvshext.dll
2017-02-23 08:28 . 2016-08-18 05:54 548288 ----a-w- c:\windows\system32\nv3dappshext.dll
2017-02-23 08:28 . 2016-08-18 05:54 392128 ----a-w- c:\windows\system32\nvmctray.dll
2017-02-23 08:28 . 2016-08-18 05:54 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2017-02-23 06:38 . 2016-08-18 05:54 7807027 ----a-w- c:\windows\system32\nvcoproc.bin
2017-02-22 23:42 . 2017-03-15 10:00 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 10:00 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 10:00 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-15 10:00 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-11 15:58 . 2017-03-15 10:52 462848 ----a-w- c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 10:52 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 10:52 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 10:52 803328 ----a-w- c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 10:52 628736 ----a-w- c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 10:52 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 10:52 40960 ----a-w- c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 10:52 625664 ----a-w- c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 10:52 250880 ----a-w- c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 10:52 481792 ----a-w- c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 10:52 215040 ----a-w- c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 10:52 32768 ----a-w- c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 10:52 1648128 ----a-w- c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 10:52 1180160 ----a-w- c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 10:52 733696 ----a-w- c:\windows\HelpPane.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2016-07-07 399224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-07-05 3948600]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2016-10-30 121688]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2017-03-21 5791696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
.
c:\users\Mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PIVX.lnk - c:\program files\Pivx\pivx-qt.exe -min [2017-4-19 29835280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 CLink4Service;Corsair Link 4;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys [x]
S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 WinZip Smart Monitor Service;WinZip Smart Monitor Service;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - GWDRV
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-08 9068040]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2016-11-08 1476104]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{1c267702-557a-4890-b0dd-4a9edef2a76a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000106
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,dc,27,65,ce,29,00,3e,62,e1,c6,0c,a3,8d,b0,36,97,f1,60,9f,e8,
   da,15,39,bc,61,33,1d,31,72,b2,97,68,0f,77,7a,f2,0a,7d,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-05  20:54:43
ComboFix-quarantined-files.txt  2017-05-05 10:54
.
Pre-Run: 176,136,314,880 bytes free
Post-Run: 175,593,807,872 bytes free
.
- - End Of File - - D614F7A0C7EC6FF5116106D2B68FC1F4
 
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64 
Ran by Mick (Administrator) on Sat 06/05/2017 at 14:55:50.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 25 
 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MVHP3XU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4G76OYP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR2P2EIQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ2PE1YE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLE07I3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8E5XDJ2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBI6KJNS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE1SPW2P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mick\desktop\Continue WinZip Installation.lnk (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MVHP3XU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4G76OYP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR2P2EIQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ2PE1YE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLE07I3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8E5XDJ2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBI6KJNS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE1SPW2P (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/05/2017 at 14:57:30.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
KL-Detector has found some suspicious files:
C:\Users\Mick\AppData\Roaming\johnsadventures.com\Background Switcher\Status.xml
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-19-05042017194731123-ntuser.dat
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-21-3605924061-2812923310-3988586812-1000-05042017194719720-ntuser.dat
C:\ProgramData\WinZip\WinZip.addon
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
C:\Windows\inf\setupapi.app.log
C:\ProgramData\NVIDIA Corporation\nvstapisvr\nvstapisvr.log
C:\Users\Mick\Desktop\mbar\system-log.txt
C:\Users\Mick\Desktop\mbar\Data\Configuration\local.conf
C:\ProgramData\ESET\ESET Smart Security\HipsRules.bin
C:\ProgramData\ESET\ESET Smart Security\local.db
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\db53b23fd1edbd46.automaticDestinations-ms
 
Please check; someone might have installed a keylogger on your computer!
 
 
You MAY want to take a look at:
C:\ProgramData\Malwarebytes\MBAMService\
C:\ProgramData\Malwarebytes\
C:\ProgramData\Malwarebytes\MBAMService\config\
C:\ProgramData\WinZip\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\
C:\Users\Mick\AppData\Roaming\PIVX\
C:\Windows\System32\config\
C:\Windows\Temp\
C:\Windows\
C:\Users\Mick\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
C:\Users\Mick\AppData\Local\Temp\
C:\ProgramData\NVIDIA Corporation\nvstapisvr\
C:\Users\Mick\AppData\Local\Microsoft\Windows\
C:\System Volume Information\
C:\Users\Mick\Desktop\mbar\
C:\Users\Mick\AppData\Local\
C:\Users\Mick\Desktop\
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\
C:\ProgramData\ESET\ESET Smart Security\
C:\Users\Mick\AppData\Local\Temp\wz9c7d\NanoWallet\vendors\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
RogueKiller V12.10.7.0 (x64) [May  1 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mick [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/06/2017 14:59:05 (Duration : 00:10:37)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.142.0.51 211.29.132.12 198.142.235.14 ([X][X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\Tcpip\Parameters\Interfaces\{641ef20c-041e-403c-8975-abcb6647535b} | DhcpNameServer : 198.142.0.51 211.29.132.12 198.142.235.14 ([X][X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D873E655-C72A-430D-8A31-C1CA45AC946E} | DhcpNameServer : 198.142.0.51 211.29.132.12 198.142.235.14 ([X][X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D873E655-C72A-430D-8A31-C1CA45AC946E} | DhcpNameServer : 198.142.0.51 211.29.132.12 198.142.235.14 ([X][X][X])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C872A9E1-2164-400B-B617-41821A235FE9} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In) (micke)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CEB5E66E-3E71-4F03-9AA4-5FDBB39EA63B} : v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-Out) (micke)|Desc=Allow µTorrent network traffic| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B5051EF9-5A0F-4019-80B2-16577420BF5C} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In) (micke)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E97FC08-E2A7-406F-AFFA-9F1336E21749} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (micke)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B77A1333-554A-4F51-A016-717978FFD881} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (micke)| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_F65D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {457BD200-7CF0-47E2-9073-7F0314474B4F} : v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\micke\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-Out) (micke)|Desc=Allow µTorrent network traffic| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_H_FA96\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_H_FA96\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: NVMe Samsung SSD 950 SCSI Disk Device +++++
--- User ---
[MBR] a4e7e87d3c10ba1d20eb78ce8fa88607
[BSP] 4bbf40d3367a93169e9e4f0be882a847 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 488384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: WDC WD30EZRX-00DC0B0 ATA Device +++++
--- User ---
[MBR] e1280141d8ed7dac4ef28f1ab0d26fda
[BSP] 5f655b9fe42c4685ed1f7fcba589a6f2 : Empty MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Samsung SSD 850 PRO 256GB ATA Device +++++
--- User ---
[MBR] 35a3ede95f394cfca390b85f5117b746
[BSP] 05621353d5005bb1816ee1beb1b4d612 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 243745 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499191808 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: WDC WD30EZRX-00DC0B0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 2d27f8c087974b861a1bda6cf6f9e5f7
[BSP] c485419eb3345e953243f09011237b59 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive5: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 39f892e3e271b6013e6b2250f568f860
[BSP] 56d64b8375b2a2f5efc1d21da5cdcd41 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive6: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 5318673bb8be204505eb104f947267c3
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7631 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/06/2017 02:58:01 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 05/06/2017 02:58:15 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:37 PM

Posted 09 May 2017 - 07:41 AM

Mickeyspit:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
Please follow the instructions here, in particular. Step :step6:.  Please copy and paste both the contents of the "FRST.txt" log and the "Addition.txt" log into your next reply, or replies.  If the logs are too large, please use separate posts for each log.  This makes it much faster for me to analyze your logs.
 
Once I receive your FRST logs, I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:37 PM

Posted 12 May 2017 - 09:57 AM

MIckeyspit:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:37 PM

Posted 14 May 2017 - 04:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users