Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Urgent - Boot/Rootkits keep infecting my entire network! TR/Crypt.XPACK.gen


  • This topic is locked This topic is locked
2 replies to this topic

#1 misterv

misterv

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 23 May 2017 - 07:44 PM

I've got a problem, a big one! I have had my business shut down for 24+ days because I literally cannot work as my computers keep freezing/crashing/etc. I've lost/spent so much money that I'm literally tapped out, and no money coming in because I haven't been able to work!

 

Symptoms:

The browsers are hijacked and seem to be passing through the attackers MITM servers/botnet. The trojan/worm/virus-from-hell keeps spreading to other machines on the network, and I set up a "quarantine" in the office for the infected PCs. Then set up a new office area for my literally brand new computers. They like immediately got infected. I found database files containing collected CC/Identity/SSN/Passport data and it's RegEx helpers. The Discs/LiveUSBs I've been burning seem to all be injected with malicious code. I also found a little script that interrupts the packets/data stream to the USB device.... ugh.

 

Visiting Facebook reveals this lovely message in the console log:

 

FB.png

"Stop!

This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or "hack" someone's account, it is a scam and will give them access to your Facebook account.

See https://www.facebook.com/selfxss for more information."

 

Using KillDisk seems to have revealed that it was infecting the boot sectors and creating hidden partitions, and malicious code in the "Unallocated Space" on the drives. Even booting without HDDs/CDs/USBs appears to run malicious code too!!

 

I've identified numerous named threats within the quarantined network. I have a network of about 12-ish laptops, workstations, and servers that are all infected.

  • TR/Crypt.XPACK.gen
  • TR/Crypt.XPACK.gen2
  • TR/Crypt.XPACK.gen3
  • TR/Crypt.EPACK.gen2
  • TR/Crypt.CFI.gen
  • TR/Crypt.Dropper.gen

Right now I just need the 2 new PCs up-and-running. This thread is for Laptop #1:

 

FRST Logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by fifi (administrator) on DESKTOP-OJNPSRE (23-05-2017 19:42:16)
Running from C:\Users\fifi\Downloads
Loaded Profiles: fifi (Available Profiles: fifi)
Platform: Windows 10 Enterprise Evaluation Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlms\wlms.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Spotify Ltd) C:\Users\fifi\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\fifi\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\fifi\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\fifi\AppData\Roaming\Spotify\Spotify.exe
(CloudBerry Lab Inc) C:\Program Files\CloudBerryLab\CloudBerry Explorer for Amazon S3\CloudBerry Explorer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Bitdefender LLC) C:\Users\fifi\AppData\Local\Temp\BDUSBImmunizer\BDUSBImmunizer.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(hxxps://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TGitCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Postman) C:\Users\fifi\AppData\Local\Postman\app-4.10.7\Postman.exe
(Postman) C:\Users\fifi\AppData\Local\Postman\app-4.10.7\Postman.exe
(Postman) C:\Users\fifi\AppData\Local\Postman\app-4.10.7\Postman.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(AO Kaspersky Lab) C:\Users\fifi\perfmon\perfmon.exe
(AO Kaspersky Lab) C:\Users\fifi\AppData\Local\Temp\{1326745B-921F-497B-A8AB-CEFD689F81CD}\{EA2BEDD9-A214-4D6F-A832-783708AF3C00}.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Zbshareware Lab)
HKLM\...\Policies\Explorer: [NoViewOnDrive] -29
HKLM\...\Policies\Explorer: [NoDrives] -29
HKU\S-1-5-21-4135826323-1320701853-847076666-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4135826323-1320701853-847076666-1001\...\Run: [Spotify] => C:\Users\fifi\AppData\Roaming\Spotify\Spotify.exe [6997104 2017-05-23] (Spotify Ltd)
HKU\S-1-5-21-4135826323-1320701853-847076666-1001\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\fifi\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-4135826323-1320701853-847076666-1001\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\fifi\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{347f3795-d948-4e4a-92b4-b321d8993148}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-05-23] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-05-23] (LastPass)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Slides) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-23]
CHR Extension: (Postman Interceptor) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmkgpgakddgnaphhhpliifpcfhicfo [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-23]
CHR Extension: (Google Drive) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-23]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-05-23]
CHR Extension: (YouTube) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Google Sheets) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (AdBlock) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-05-23]
CHR Extension: (Credit Card Nanny) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmjpapolbaaddobpnlcjkgchmhhoog [2017-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-23]
CHR Extension: (Gmail) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\fifi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\IntelCpHeciSvc.exe [303072 2017-03-14] (Intel Corporation)
R4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\IntelCpHDCPSvc.exe [480736 2017-03-14] (Intel Corporation)
R4 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\igfxCUIService.exe [341472 2017-03-14] (Intel Corporation)
R4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2017-03-06] (NVIDIA Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WLMS; C:\WINDOWS\system32\wlms\wlms.exe [26112 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusDigi; C:\WINDOWS\System32\drivers\AsusDigiFilter.sys [107000 2016-09-30] (ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-20] (ASUS)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cd0802aadb1c6f8\igdkmd64.sys [11062752 2017-03-14] (Intel Corporation)
S3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_170361c8cdcfe536\nvlddmkm.sys [14359600 2017-05-03] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [51104 2016-08-02] (USBPcap)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 19:36 - 2017-05-23 19:36 - 00030591 _____ C:\Users\fifi\Downloads\Shortcut.txt
2017-05-23 19:34 - 2017-05-23 19:36 - 00029772 _____ C:\Users\fifi\Downloads\Addition.txt
2017-05-23 19:33 - 2017-05-23 19:42 - 00026424 _____ C:\Users\fifi\Downloads\FRST.txt
2017-05-23 19:33 - 2017-05-23 19:42 - 00000000 ____D C:\FRST
2017-05-23 19:32 - 2017-05-23 19:32 - 02429952 _____ (Farbar) C:\Users\fifi\Downloads\FRST64.exe
2017-05-23 19:28 - 2017-05-23 19:28 - 00000000 ____D C:\WINDOWS\pss
2017-05-23 19:25 - 2017-05-23 19:25 - 01668558 _____ C:\TDSSKiller.3.1.0.15_23.05.2017_19.25.10_log.txt
2017-05-23 19:24 - 2017-05-23 19:25 - 00000000 ____D C:\Users\fifi\perfmon
2017-05-23 19:22 - 2017-05-23 19:17 - 04830473 _____ C:\Users\fifi\perfmon.zip
2017-05-23 19:22 - 2017-05-23 19:17 - 04830473 _____ C:\Users\fifi\perfmon.exe
2017-05-23 19:17 - 2017-05-23 19:17 - 04830473 _____ C:\WINDOWS\chrome.exe
2017-05-23 19:15 - 2017-05-23 19:15 - 04830473 _____ C:\WINDOWS\system32\chrome.exe
2017-05-23 19:10 - 2017-05-23 19:11 - 04830473 _____ C:\Users\fifi\Downloads\tdsskiller.zip
2017-05-23 18:49 - 2017-05-23 18:49 - 00001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-05-23 18:49 - 2017-05-23 18:49 - 00001567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-05-23 18:49 - 2017-05-23 18:49 - 00000000 ____D C:\Program Files\USBPcap
2017-05-23 18:48 - 2017-05-23 18:49 - 00000000 ____D C:\Program Files\Wireshark
2017-05-23 18:47 - 2017-05-23 18:47 - 49385272 _____ (Wireshark development team) C:\Users\fifi\Downloads\Wireshark-win64-2.2.6.exe
2017-05-23 18:46 - 2017-05-23 18:46 - 00000438 _____ C:\Users\fifi\Documents\Chrome.checksums.txt
2017-05-23 18:45 - 2017-05-23 18:45 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\fifi\Downloads\WinPcap_4_1_3.exe
2017-05-23 18:45 - 2017-05-23 18:45 - 00000083 _____ C:\Users\fifi\Downloads\WinPcap_4_1_3.exe.sha2_256
2017-05-23 18:45 - 2017-05-23 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-05-23 18:45 - 2017-05-23 18:45 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-05-23 18:02 - 2017-05-23 18:02 - 00000083 _____ C:\Users\fifi\Downloads\InstallDocker.msi.sha2_256
2017-05-23 18:01 - 2017-05-23 18:01 - 111521792 _____ C:\Users\fifi\Downloads\InstallDocker.msi
2017-05-23 16:58 - 2017-05-23 16:58 - 00000000 ____D C:\Users\fifi\Documents\Malware
2017-05-23 16:53 - 2017-05-23 16:53 - 00000000 ____D C:\Users\fifi\AppData\Local\Microsoft_Corporation
2017-05-23 15:39 - 2017-05-23 15:39 - 00000000 ____D C:\Users\fifi\AppData\LocalLow\Temp
2017-05-23 14:18 - 2017-05-23 14:18 - 00003748 _____ C:\WINDOWS\System32\Tasks\Red Giant Link
2017-05-23 14:18 - 2017-05-23 14:18 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Red Giant
2017-05-23 14:18 - 2017-05-23 14:18 - 00000000 ____D C:\Users\fifi\AppData\Local\Tempzxpsign74f2cbbbf822a219
2017-05-23 14:18 - 2017-05-23 14:18 - 00000000 ____D C:\ProgramData\rgt
2017-05-23 14:18 - 2017-05-23 14:18 - 00000000 ____D C:\ProgramData\Red Giant
2017-05-23 14:18 - 2017-05-23 14:18 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2017-05-23 14:17 - 2017-05-23 14:17 - 00000000 ____D C:\Users\fifi\AppData\Local\CloudBerryLab
2017-05-23 14:17 - 2017-05-23 14:17 - 00000000 ____D C:\ProgramData\CloudBerryLab
2017-05-23 14:11 - 2017-05-23 14:11 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2017-05-23 14:11 - 2017-05-23 14:11 - 00000000 ____D C:\Users\fifi\AppData\LocalLow\LastPass
2017-05-23 14:11 - 2017-05-23 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2017-05-23 14:10 - 2017-05-23 14:11 - 00000000 ____D C:\Program Files (x86)\LastPass
2017-05-23 14:10 - 2017-05-23 14:10 - 19120152 _____ (LastPass) C:\Users\fifi\Downloads\lastpass_x64.exe
2017-05-23 14:05 - 2017-05-23 14:05 - 00015013 _____ C:\Users\fifi\Documents\mnemonic-wordlist.txt
2017-05-23 13:21 - 2017-05-23 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloudBerryLab
2017-05-23 13:21 - 2017-05-23 13:21 - 00000000 ____D C:\Program Files\CloudBerryLab
2017-05-23 13:20 - 2017-05-23 13:20 - 10924888 _____ C:\Users\fifi\Downloads\CloudBerryExplorerSetup_v5.1.0.11_netv4.0.exe
2017-05-23 13:00 - 2017-05-23 13:00 - 00000000 ____D C:\ProgramData\Git
2017-05-23 12:59 - 2017-05-23 16:25 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Postman
2017-05-23 12:59 - 2017-05-23 13:00 - 00000000 ____D C:\Program Files\Git
2017-05-23 12:59 - 2017-05-23 12:59 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2017-05-23 12:59 - 2017-05-23 12:59 - 00000000 ____D C:\Users\fifi\AppData\Local\SquirrelTemp
2017-05-23 12:59 - 2017-05-23 12:59 - 00000000 ____D C:\Users\fifi\AppData\Local\Postman
2017-05-23 12:59 - 2017-05-23 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2017-05-23 12:58 - 2017-05-23 12:58 - 37156256 _____ (The Git Development Community ) C:\Users\fifi\Downloads\Git-2.13.0-64-bit.exe
2017-05-23 12:57 - 2017-05-23 12:57 - 69128824 _____ (Postman) C:\Users\fifi\Downloads\Postman-win64-4.10.7-Setup.exe
2017-05-23 12:56 - 2017-05-23 12:56 - 01146312 _____ C:\Users\fifi\Downloads\HashTab_v6.0.0.28_Setup.exe
2017-05-23 12:56 - 2017-05-23 12:56 - 00000000 ____D C:\Program Files\HashTab Shell Extension
2017-05-23 12:55 - 2017-05-23 18:45 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Spotify
2017-05-23 12:55 - 2017-05-23 13:22 - 00000000 ____D C:\Users\fifi\AppData\Local\Spotify
2017-05-23 12:55 - 2017-05-23 12:55 - 00668880 _____ (Spotify Ltd) C:\Users\fifi\Downloads\SpotifySetup.exe
2017-05-23 12:55 - 2017-05-23 12:55 - 00001833 _____ C:\Users\fifi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-05-23 12:16 - 2017-05-23 12:16 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Zbshareware Lab
2017-05-23 12:16 - 2017-05-23 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2017-05-23 12:16 - 2017-05-23 12:16 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-05-23 12:14 - 2017-05-23 12:54 - 00000000 ____D C:\Users\fifi\AppData\Local\TortoiseGit
2017-05-23 12:06 - 2017-05-23 12:06 - 00000000 ____D C:\Users\fifi\AppData\Local\Tempzxpsign46e99c6f9103229d
2017-05-23 12:05 - 2017-05-23 12:05 - 00000000 ____D C:\Users\fifi\AppData\Local\Tempzxpsign74721c3ec2630a56
2017-05-23 12:03 - 2017-05-23 12:03 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe SpeedGrade CC 2015.lnk
2017-05-23 12:01 - 2017-05-23 12:01 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Prelude CC 2017.lnk
2017-05-23 11:59 - 2017-05-23 12:09 - 00001416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
2017-05-23 11:59 - 2017-05-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-05-23 11:57 - 2017-05-23 11:57 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2017.lnk
2017-05-23 11:56 - 2017-05-23 12:11 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2017-05-23 11:53 - 2017-05-23 11:53 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-23 11:52 - 2017-05-23 12:00 - 00000000 ____D C:\Users\fifi\AppData\Local\Google
2017-05-23 11:52 - 2017-05-23 11:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-23 11:52 - 2017-05-23 11:52 - 01130328 _____ (Google Inc.) C:\Users\fifi\Downloads\ChromeSetup.exe
2017-05-23 11:52 - 2017-05-23 11:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-23 11:52 - 2017-05-23 11:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-23 11:52 - 2017-05-23 11:52 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC 2017.lnk
2017-05-23 11:51 - 2017-05-23 11:51 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-05-23 11:49 - 2017-05-23 12:05 - 00000704 _____ C:\Users\fifi\Documents\CIV_LogFile.txt
2017-05-23 11:49 - 2017-05-23 11:49 - 00003630 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OJNPSRE-fifi
2017-05-23 11:49 - 2017-05-23 11:49 - 00000000 ____D C:\Users\fifi\AppData\Roaming\NVIDIA
2017-05-23 11:49 - 2017-05-23 11:49 - 00000000 ____D C:\Users\fifi\AppData\Local\Tempzxpsign028309ad6e5303b0
2017-05-23 11:49 - 2017-05-23 11:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-23 11:48 - 2017-05-23 11:48 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2017-05-23 11:48 - 2017-05-23 11:48 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-05-23 11:48 - 2017-05-23 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
2017-05-23 11:47 - 2017-05-23 11:48 - 00000000 ____D C:\Program Files\TortoiseGit
2017-05-23 11:47 - 2017-05-23 11:47 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2017-05-23 11:46 - 2017-05-23 11:51 - 00000000 ____D C:\Users\fifi\Documents\Adobe
2017-05-23 11:46 - 2017-05-23 11:46 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
2017-05-23 11:45 - 2017-05-23 11:45 - 19988480 _____ C:\Users\fifi\Downloads\TortoiseGit-2.4.0.2-64bit.msi
2017-05-23 11:43 - 2017-05-23 11:43 - 00001273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2017.lnk
2017-05-23 11:43 - 2017-05-23 01:33 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-23 11:40 - 2017-05-23 11:40 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-05-23 11:39 - 2017-05-23 12:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-23 11:38 - 2017-05-23 11:38 - 00000000 ___RD C:\Users\fifi\Creative Cloud Files
2017-05-23 11:38 - 2017-05-23 11:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-23 11:37 - 2017-05-23 12:29 - 00000000 ____D C:\Users\fifi\AppData\Local\CrashDumps
2017-05-23 11:37 - 2017-05-23 11:37 - 00000000 ____D C:\Users\fifi\AppData\Local\DBG
2017-05-23 11:37 - 2017-05-23 11:37 - 00000000 ____D C:\Users\fifi\AppData\Local\CEF
2017-05-23 11:36 - 2017-05-23 11:36 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-23 11:35 - 2017-05-23 12:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-23 11:35 - 2017-05-23 11:40 - 00000000 ____D C:\ProgramData\Adobe
2017-05-23 11:34 - 2017-05-23 18:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-23 11:34 - 2017-05-23 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-05-23 11:34 - 2017-05-23 12:12 - 00000000 ____D C:\Users\fifi\AppData\Local\Adobe
2017-05-23 11:34 - 2017-05-23 12:04 - 00000000 ____D C:\Program Files\Adobe
2017-05-23 11:34 - 2017-05-23 11:34 - 00000000 ____D C:\ProgramData\RedGiant
2017-05-23 11:34 - 2017-05-23 11:34 - 00000000 ____D C:\Program Files\Red Giant
2017-05-23 11:34 - 2017-05-23 11:34 - 00000000 ____D C:\Program Files (x86)\Red Giant
2017-05-23 11:34 - 2017-05-23 11:34 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2017-05-23 11:34 - 2017-01-30 13:10 - 64336384 _____ (Red Giant LLC) C:\WINDOWS\system32\MBLooks4UI_x64.dll
2017-05-23 11:34 - 2016-12-01 18:43 - 14733824 _____ C:\WINDOWS\system32\UniChooser.dll
2017-05-23 11:34 - 2016-12-01 18:43 - 13148672 _____ (Red Giant Software) C:\WINDOWS\system32\Gpu_Shader_Engine_x64.dll
2017-05-23 11:34 - 2016-12-01 18:43 - 05528064 _____ (Noesis Technologies) C:\WINDOWS\system32\Noesis.dll
2017-05-23 11:33 - 2017-05-23 11:33 - 146818768 _____ C:\Users\fifi\Downloads\MBSuite_Win_Full_13.0.3.zip
2017-05-23 11:33 - 2017-05-23 11:33 - 00814168 _____ (Adobe Systems Incorporated) C:\Users\fifi\Downloads\CreativeCloudSet-Up.exe
2017-05-23 11:33 - 2017-05-23 11:33 - 00000000 ____D C:\Users\fifi\Downloads\MBSuite_Win_Full_13.0.3
2017-05-23 01:44 - 2017-05-23 01:44 - 00034778 _____ C:\Users\fifi\Downloads\Black Vipers Windows 10 Service Configurations  Black Viper  www.blackviper.com.csv
2017-05-23 01:41 - 2017-05-23 01:42 - 00979572 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_22.41.53_log.txt
2017-05-23 01:40 - 2017-05-23 01:40 - 00054138 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_22.40.08_log.txt
2017-05-23 01:39 - 2017-05-23 01:40 - 00000000 ____D C:\WINDOWS\myshell
2017-05-23 01:39 - 2017-05-23 01:39 - 04922400 _____ (AO Kaspersky Lab) C:\Users\fifi\Downloads\svchost.exe
2017-05-23 01:38 - 2017-05-23 01:38 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\fifi\Downloads\iExplore.exe
2017-05-23 01:36 - 2017-03-06 04:40 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-23 01:34 - 2017-05-23 01:41 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-23 01:34 - 2017-05-23 01:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-23 01:34 - 2017-05-23 01:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-23 01:34 - 2017-05-23 01:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-23 01:34 - 2017-03-06 05:03 - 06399544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 02478136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-23 01:34 - 2017-03-06 05:03 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-23 01:34 - 2017-03-06 04:59 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat.disabled
2017-05-23 01:34 - 2017-03-03 21:58 - 07780217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-23 01:27 - 2017-05-23 01:36 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-23 01:27 - 2017-05-23 01:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-23 01:27 - 2017-05-23 01:27 - 00000000 ____D C:\Users\fifi\AppData\Local\MicrosoftEdge
2017-05-23 01:27 - 2016-11-22 20:23 - 00271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-23 01:27 - 2016-11-22 20:23 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-23 01:27 - 2016-11-22 20:22 - 00265504 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-23 01:27 - 2016-11-22 20:22 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-23 01:26 - 2017-05-23 01:41 - 00000000 __SHD C:\Users\fifi\IntelGraphicsProfiles
2017-05-23 01:26 - 2017-05-23 01:26 - 00000000 ____D C:\Program Files\Intel
2017-05-23 01:26 - 2017-05-23 01:26 - 00000000 ____D C:\Program Files (x86)\Intel
2017-05-23 01:26 - 2017-05-23 01:26 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-05-23 01:26 - 2017-03-14 05:55 - 00113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-05-23 01:25 - 2017-05-23 01:25 - 00003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-05-23 01:25 - 2017-05-23 01:25 - 00003196 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____D C:\WINDOWS\system32\DAX3
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____D C:\Program Files\Realtek
2017-05-23 01:25 - 2017-05-23 01:25 - 00000000 ____D C:\Charlie
2017-05-23 01:24 - 2017-05-23 01:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 01:22 - 2017-05-23 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-05-23 01:22 - 2017-05-23 01:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 01:22 - 2017-05-23 01:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-05-23 01:22 - 2016-03-10 17:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-23 01:22 - 2016-03-10 17:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-05-23 01:22 - 2016-03-10 17:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-23 00:27 - 2017-05-23 00:27 - 00139296 _____ C:\Users\fifi\Documents\HKEY_CLASSES_ROOT-Local Settings-MuiCache-152C64B7E.reg
2017-05-22 23:42 - 2017-05-22 23:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-22 23:42 - 2017-05-22 23:42 - 00000000 ____D C:\Windows.old
2017-05-22 23:20 - 2017-05-22 23:20 - 00000000 ____D C:\Users\fifi\AppData\Local\Comms
2017-05-22 23:05 - 2017-05-23 11:44 - 00000000 ___RD C:\Users\fifi\OneDrive
2017-05-22 23:05 - 2017-05-22 23:05 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-22 23:04 - 2017-05-23 14:10 - 00000000 ____D C:\Users\fifi\AppData\Roaming\Adobe
2017-05-22 23:04 - 2017-05-23 11:30 - 00000000 ____D C:\Users\fifi\AppData\Local\Packages
2017-05-22 23:04 - 2017-05-22 23:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-22 23:04 - 2017-05-22 23:04 - 00000000 ____D C:\Users\fifi\AppData\Local\VirtualStore
2017-05-22 23:04 - 2017-05-22 23:04 - 00000000 ____D C:\Users\fifi\AppData\Local\TileDataLayer
2017-05-22 23:04 - 2017-05-22 23:04 - 00000000 ____D C:\Users\fifi\AppData\Local\Publishers
2017-05-22 23:04 - 2017-05-22 23:04 - 00000000 ____D C:\Users\fifi\AppData\Local\ConnectedDevicesPlatform
2017-05-22 23:03 - 2017-05-23 19:24 - 00000000 ____D C:\Users\fifi
2017-05-22 23:03 - 2017-05-22 23:03 - 00000020 ___SH C:\Users\fifi\ntuser.ini
2017-05-22 23:03 - 2017-05-22 23:03 - 00000000 _SHDL C:\Users\fifi\My Documents
2017-05-22 23:03 - 2017-05-22 23:03 - 00000000 _SHDL C:\Users\fifi\Documents\My Videos
2017-05-22 23:03 - 2017-05-22 23:03 - 00000000 _SHDL C:\Users\fifi\Documents\My Pictures
2017-05-22 23:03 - 2017-05-22 23:03 - 00000000 _SHDL C:\Users\fifi\Documents\My Music
2017-05-22 22:55 - 2017-05-22 22:55 - 00000000 ____D C:\ProgramData\USOShared
2017-05-22 22:49 - 2017-05-23 01:47 - 00921578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-22 22:47 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-05-22 22:45 - 2017-05-22 22:45 - 00000000 ____D C:\WINDOWS\CSC
2017-05-22 22:44 - 2017-05-23 01:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-22 22:43 - 2017-05-23 15:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-22 22:43 - 2017-05-22 22:45 - 00217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-22 22:43 - 2017-05-22 22:43 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-22 19:28 - 2017-05-22 22:45 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-22 16:36 - 2017-05-22 16:36 - 00285112 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_16.36.21_log.txt
2017-05-22 15:09 - 2017-05-22 15:40 - 00000256 _____ C:\MBL_AE_LogFile.txt
2017-05-22 15:09 - 2017-05-22 15:36 - 00000000 _____ C:\MBLPluginLog.txt
2017-05-22 14:55 - 2017-05-22 14:55 - 00000000 ____D C:\ESD
2017-05-22 14:47 - 2017-05-22 14:47 - 00000000 ___HD C:\$Windows.~WS
2017-05-22 14:46 - 2017-05-22 14:46 - 00000000 ____D C:\MBSuite_Win_Full
2017-05-22 14:42 - 2017-05-22 14:45 - 146818768 _____ C:\MBSuite_Win_Full.zip
2017-05-22 13:17 - 2017-05-22 13:17 - 00007468 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_13.17.16_log.txt
2017-05-22 13:11 - 2017-05-22 13:11 - 01011705 _____ C:\Android permissions explained, security tips, and avoiding malware  Android Forums.mht
2017-05-22 13:09 - 2017-05-22 13:09 - 00001049 _____ C:\malbytcham-2.txt
2017-05-22 12:42 - 2017-05-22 12:42 - 00001049 _____ C:\malbytcham-1.txt
2017-05-22 12:36 - 2017-05-22 12:36 - 00001048 _____ C:\malbytcham.txt
2017-05-22 12:32 - 2017-05-22 12:32 - 00000000 ____D C:\mbam-chameleon-3.1.33.0
2017-05-22 12:31 - 2017-05-22 12:32 - 06705178 _____ C:\mbam-chameleon-3.1.33.0.zip
2017-05-22 12:27 - 2017-05-22 12:27 - 01578524 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_12.27.01_log.txt
2017-05-22 10:09 - 2017-05-22 10:09 - 00919296 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_10.09.09_log.txt
2017-05-22 10:08 - 2017-05-22 10:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-05-22 10:07 - 2017-05-22 10:08 - 00283832 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_10.07.30_log.txt
2017-05-22 06:46 - 2017-05-22 06:46 - 00282912 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_06.46.14_log.txt
2017-05-19 18:39 - 2017-05-19 18:39 - 00000000 _SHDL C:\Documents and Settings
2017-05-19 18:29 - 2017-05-22 22:44 - 00000000 ____D C:\Intel
2017-05-19 14:48 - 2017-05-19 14:59 - 00000000 ___HD C:\$SysReset
2017-05-03 15:23 - 2017-05-03 15:23 - 34722352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-03 15:23 - 2017-05-03 15:23 - 28212152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-03 15:22 - 2017-05-03 15:22 - 00958000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-03 15:22 - 2017-05-03 15:22 - 00446904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-03 15:22 - 2017-05-03 15:22 - 00397752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-03 15:21 - 2017-05-03 15:21 - 00907704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-03 15:20 - 2017-05-03 15:20 - 01600048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437705.dll
2017-05-03 15:20 - 2017-05-03 15:20 - 01050552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-03 15:20 - 2017-05-03 15:20 - 00988088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-03 15:19 - 2017-05-03 15:19 - 02957752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-03 15:19 - 2017-05-03 15:19 - 02596400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-03 15:19 - 2017-05-03 15:19 - 01992120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437705.dll
2017-05-03 15:18 - 2017-05-03 15:18 - 40134192 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-05-03 15:18 - 2017-05-03 15:18 - 35231672 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-03 15:09 - 2017-05-03 15:09 - 11017016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-03 15:09 - 2017-05-03 15:09 - 10910312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-03 15:09 - 2017-05-03 15:09 - 09250656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-03 15:09 - 2017-05-03 15:09 - 09000656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-03 15:09 - 2017-05-03 15:09 - 00698544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 10456408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 08849064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 03516952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00818496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00817472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00658584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00656864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00586784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00407056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-03 15:08 - 2017-05-03 15:08 - 00339656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 19:36 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-23 12:19 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-23 11:42 - 2017-03-18 17:03 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-23 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-23 11:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-23 11:30 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 11:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-23 01:48 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-23 01:40 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-23 01:34 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-22 23:43 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-22 23:42 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-22 22:55 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-22 22:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-22 22:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-05-22 22:46 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-22 22:45 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-22 22:44 - 2017-03-18 22:36 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-22 22:44 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-05-22 22:44 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-05-22 22:44 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-22 22:44 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-22 22:44 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-19 20:08 - 2016-12-29 16:27 - 00000000 __SHD C:\aws
2017-05-19 18:31 - 2016-12-29 16:59 - 00000000 ____D C:\eSupport
2017-05-03 15:08 - 2017-01-17 08:50 - 03981464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-03 11:52 - 2017-01-17 04:37 - 00042388 _____ C:\WINDOWS\system32\nvinfo.pb
 
==================== Files in the root of some directories =======
 
2017-05-23 01:25 - 2017-05-23 01:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\fifi\perfmon.exe
 
 
Some files in TEMP:
====================
2017-05-23 13:05 - 2017-05-23 13:05 - 0010240 _____ (https://tortoisegit.org/) C:\Users\fifi\AppData\Local\Temp\REx1344.exe
2017-05-23 11:48 - 2017-05-23 11:48 - 0010240 _____ (https://tortoisegit.org/) C:\Users\fifi\AppData\Local\Temp\REx87C2.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
safeboot: Network => The system is configured to boot to Safe Mode <===== ATTENTION
 
LastRegBack: 2017-05-22 22:43
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 28 May 2017 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647486 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 02 June 2017 - 07:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users