Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmartService preventing me from downloading antivirus/malware software


  • This topic is locked This topic is locked
5 replies to this topic

#1 LoveableNagato

LoveableNagato

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 16 June 2017 - 08:10 PM

Every time a try to install Malware Bytes i get a message saying "The requested resource is in use". Thinking this was just MB i decided to try Avast and got the same message. After Googling the message i discovered it was a trojan named SmartService that prevents the download and use of antivirus and antimalware services. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Derek (administrator) on DESKTOP-ICJ98B2 (16-06-2017 20:52:46)
Running from C:\Users\Derek\Downloads
Loaded Profiles: Derek (Available Profiles: Derek)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\BinEssentials\BinEssentials1110\BinEssentials.exe
() C:\Windows\BugFixxer1004\BugFixxer.exe
() C:\Program Files (x86)\dataup\dataup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Windows\WinEssentials\166171\WinEssentials.exe
() C:\Windows\WinInfos\166171\WinInfos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\System32\tprdpw64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Derek\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5430272 2007-10-25] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] () <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation)
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [Discord] => C:\Users\Derek\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [BitTorrent] => C:\Users\Derek\AppData\Roaming\BitTorrent\BitTorrent.exe [2142920 2016-10-02] (BitTorrent Inc.)
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7702528 2016-04-18] () <===== ATTENTION
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-399855792-3414593640-175570394-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_126_pepper.exe [1280000 2017-06-15] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-15]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-09-02]
ShortcutTarget: Curse.lnk -> C:\Users\Derek\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-399855792-3414593640-175570394-1001\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{510683fc-609f-4369-9c37-a4f87c61a73f}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{8ba3d4e7-da07-46e2-ab6d-27a2e17e7aac}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{bdcda87d-326c-4be7-be25-ceaffed4de53}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{f77ed905-28d6-4b6b-b7be-bf86544969d4}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-399855792-3414593640-175570394-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231951557115771&GUID=9CD096B2-024C-48F4-B057-DAF11AA0825C
SearchScopes: HKU\S-1-5-21-399855792-3414593640-175570394-1001 -> {97FC5833-9944-4593-83DA-42EA2E787E61} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://twitter.com/","hxxp://www.reddit.com/","hxxp://www.facebook.com/","hxxp://www.youtube.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311256&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KfnG8vMCKm3vGZa%2FXNlWNwBYQo8rzlVCY9nrbA3FX%2FdmWW%2FJhE1H%2BWigE7rmTlkgE0iRqYghcjd7ynvsqtEC7fvV7ZASDmeH4IUZUQk%2BKslBUT9twM59uhvJr8VHZmRyZxRRo5qvO38Gwr2tLAUvdaBDZcRyyiC3XrjqOBRlw1M6HRznbbwDZIm2hAtle5uY%3D"
CHR Profile: C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Google Slides) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-14]
CHR Extension: (Google Docs) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-14]
CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-14]
CHR Extension: (YouTube) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Adblock Plus) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-28]
CHR Extension: (Google Sheets) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (AdBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Yahoo Partner) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <===== ATTENTION
 
R2 BinEssentials; C:\Windows\BinEssentials\BinEssentials1110\BinEssentials.exe [6656 2016-05-23] () [File not signed]
R2 BugFixxer; C:\Windows\BugFixxer1004\BugFixxer.exe [6144 2016-04-23] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-21] (Electronic Arts)
S2 Policies; C:\Windows\SysWOW64\Policies2023\Policies.exe [44032 2016-05-10] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 WinEssentials; C:\Windows\WinEssentials\166171\WinEssentials.exe [9728 2016-06-17] () [File not signed]
R2 WinInfos; C:\Windows\WinInfos\166171\WinInfos.exe [23040 2016-06-17] () [File not signed]
S4 BstHdAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [X]
S4 BstHdPlusAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe" BstHdPlusAndroidSvc Android [X]
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe" [X]
S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [133064 2016-05-27] (BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
S3 BstkDrv; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [X]
R5 drmkpro64;  <===== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 20:52 - 2017-06-16 20:55 - 00018051 _____ C:\Users\Derek\Downloads\FRST.txt
2017-06-16 20:52 - 2017-06-16 20:52 - 02438656 _____ (Farbar) C:\Users\Derek\Downloads\FRST64.exe
2017-06-16 20:52 - 2017-06-16 20:52 - 00000000 ____D C:\FRST
2017-06-16 20:50 - 2017-06-16 20:50 - 01777152 _____ (Farbar) C:\Users\Derek\Downloads\FRST.exe
2017-06-16 16:18 - 2017-06-16 16:18 - 00494076 _____ C:\WINDOWS\Minidump\061617-26015-01.dmp
2017-06-15 22:09 - 2017-06-16 00:47 - 00000000 ____D C:\ESD
2017-06-15 22:09 - 2017-06-15 22:09 - 00000000 ___HD C:\$Windows.~WS
2017-06-15 22:08 - 2017-06-15 22:08 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-15 22:07 - 2017-06-15 22:07 - 18357776 _____ (Microsoft Corporation) C:\Users\Derek\Downloads\MediaCreationTool.exe
2017-06-15 21:37 - 2017-06-15 21:38 - 00582988 _____ C:\WINDOWS\Minidump\061517-30062-01.dmp
2017-06-15 20:44 - 2017-06-15 22:03 - 3839586304 _____ C:\Users\Derek\Downloads\en_windows_10_education_version_1511_x64_dvd_7223856.iso
2017-06-14 23:18 - 2017-06-15 22:09 - 00000440 __RSH C:\ProgramData\ntuser.pol
2017-06-14 23:18 - 2017-06-14 23:18 - 00954488 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Derek\Downloads\rufus-2.15.exe
2017-06-14 23:10 - 2017-06-14 23:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Derek\Downloads\rkill.com
2017-06-14 23:09 - 2017-06-14 23:09 - 00912452 _____ C:\Users\Derek\Downloads\rkill.zip
2017-06-14 23:06 - 2017-06-14 23:07 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Derek\Downloads\mbar-1.09.3.1001.exe
2017-06-14 23:02 - 2017-06-14 23:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Derek\Downloads\iExplore.exe
2017-06-14 23:02 - 2017-06-14 23:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Derek\Downloads\iExplore (1).exe
2017-06-14 23:01 - 2017-06-14 23:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Derek\Downloads\rkill.exe
2017-06-14 22:58 - 2017-06-14 22:58 - 06919904 _____ (AVAST Software) C:\Users\Derek\Downloads\avast_free_antivirus_setup_online_b1f.exe
2017-06-14 20:37 - 2017-06-15 20:37 - 05409792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-06-13 23:15 - 2017-06-13 23:15 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 21:59 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:59 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 21:59 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 21:59 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 21:59 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 21:59 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 21:59 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 21:59 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:59 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 21:59 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:59 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 21:59 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 21:59 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 21:59 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 21:59 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:59 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 21:59 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 21:59 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 21:59 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 21:59 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 21:59 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 21:59 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 21:59 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 21:59 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 21:59 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 21:59 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 21:59 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:59 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 21:59 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 21:59 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 21:59 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 21:59 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 21:59 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 21:59 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 21:59 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:59 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 21:59 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 21:59 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 21:59 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 21:59 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 21:59 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:59 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 21:59 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 21:59 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 21:59 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 21:59 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 21:59 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:59 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 21:59 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 21:59 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:59 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 21:59 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 21:59 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:59 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 21:59 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 21:59 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 21:59 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 21:59 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 21:59 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 21:59 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 21:59 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 21:59 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 21:59 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:59 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 21:59 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 21:59 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 21:59 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 21:59 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 21:59 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 21:59 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 21:59 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:59 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 21:59 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 21:59 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 21:59 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 21:59 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 21:59 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 21:59 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 21:59 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:59 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 21:59 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 21:59 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 21:59 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 21:59 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:59 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:59 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 21:59 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 21:59 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 21:59 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:59 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:59 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:59 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 21:59 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 21:59 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 21:59 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:59 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-13 21:59 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:59 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 21:59 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 21:59 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:59 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 21:59 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:59 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 21:59 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 21:59 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 21:59 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:59 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:59 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 21:59 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 21:59 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:59 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:59 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:59 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 21:59 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:59 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 21:59 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:59 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:59 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:59 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 21:59 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 21:59 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 21:59 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 21:59 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 21:59 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 21:59 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 21:58 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 21:58 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 21:58 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 21:02 - 2017-06-13 21:03 - 00655372 _____ C:\WINDOWS\Minidump\061317-26453-01.dmp
2017-06-12 00:03 - 2017-06-16 01:55 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-11 20:18 - 2017-06-11 20:18 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Derek\Downloads\Antivirus_Free_1896 (1).exe
2017-06-11 15:43 - 2017-06-11 15:43 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Derek\Downloads\Antivirus_Free_1896.exe
2017-06-10 17:52 - 2017-06-10 17:52 - 00070140 _____ C:\Users\Derek\Desktop\DxDiag.txt
2017-06-10 17:45 - 2017-06-10 17:45 - 00017096 _____ C:\Users\Derek\Desktop\Process.txt
2017-06-08 05:42 - 2017-06-08 05:42 - 00514588 _____ C:\WINDOWS\Minidump\060817-27203-01.dmp
2017-06-08 00:30 - 2017-06-08 00:30 - 00520452 _____ C:\WINDOWS\Minidump\060817-32656-01.dmp
2017-06-08 00:03 - 2017-06-08 00:03 - 00000000 ____D C:\Users\Derek\Documents\League of Legends
2017-06-07 23:43 - 2017-06-08 00:04 - 00001749 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-06-07 23:43 - 2017-06-07 23:43 - 00000000 ____D C:\Riot Games
2017-06-07 23:43 - 2017-06-07 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-06-07 23:39 - 2017-06-07 23:41 - 28411368 _____ (Riot Games) C:\Users\Derek\Downloads\LeagueofLegends_NA_Installer_2016_05_13 (1).exe
2017-06-07 23:07 - 2017-06-07 23:07 - 00000000 ____D C:\Users\Derek\RADS
2017-06-07 23:07 - 2017-06-07 23:07 - 00000000 _____ C:\Users\Derek\SOFT_REPAIR
2017-06-06 20:46 - 2017-06-06 20:46 - 00022317 _____ C:\Users\Derek\Downloads\Champion spreadsheet - updated with base stats.xlsx
2017-06-06 03:07 - 2017-06-06 03:07 - 00017533 _____ C:\Users\Derek\Downloads\Champion spreadsheet.xlsx
2017-06-06 02:26 - 2017-06-06 02:26 - 06976143 _____ C:\Users\Derek\Downloads\Pokemon - Emerald Version (USA, Europe).zip
2017-06-06 02:26 - 2017-06-06 02:26 - 00000000 ____D C:\Users\Derek\Downloads\Pokemon - Emerald Version (USA, Europe)
2017-06-06 02:25 - 2017-06-06 02:25 - 06978335 _____ C:\Users\Derek\Downloads\Pokemon - Emerald Version (U) (2).zip
2017-06-06 02:25 - 2017-06-06 02:25 - 00143976 _____ (SoftwareX Corp) C:\Users\Derek\Downloads\PrimeUpdate.exe
2017-06-06 02:13 - 2017-06-06 02:13 - 00095603 _____ C:\Users\Derek\Downloads\tsukuyomi_v01 (1).zip
2017-06-06 02:12 - 2017-06-06 02:13 - 00000000 ____D C:\Users\Derek\Downloads\tsukuyomi_v01
2017-06-06 02:12 - 2017-06-06 02:12 - 00095603 _____ C:\Users\Derek\Downloads\tsukuyomi_v01.zip
2017-06-06 02:07 - 2017-06-06 02:20 - 00000000 ____D C:\Users\Derek\Downloads\Pokemon - Emerald Version (U) (1)
2017-06-06 02:06 - 2017-06-06 02:06 - 13958095 _____ C:\Users\Derek\Downloads\Pokemon - Emerald Version (U) (1).zip
2017-06-06 02:03 - 2017-06-06 02:04 - 06976137 _____ C:\Users\Derek\Downloads\1986 - Pokemon Emerald (U)(TrashMan).zip
2017-06-06 02:01 - 2017-06-06 02:02 - 23433671 _____ C:\Users\Derek\Downloads\Pokemon League of Legends.ups
2017-06-06 01:59 - 2017-06-06 01:59 - 00057498 _____ C:\Users\Derek\Downloads\NUPS.zip
2017-06-05 19:35 - 2017-06-05 19:35 - 00514580 _____ C:\WINDOWS\Minidump\060517-28140-01.dmp
2017-06-05 16:24 - 2017-06-05 16:24 - 02959376 _____ (Microsoft Corporation) C:\Users\Derek\Downloads\dotnetfx35setup (1).exe
2017-06-05 15:46 - 2017-06-05 15:46 - 00016283 _____ C:\Users\Derek\Downloads\EntranceCounseling_Summary.xls
2017-06-05 02:52 - 2017-06-05 02:52 - 00461868 _____ C:\WINDOWS\Minidump\060517-27546-01.dmp
2017-06-04 23:04 - 2017-06-04 23:04 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-06-04 23:04 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-04 23:04 - 2017-05-03 16:16 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-06-04 23:04 - 2017-05-03 16:16 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-06-04 23:04 - 2017-05-03 16:16 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-06-04 23:04 - 2017-05-03 16:16 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-06-04 23:04 - 2017-05-03 16:16 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-06-04 23:04 - 2017-05-03 15:28 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-04 23:03 - 2017-06-04 23:03 - 02959376 _____ (Microsoft Corporation) C:\Users\Derek\Downloads\dotnetfx35setup.exe
2017-06-04 23:03 - 2017-05-03 16:16 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-04 23:03 - 2017-05-03 16:16 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-04 23:03 - 2017-05-03 16:16 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-04 23:03 - 2017-05-03 16:16 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-06-04 23:00 - 2017-06-04 23:01 - 86191168 _____ (NVIDIA Corporation) C:\Users\Derek\Downloads\GeForce_Experience_v3.6.0.74.exe
2017-06-04 17:56 - 2017-06-04 17:57 - 00550252 _____ C:\WINDOWS\Minidump\060417-25656-01.dmp
2017-06-02 14:13 - 2017-06-07 23:40 - 00000000 __SHD C:\AI_RecycleBin
2017-06-01 09:06 - 2017-06-01 09:07 - 00501396 _____ C:\WINDOWS\Minidump\060117-23468-01.dmp
2017-06-01 01:26 - 2017-06-01 01:27 - 00526812 _____ C:\WINDOWS\Minidump\060117-26562-01.dmp
2017-05-30 19:00 - 2017-05-30 19:00 - 00460340 _____ C:\WINDOWS\Minidump\053017-30171-01.dmp
2017-05-29 16:58 - 2017-05-29 16:58 - 00523308 _____ C:\WINDOWS\Minidump\052917-28015-01.dmp
2017-05-26 23:27 - 2017-05-26 23:27 - 00001291 _____ C:\Users\Derek\Desktop\Google Chrome.lnk
2017-05-26 13:29 - 2017-05-26 13:29 - 00521300 _____ C:\WINDOWS\Minidump\052617-27296-01.dmp
2017-05-25 16:51 - 2017-05-25 16:51 - 00515964 _____ C:\WINDOWS\Minidump\052517-26906-01.dmp
2017-05-25 07:04 - 2017-05-25 07:05 - 00521836 _____ C:\WINDOWS\Minidump\052517-31906-01.dmp
2017-05-24 00:42 - 2017-05-24 00:42 - 00515660 _____ C:\WINDOWS\Minidump\052417-26078-01.dmp
2017-05-23 20:00 - 2017-05-23 20:00 - 00645196 _____ C:\WINDOWS\Minidump\052317-31781-01.dmp
2017-05-22 01:31 - 2017-05-22 01:31 - 00525916 _____ C:\WINDOWS\Minidump\052217-27859-01.dmp
2017-05-20 19:40 - 2017-05-20 19:40 - 00000000 ____D C:\Users\Derek\Documents\Dolphin Emulator
2017-05-20 02:18 - 2017-05-20 02:19 - 00532820 _____ C:\WINDOWS\Minidump\052017-25781-01.dmp
2017-05-19 02:37 - 2017-05-19 02:38 - 00475852 _____ C:\WINDOWS\Minidump\051917-27500-01.dmp
2017-05-18 05:12 - 2017-05-18 05:13 - 00522036 _____ C:\WINDOWS\Minidump\051817-22750-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 20:54 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 20:49 - 2016-09-15 15:22 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-16 20:45 - 2016-09-15 15:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-16 20:35 - 2016-05-15 00:44 - 01819302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-16 20:31 - 2016-09-15 15:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-16 20:27 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-16 16:38 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 16:32 - 2016-09-15 15:26 - 00000000 ____D C:\Users\Derek
2017-06-16 16:18 - 2017-02-13 12:58 - 853095291 _____ C:\WINDOWS\MEMORY.DMP
2017-06-16 16:18 - 2017-02-13 12:58 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-16 00:47 - 2016-09-15 19:18 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-15 23:35 - 2016-09-15 15:46 - 00003828 _____ C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan
2017-06-15 23:35 - 2016-09-15 15:46 - 00003674 _____ C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan
2017-06-15 23:35 - 2016-06-21 22:46 - 00000000 ____D C:\Program Files (x86)\DriverRestore
2017-06-15 22:09 - 2016-09-15 15:47 - 00012339 _____ C:\WINDOWS\diagwrn.xml
2017-06-15 22:09 - 2016-09-15 15:47 - 00009528 _____ C:\WINDOWS\diagerr.xml
2017-06-15 21:39 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 21:19 - 2016-06-15 14:30 - 00000000 ____D C:\Users\Derek\AppData\Local\CrashDumps
2017-06-15 20:40 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 20:37 - 2017-03-12 16:17 - 00004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-15 20:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-15 20:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-14 23:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-14 23:18 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-14 22:58 - 2016-05-17 20:33 - 00002634 _____ C:\Users\Derek\Downloads\vba1.ini
2017-06-14 17:48 - 2016-02-13 09:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 23:43 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 23:16 - 2016-09-15 15:19 - 00258752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-13 23:15 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-13 23:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 23:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 22:14 - 2016-05-15 03:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 22:11 - 2016-05-15 03:29 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-11 21:24 - 2017-02-11 01:06 - 00000000 ____D C:\Program Files (x86)\CPU Thermometer
2017-06-11 21:10 - 2017-03-12 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-06-11 19:59 - 2016-06-27 01:12 - 00000000 ____D C:\Users\Derek\AppData\Roaming\obs-studio
2017-06-11 19:59 - 2016-05-14 23:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-07 23:44 - 2016-05-15 00:46 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Riot Games
2017-06-07 12:25 - 2016-05-14 22:58 - 00000000 ____D C:\Users\Derek\AppData\Local\NVIDIA Corporation
2017-06-06 21:03 - 2016-08-03 01:18 - 00000000 ____D C:\Users\Derek\Downloads\1986 - Pokemon Emerald (U)(TrashMan)
2017-06-06 02:20 - 2016-05-17 20:32 - 01380476 _____ (None) C:\Users\Derek\Downloads\VisualBoyAdvance-1.8.0-511.exe
2017-06-04 23:05 - 2016-09-15 15:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-04 23:04 - 2016-09-15 15:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-04 23:04 - 2016-09-15 15:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-04 23:04 - 2016-05-14 22:57 - 00000000 ____D C:\Users\Derek\AppData\Local\NVIDIA
2017-06-04 23:04 - 2016-05-14 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-03 02:36 - 2016-12-21 00:01 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:36 - 2016-12-21 00:01 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 01:17 - 2016-07-01 22:24 - 00000000 ____D C:\Users\Derek\AppData\Local\Battle.net
2017-05-31 23:22 - 2016-07-01 23:01 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-31 23:16 - 2016-10-02 18:40 - 00000000 ____D C:\Users\Derek\vmlogs
2017-05-31 23:16 - 2016-10-02 18:40 - 00000000 ____D C:\Users\Derek\.BigNox
2017-05-31 23:16 - 2016-10-02 18:38 - 00000000 ____D C:\Users\Derek\AppData\Local\Nox
2017-05-31 23:16 - 2016-07-01 22:18 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-30 19:05 - 2017-02-11 17:43 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-27 00:21 - 2016-05-15 10:21 - 00000000 ____D C:\Users\Derek\Documents\My Games
2017-05-26 23:33 - 2017-05-15 13:56 - 00000222 _____ C:\Users\Derek\Desktop\The Binding of Isaac Rebirth.url
2017-05-26 23:27 - 2016-05-15 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-05-26 23:27 - 2016-05-15 01:04 - 00000000 ____D C:\Program Files\KMSpico
2017-05-25 05:45 - 2017-01-26 19:01 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-25 05:45 - 2016-05-15 00:43 - 00002363 _____ C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-25 05:45 - 2016-05-15 00:43 - 00000000 ___RD C:\Users\Derek\OneDrive
2017-05-24 01:27 - 2016-05-15 00:41 - 00000000 ____D C:\Users\Derek\AppData\Local\Packages
2017-05-20 13:08 - 2017-05-05 22:25 - 00000000 ____D C:\Users\Derek\EphineaPSO
 
==================== Files in the root of some directories =======
 
2016-05-15 01:19 - 2016-05-15 01:19 - 0011568 _____ () C:\Users\Derek\AppData\Roaming\InstallationConfiguration.xml
2016-05-15 01:19 - 2016-05-15 01:19 - 0127488 _____ () C:\Users\Derek\AppData\Roaming\Installer.dat
2016-05-15 01:17 - 2016-05-15 01:17 - 0002560 _____ () C:\Users\Derek\AppData\Local\uninstallssl.exe
 
Files to move or delete:
====================
C:\Program Files (x86)\msrtn32\msrtn32.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
 
Some files in TEMP:
====================
2017-05-19 23:28 - 2017-05-19 23:28 - 0013312 _____ () C:\Users\Derek\AppData\Local\Temp\dofdge-k.dll
2017-01-06 16:22 - 2017-02-10 10:54 - 0037376 _____ (Microsoft) C:\Users\Derek\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-01-06 16:22 - 2017-02-10 10:54 - 0020480 _____ (Microsoft) C:\Users\Derek\AppData\Local\Temp\HiRezLauncherControls.dll
2016-12-07 23:59 - 2016-12-07 23:59 - 0013312 _____ () C:\Users\Derek\AppData\Local\Temp\ktrlk_3g.dll
2016-12-03 23:59 - 2016-12-03 23:59 - 0013312 _____ () C:\Users\Derek\AppData\Local\Temp\r06hlqtt.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 23:41
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 18 June 2017 - 12:09 AM

Hi LoveableNagato :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 LoveableNagato

LoveableNagato
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 19 June 2017 - 10:14 PM

Hi Aura. I have downloaded the malwarebytes rootkit but after a certain while (maybe 4-5 hours) it will just freeze and not continue. Im assuming this is due to the amount of malware it is detecting (around 7,000 in those 4 hours). Is there a way to prevent this? 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 19 June 2017 - 10:15 PM

If you close all your programs, keep MBAR open and do not touch your system while it scans, it'll eventually go through.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 22 June 2017 - 02:54 PM

Hi LoveableNagato,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 24 June 2017 - 11:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users