Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[FRST logs] Infected With PUA.JScoinminer PART 2


  • This topic is locked This topic is locked
9 replies to this topic

#1 LostAccounts

LostAccounts

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 October 2017 - 11:39 PM

PART 1 Thread

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by depressed.clown (administrator) on DESKTOP-8EEDJQOI (27-10-2017 22:23:24)
Running from C:\Users\depressed.clown\Downloads
Loaded Profiles: depressed.clown & theJOKER (Available Profiles: depressed.clown & theJOKER & happy.pills.supliment)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\nis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\nis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\conathst.exe
(TrueCrypt Foundation) C:\Users\theJOKER\Downloads\TrueCrypt\TrueCrypt.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2017-06-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{aefca918-6acf-49cc-aeb7-5af27eaf4176}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{d6fb280d-7f34-4fb1-aa2e-adafe154256e}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3000172399-2907617184-3595842285-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22.10.1.10&locale=en_GB&guid=87E98A15-5752-41B5-8B9D-39349E7B70E9&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\coIEPlg.dll [2017-10-04] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine32\22.11.0.41\coIEPlg.dll [2017-10-04] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\coIEPlg.dll [2017-10-04] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine32\22.11.0.41\coIEPlg.dll [2017-10-04] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3000172399-2907617184-3595842285-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\coIEPlg.dll [2017-10-04] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: 79p19vzl.default
FF ProfilePath: C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default [2017-10-27]
FF Extension: (Ghostery) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\firefox@ghostery.com.xpi [2017-10-26]
FF Extension: (Dictionary Extension) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2017-10-26]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\marcoagpinto@mail.telepac.pt [2017-10-27]
FF Extension: (uBlock Origin) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-26]
FF Extension: (Session Manager) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-06-14]
FF Extension: (Bluhell Firewall) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2017-10-26]
FF Extension: (NoScript) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-26]
FF Extension: (Adblock Plus) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-14]
FF Extension: (Greasemonkey) - C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-26]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.3.13\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.3.13\coFFAddon [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.3.13\coFFAddon
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2017-06-14] (Intel Corporation)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365032 2017-06-14] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\NIS.exe [326144 2017-10-04] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2017-06-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [214216 2017-10-03] (SparkLabs)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R1 BHDrvx64; C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\BASHDefs\20171023.001\BHDrvx64.sys [1872024 2017-10-11] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\160B000.029\ccSetx64.sys [187520 2017-10-04] (Symantec Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2017-06-14] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-26] (Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158360 2017-10-26] (Symantec Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2017-06-14] (Intel Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R1 IDSVia64; C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\IPSDefs\20171026.001\IDSvia64.sys [1056920 2017-10-14] (Symantec Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2017-06-14] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-26] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\160B000.029\SRTSP64.SYS [812704 2017-10-04] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\160B000.029\SRTSPX64.SYS [49304 2017-10-04] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\160B000.029\SYMEFASI64.SYS [1868416 2017-10-04] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\160B000.029\SymELAM.sys [24608 2017-10-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-19] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\160B000.029\Ironx64.SYS [301288 2017-10-04] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\160B000.029\SYMNETS.SYS [566912 2017-10-04] (Symantec Corporation)
R4 truecrypt; C:\Users\theJOKER\Downloads\TrueCrypt\truecrypt-x64.sys [231376 2013-06-25] (TrueCrypt Foundation)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [59760 2016-08-11] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170613.009\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170613.009\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-27 22:23 - 2017-10-27 22:24 - 000015662 _____ C:\Users\depressed.clown\Downloads\FRST.txt
2017-10-27 22:22 - 2017-10-27 22:23 - 000000000 ____D C:\FRST
2017-10-27 22:21 - 2017-10-27 22:21 - 002403328 _____ (Farbar) C:\Users\depressed.clown\Downloads\frst64.exe
2017-10-27 21:42 - 2017-10-27 21:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-10-27 20:31 - 2017-10-27 20:31 - 000011340 _____ C:\Users\theJOKER\Downloads\domahi.com_tp136067.torrent
2017-10-27 20:23 - 2017-10-27 20:23 - 000011340 _____ C:\Users\theJOKER\Downloads\tp136067
2017-10-27 14:15 - 2017-10-27 14:15 - 000103908 _____ C:\Users\theJOKER\Downloads\source3.mp4
2017-10-27 07:59 - 2017-10-27 07:59 - 000127143 _____ C:\Users\theJOKER\Downloads\source.mp4
2017-10-26 19:25 - 2017-10-26 19:25 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-26 19:23 - 2017-10-26 19:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-26 17:17 - 2017-10-26 17:17 - 007696610 _____ C:\Users\theJOKER\Downloads\ThisEarnestEastrussiancoursinghounds.mp4
2017-10-26 14:41 - 2017-10-26 14:41 - 008250832 _____ (Malwarebytes) C:\Users\theJOKER\Downloads\adwcleaner_7.0.3.1.exe
2017-10-26 13:34 - 2017-10-26 13:34 - 008250832 _____ (Malwarebytes) C:\Users\depressed.clown\Downloads\adwcleaner_7.0.3.1.exe
2017-10-26 13:05 - 2017-10-26 19:31 - 000003900 _____ C:\Users\depressed.clown\Downloads\FSS.txt
2017-10-26 13:04 - 2017-10-26 13:04 - 000899584 _____ (Farbar) C:\Users\depressed.clown\Downloads\FSS.exe
2017-10-26 13:01 - 2017-10-26 13:01 - 000004424 _____ C:\Users\depressed.clown\Documents\pppp.txt
2017-10-26 08:44 - 2017-10-27 21:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2017-10-26 08:38 - 2017-10-26 08:38 - 000003444 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-10-26 07:18 - 2017-10-26 20:50 - 000000000 ____D C:\Users\depressed.clown\AppData\Local\NPE
2017-10-26 06:58 - 2017-10-26 06:57 - 001276303 _____ C:\Users\theJOKER\Desktop\New TabS.session
2017-10-26 06:25 - 2017-10-26 06:25 - 000054791 _____ C:\Users\theJOKER\Downloads\2017-09-18_085004.mp4
2017-10-25 11:36 - 2017-10-25 11:36 - 006007632 _____ C:\Users\theJOKER\Downloads\75INrAtL4NSfCKK7qJYG_preview.mp4
2017-10-25 08:13 - 2017-10-25 08:13 - 001934506 _____ C:\Users\theJOKER\Downloads\1461731615000_preview.mp4
2017-10-25 08:13 - 2017-10-25 08:13 - 001892902 _____ C:\Users\theJOKER\Downloads\1469571704000_preview.mp4
2017-10-24 08:53 - 2017-10-24 08:53 - 001878998 _____ C:\Users\theJOKER\Downloads\1448861996000_preview.mp4
2017-10-24 08:53 - 2017-10-24 08:53 - 001867886 _____ C:\Users\theJOKER\Downloads\1446742325000_preview.mp4
2017-10-24 08:52 - 2017-10-24 08:52 - 005908492 _____ C:\Users\theJOKER\Downloads\hqzAEydFqJ2VOU7ag9zq_preview.mp4
2017-10-23 07:06 - 2017-10-23 07:06 - 001651667 _____ C:\Users\theJOKER\Downloads\5KIcNvCoTlqJa0JsPdV6_preview.mp4
2017-10-23 07:05 - 2017-10-23 07:05 - 008644534 _____ C:\Users\theJOKER\Downloads\oiDVrx4SKd9fOfZFeXqy_preview.mp4
2017-10-22 17:19 - 2017-10-22 17:19 - 009734570 _____ C:\Users\theJOKER\Downloads\UOrXQS1ZXcUcwPL4ZbpI_preview.mp4
2017-10-22 00:11 - 2017-10-22 00:11 - 001890168 _____ C:\Users\theJOKER\Downloads\SdYHmxIIRj1iygPLtEjF_preview.mp4
2017-10-22 00:10 - 2017-10-22 00:11 - 001914016 _____ C:\Users\theJOKER\Downloads\H0cNg2olAkE8WH11ffmt_preview.mp4
2017-10-22 00:07 - 2017-10-22 00:07 - 005857160 _____ C:\Users\theJOKER\Downloads\efZyrJZynBUa1th8Ln33_preview.mp4
2017-10-21 22:47 - 2017-10-21 22:47 - 005951249 _____ C:\Users\theJOKER\Downloads\OBxbr6hhQO7U0uezvJ4l_preview.mp4
2017-10-21 12:56 - 2017-10-21 12:56 - 005884535 _____ C:\Users\theJOKER\Downloads\tzDDKuM4k2zpxS8f2zQQ_preview.mp4
2017-10-21 12:52 - 2017-10-21 12:52 - 005921738 _____ C:\Users\theJOKER\Downloads\jFWbHNw5gTHLks5DCDcc_preview.mp4
2017-10-21 12:47 - 2017-10-21 12:48 - 012296169 _____ C:\Users\theJOKER\Downloads\iiDhSzlfEB9lCXaCVa2x_preview.mp4
2017-10-20 11:36 - 2017-10-20 11:37 - 000027582 _____ C:\Users\theJOKER\Documents\untitled.pdf
2017-10-19 20:06 - 2017-10-19 20:06 - 015113105 _____ C:\Users\theJOKER\Downloads\3480p.mp4
2017-10-19 11:44 - 2017-10-19 11:45 - 045275642 ____R C:\Users\theJOKER\Desktop\Russell Brand Eloquently Owns Bill Maher and his Entire Panel.mp4
2017-10-19 05:18 - 2017-10-19 05:18 - 006356857 _____ C:\Users\theJOKER\Downloads\lffTWcM0tfQRzUeUigTb_preview.mp4
2017-10-19 05:17 - 2017-10-19 05:17 - 001907225 _____ C:\Users\theJOKER\Downloads\JA8Tz7ZEqFrXcIYvGWIR_preview.mp4
2017-10-19 05:14 - 2017-10-19 05:14 - 001911376 _____ C:\Users\theJOKER\Downloads\DNZwhqqzgIJu60aO40jx_preview.mp4
2017-10-18 19:54 - 2017-10-18 19:54 - 058965795 _____ C:\Users\theJOKER\Downloads\_352468001_tr.mp4
2017-10-18 04:51 - 2017-10-18 04:51 - 009720799 _____ C:\Users\theJOKER\Downloads\t2ldue2KHNPyRqMpoGGO_preview.mp4
2017-10-18 04:50 - 2017-10-18 04:50 - 007184711 _____ C:\Users\theJOKER\Downloads\VNEOsWHxULvIhiFnhD4W_preview.mp4
2017-10-16 20:16 - 2017-10-16 20:16 - 006135657 _____ C:\Users\theJOKER\Downloads\Bj7yF1TZfMEEV6l2vNSk_preview.mp4
2017-10-15 07:38 - 2017-10-15 07:38 - 017891659 _____ C:\Users\theJOKER\Downloads\UTJAJTKITJ_480P.mp4
2017-10-14 19:00 - 2017-10-14 19:01 - 083978737 _____ C:\Users\theJOKER\Downloads\preview(7).mp4
2017-10-14 19:00 - 2017-10-14 19:00 - 018290309 _____ C:\Users\theJOKER\Downloads\preview(6).mp4
2017-10-14 19:00 - 2017-10-14 19:00 - 018189410 _____ C:\Users\theJOKER\Downloads\preview(5).mp4
2017-10-14 18:58 - 2017-10-14 18:58 - 018269603 _____ C:\Users\theJOKER\Downloads\preview(4).mp4
2017-10-14 18:58 - 2017-10-14 18:58 - 018078908 _____ C:\Users\theJOKER\Downloads\preview(3).mp4
2017-10-14 18:55 - 2017-10-14 18:55 - 018269603 _____ C:\Users\theJOKER\Downloads\preview(2).mp4
2017-10-14 18:53 - 2017-10-14 18:54 - 018232832 _____ C:\Users\theJOKER\Downloads\preview.mp4
2017-10-14 02:46 - 2017-10-14 02:46 - 007905536 _____ (Tim Kosse) C:\Users\theJOKER\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-10-11 09:53 - 2017-10-11 09:53 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-11 09:53 - 2017-10-11 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-11 08:45 - 2017-10-11 08:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 08:37 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 08:37 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 08:37 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 08:37 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 08:37 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 08:37 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 08:37 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 08:37 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 08:37 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 08:37 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 08:37 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 08:37 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 08:37 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 08:37 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 08:37 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 08:37 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 08:37 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 08:37 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 08:37 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 08:37 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 08:37 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 08:37 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 08:37 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 08:37 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 08:37 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 08:37 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 08:37 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 08:37 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 08:37 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 08:37 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 08:37 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 08:37 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 08:37 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 08:37 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 08:37 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 08:37 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 08:37 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 08:37 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 08:37 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 08:37 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 08:37 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 08:37 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 08:37 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 08:37 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 08:37 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 08:37 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 08:37 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 08:37 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 08:37 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 08:37 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 08:37 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 08:37 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 08:37 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 08:37 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 08:37 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 08:37 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 08:37 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 08:37 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 08:37 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 08:37 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 08:37 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 08:37 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 08:37 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 08:37 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 08:37 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 08:37 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 08:37 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 08:37 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 08:37 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 08:37 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 08:37 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 08:37 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 08:37 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 08:37 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 08:37 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 08:37 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 08:37 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 08:36 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 08:36 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 08:36 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 08:36 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 08:36 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 08:36 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 08:36 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 08:36 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 08:36 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 08:36 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 08:36 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 08:36 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 08:36 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 08:36 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 08:36 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 08:36 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 08:36 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 08:36 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 08:36 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 08:36 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 08:36 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 08:36 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 08:36 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 08:36 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 08:36 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 08:36 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 08:36 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 08:36 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 08:36 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 08:36 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 08:36 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 08:36 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 08:36 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 08:36 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 08:36 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 08:36 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 08:36 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 08:36 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 08:36 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 08:36 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 08:36 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 08:36 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 08:36 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 08:36 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 08:36 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 08:36 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 08:36 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 08:36 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 08:36 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 08:36 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 08:36 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 08:36 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 08:36 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 08:36 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 08:36 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 08:36 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 08:36 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 08:36 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 08:36 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 08:36 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 08:36 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 08:36 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 08:36 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 08:36 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 08:36 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 08:36 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 08:36 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 08:36 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 08:36 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 08:36 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 08:36 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 08:36 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 08:36 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 08:36 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 08:36 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 08:36 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 08:36 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 08:36 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 08:36 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 08:36 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 08:36 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 08:36 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 08:36 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 08:36 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 08:36 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 08:36 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 08:36 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 08:36 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 08:36 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 08:36 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 08:36 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 08:36 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 08:36 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 08:36 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 08:36 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 08:36 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 08:36 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 08:36 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 08:36 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 08:36 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 08:36 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-11 08:35 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 08:35 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 08:35 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 08:35 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 08:35 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 08:35 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 08:35 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 08:35 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 08:35 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 08:35 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 08:35 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 08:35 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 08:35 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 08:35 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 08:35 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 08:35 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 08:35 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 08:35 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 08:35 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 08:35 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 08:35 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 08:35 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 08:35 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 08:35 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 08:35 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 08:35 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 08:35 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 08:35 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 08:35 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 08:35 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 08:35 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 08:35 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 08:35 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-09 18:13 - 2017-10-09 18:13 - 011980008 _____ C:\Users\theJOKER\Downloads\io7zxCpw174y4dnVY8Wv_preview.mp4
2017-10-09 18:12 - 2017-10-09 18:12 - 012475334 _____ C:\Users\theJOKER\Downloads\TR8DxNpHBsoI2FOcP33j_preview.mp4
2017-10-09 18:12 - 2017-10-09 18:12 - 005867798 _____ C:\Users\theJOKER\Downloads\1MgUih4JnUlWECdoZa63_preview.mp4
2017-10-09 18:11 - 2017-10-09 18:11 - 005867421 _____ C:\Users\theJOKER\Downloads\haKfVqOn0HU2vSmv9I70_preview.mp4
2017-10-09 18:09 - 2017-10-09 18:09 - 011211967 _____ C:\Users\theJOKER\Downloads\K4ARXz1Be88u4mVyKeKU_preview.mp4
2017-10-09 18:09 - 2017-10-09 18:09 - 005867044 _____ C:\Users\theJOKER\Downloads\HvogFhZjIs7PbgFyf402_preview.mp4
2017-10-09 18:08 - 2017-10-09 18:08 - 006018073 _____ C:\Users\theJOKER\Downloads\6p7jYjH7Tjtl1DMF1mYb_preview.mp4
2017-10-09 16:13 - 2017-10-09 16:13 - 001973046 _____ C:\Users\theJOKER\Downloads\1461868936000_preview.mp4
2017-10-09 16:13 - 2017-10-09 16:13 - 001973046 _____ C:\Users\theJOKER\Downloads\1461868936000_preview(3).mp4
2017-10-09 16:13 - 2017-10-09 16:13 - 001973046 _____ C:\Users\theJOKER\Downloads\1461868936000_preview(2).mp4
2017-10-08 11:57 - 2017-10-08 11:57 - 000000231 _____ C:\Users\theJOKER\Desktop\IHGJKJHGJ.txt
2017-10-08 06:29 - 2017-10-08 06:29 - 018807391 _____ C:\Users\theJOKER\Downloads\IOHU78YH480p.mp4
2017-10-06 18:54 - 2017-10-03 17:20 - 000000000 ____D C:\Users\theJOKER\Desktop\23852--The Classic 90s Collection (2017) 320 KBPS
2017-10-06 08:00 - 2017-10-06 08:00 - 000000107 _____ C:\Users\theJOKER\Desktop\Tumblr.txt
2017-10-05 16:45 - 2017-10-05 16:45 - 000000040 _____ C:\Users\theJOKER\Desktop\0JMIYFER.net x2.txt
2017-10-03 13:24 - 2017-10-03 13:24 - 000130072 _____ (HP) C:\WINDOWS\system32\HP3DDGService.exe
2017-10-02 03:07 - 2017-10-02 03:07 - 000233510 _____ C:\Users\theJOKER\Downloads\WEBSITE1.htm
2017-10-02 03:07 - 2017-10-02 03:07 - 000000000 ____D C:\Users\theJOKER\Downloads\WEBSITE1_files
2017-10-01 19:33 - 2017-10-01 19:33 - 011718385 _____ C:\Users\theJOKER\Downloads\NSGbl9WaAKkCMR2iqlN7_preview.mp4
2017-10-01 04:09 - 2017-10-01 04:09 - 000435963 _____ C:\Users\theJOKER\Downloads\08HFJ321FHJKK.torrent
2017-09-30 09:39 - 2017-09-30 09:39 - 116487785 _____ C:\Users\theJOKER\Downloads\HMPBSIIH.mp4
2017-09-29 20:07 - 2017-09-29 20:31 - 000000000 ____D C:\Users\theJOKER\.get_iplayer
2017-09-29 19:59 - 2017-09-29 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\get_iplayer
2017-09-29 19:59 - 2017-09-29 20:00 - 000000000 ____D C:\Program Files (x86)\get_iplayer
2017-09-29 16:35 - 2017-09-29 16:35 - 000220078 _____ C:\Users\theJOKER\Downloads\LB-MV.htm
2017-09-29 16:35 - 2017-09-29 16:35 - 000000000 ____D C:\Users\theJOKER\Downloads\LB-MV_files
2017-09-29 16:28 - 2017-09-29 16:28 - 000225566 _____ C:\Users\theJOKER\Downloads\420IYTIIGF.htm
2017-09-29 16:28 - 2017-09-29 16:28 - 000000000 ____D C:\Users\theJOKER\Downloads\420IYTIIGF_files
2017-09-29 16:09 - 2017-09-29 16:09 - 001251740 _____ C:\Users\theJOKER\Desktop\2017-09-29.session
2017-09-29 01:51 - 2017-09-29 01:51 - 005729217 _____ C:\Users\theJOKER\Downloads\lufqWAxwQgzZjyGB0nS2_preview.mp4
2017-09-27 23:58 - 2017-09-27 23:58 - 000490045 _____ C:\Users\theJOKER\Downloads\WVX13T.mp4
2017-09-27 00:45 - 2017-09-27 00:45 - 000006966 _____ C:\Users\theJOKER\Desktop\cgp templete.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-27 21:00 - 2017-06-14 12:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-27 20:44 - 2017-08-19 08:39 - 000000000 ____D C:\Users\theJOKER\Desktop\Attack on Titan Season 2 OST (2017) 320 KBPS
2017-10-27 19:50 - 2017-06-14 02:34 - 000000000 ____D C:\Users\depressed.clown\AppData\Roaming\Skype
2017-10-27 18:34 - 2017-06-17 12:42 - 000000000 ____D C:\Users\theJOKER\AppData\Local\CrashDumps
2017-10-27 16:22 - 2017-06-14 03:58 - 000000000 ____D C:\Users\theJOKER\AppData\Roaming\vlc
2017-10-27 14:03 - 2017-06-14 12:53 - 000000000 ____D C:\Users\theJOKER
2017-10-27 08:12 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-27 08:12 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-27 08:02 - 2017-08-25 15:38 - 000000000 ____D C:\Users\theJOKER\Desktop\theSEARCH
2017-10-27 04:07 - 2017-06-25 03:21 - 000000000 ____D C:\Program Files\Opera
2017-10-26 20:54 - 2017-06-14 12:47 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-26 20:54 - 2017-06-14 03:39 - 000000000 __SHD C:\Users\theJOKER\IntelGraphicsProfiles
2017-10-26 20:52 - 2017-06-14 02:34 - 000000000 __SHD C:\Users\depressed.clown\IntelGraphicsProfiles
2017-10-26 20:51 - 2017-06-14 13:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-26 20:50 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-10-26 17:49 - 2017-08-24 17:53 - 000000000 ____D C:\AdwCleaner
2017-10-26 17:31 - 2017-06-14 06:40 - 000000000 ____D C:\Users\theJOKER\Downloads\Evo Downloads
2017-10-26 14:45 - 2017-09-21 17:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-26 14:45 - 2017-06-14 12:44 - 000217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-26 14:45 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-10-26 14:44 - 2017-06-27 02:50 - 000000000 ____D C:\Users\depressed.clown\AppData\Local\CrashDumps
2017-10-26 13:00 - 2017-06-15 17:41 - 000000000 ____D C:\Program Files\OpenVPN
2017-10-26 12:08 - 2017-06-14 21:07 - 000000000 ____D C:\Program Files\Common Files\AV
2017-10-26 09:08 - 2017-06-14 03:45 - 000000000 ____D C:\Users\theJOKER\AppData\LocalLow\Mozilla
2017-10-26 09:02 - 2017-06-14 13:26 - 000000000 ____D C:\Users\depressed.clown\AppData\Local\ConnectedDevicesPlatform
2017-10-26 09:02 - 2017-06-14 12:53 - 000000000 ____D C:\Users\depressed.clown
2017-10-26 09:02 - 2017-06-13 19:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-26 09:00 - 2017-06-14 13:13 - 000000000 ____D C:\Users\theJOKER\AppData\Local\ConnectedDevicesPlatform
2017-10-26 08:46 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 08:46 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-26 08:39 - 2017-06-14 13:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2017-10-26 08:38 - 2017-06-14 14:00 - 000002745 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-10-26 08:38 - 2017-06-14 13:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-10-26 08:32 - 2017-06-14 12:53 - 000000000 ____D C:\Users\happy.pills.supliment
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-26 08:31 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-10-26 08:30 - 2017-08-06 17:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3000172399-2907617184-3595842285-1002
2017-10-26 08:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-26 08:30 - 2017-03-18 12:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-10-26 08:29 - 2017-06-13 19:39 - 000000000 ____D C:\ProgramData\Norton
2017-10-26 08:12 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\registration
2017-10-26 08:04 - 2017-06-15 08:33 - 000000000 ____D C:\Users\theJOKER\Desktop\Send_To_HDD
2017-10-26 08:04 - 2017-06-15 06:58 - 000000000 ____D C:\Users\theJOKER\Desktop\(subs-2)
2017-10-26 08:04 - 2017-06-14 03:15 - 000000000 ____D C:\Users\depressed.clown\AppData\Roaming\Mozilla
2017-10-26 07:37 - 2017-06-14 03:18 - 000000000 ____D C:\Users\depressed.clown\AppData\LocalLow\Mozilla
2017-10-25 12:24 - 2017-06-19 01:58 - 000000000 ____D C:\Users\theJOKER\AppData\Roaming\FileZilla
2017-10-24 19:37 - 2017-06-15 10:30 - 000000000 ____D C:\Users\theJOKER\Desktop\BLUEWATCH
2017-10-23 12:58 - 2017-09-25 00:45 - 000000000 ____D C:\Users\theJOKER\Desktop\previewTHIS
2017-10-22 20:25 - 2017-07-07 17:42 - 000000000 ____D C:\Users\theJOKER\AppData\Roaming\HandBrake
2017-10-20 03:19 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-20 00:17 - 2017-09-14 20:56 - 000000000 ____D C:\Users\theJOKER\AppData\Roaming\avidemux
2017-10-18 05:06 - 2017-07-15 19:01 - 000000000 ____D C:\Users\theJOKER\Desktop\SEND_TO_RB
2017-10-16 06:27 - 2017-07-27 09:11 - 000001934 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2017-10-16 06:27 - 2017-06-19 01:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-10-16 06:27 - 2017-06-19 01:58 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-10-15 16:01 - 2017-06-15 08:27 - 000000000 ____D C:\Users\theJOKER\Desktop\PasswordCONFIDENTIAL2017
2017-10-14 04:07 - 2017-07-01 03:23 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2017-10-14 04:07 - 2017-06-25 03:22 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1498357332
2017-10-13 14:45 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 14:03 - 2017-06-30 17:16 - 000001381 _____ C:\Users\theJOKER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2017-10-13 14:03 - 2017-06-15 17:13 - 000004206 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497543224
2017-10-13 10:16 - 2017-07-19 17:33 - 000001752 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2017-10-13 10:16 - 2017-07-19 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2017-10-13 10:16 - 2017-07-19 17:33 - 000000000 ____D C:\Program Files\MPC-HC
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 20:51 - 2017-06-14 02:24 - 001108406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-12 17:48 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-12 17:48 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-12 17:48 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-12 10:52 - 2017-08-12 08:56 - 000000000 ____D C:\Users\theJOKER\Desktop\22636--Ennio_Morricone - Italowestern Filmmusik Vol 1-WEB-2017 320 KBPS
2017-10-11 08:48 - 2017-06-14 11:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 08:45 - 2017-06-14 11:23 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 15:03 - 2017-06-15 06:57 - 000000000 ____D C:\Users\theJOKER\Desktop\SAMSUNGJUN-2017
2017-10-09 00:35 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-09 00:34 - 2017-06-14 02:30 - 000000000 ____D C:\Users\depressed.clown\AppData\Local\Packages
2017-10-06 19:35 - 2017-06-14 06:44 - 000000000 ____D C:\Users\theJOKER\Downloads\[BACKUPSUMSUNG[img]
2017-10-04 13:15 - 2017-06-14 03:24 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-03 14:23 - 2017-07-16 14:36 - 000000872 _____ C:\Users\Public\Desktop\Viscosity.lnk
2017-10-03 14:23 - 2017-07-16 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscosity
2017-10-03 14:23 - 2017-07-16 14:36 - 000000000 ____D C:\Program Files\Viscosity
2017-10-03 13:24 - 2016-10-12 06:37 - 000127512 _____ (HP) C:\WINDOWS\system32\HPMDPCoInst.dll
2017-10-03 13:24 - 2016-10-12 06:37 - 000054296 _____ (HP) C:\WINDOWS\system32\Drivers\Accelerometer.sys
2017-10-03 13:24 - 2016-10-12 06:37 - 000040472 _____ (HP) C:\WINDOWS\system32\Drivers\hpdskflt.sys
2017-10-02 14:04 - 2017-06-14 06:49 - 000000000 ____D C:\Users\theJOKER\Downloads\MUSIC CACHE
2017-09-27 06:14 - 2017-07-31 09:11 - 000000000 ____D C:\Users\theJOKER\Desktop\TABSSESH

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-27 21:00

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 LostAccounts

LostAccounts
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 October 2017 - 11:42 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by depressed.clown (27-10-2017 22:25:02)
Running from C:\Users\depressed.clown\Downloads
Windows 10 Home Version 1703 15063.674 (X64) (2017-06-14 12:13:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3000172399-2907617184-3595842285-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3000172399-2907617184-3595842285-503 - Limited - Disabled)
Guest (S-1-5-21-3000172399-2907617184-3595842285-501 - Limited - Disabled)
depressed.clown (S-1-5-21-3000172399-2907617184-3595842285-1001 - Administrator - Enabled) => C:\Users\depressed.clown
theJOKER (S-1-5-21-3000172399-2907617184-3595842285-1002 - Limited - Enabled) => C:\Users\theJOKER
happy.pills.supliment (S-1-5-21-3000172399-2907617184-3595842285-1003 - Limited - Enabled) => C:\Users\happy.pills.supliment

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.21.170501 - )
Boilsoft Video Joiner 8.01 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.900 - Broadcom Corporation)
EaseUS Partition Master 12.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
get_iplayer (HKLM-x32\...\get_iplayer) (Version: 2.96.0 - )
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
KB4022868 (HKLM\...\{981BD826-94A7-4A4E-8267-3DD050186A6E}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3000172399-2907617184-3595842285-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 16.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 16.0.0 - Moritz Bunkus)
Mozilla Firefox 56.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 56.0 (x64 en-GB)) (Version: 56.0 - Mozilla)
MPC-HC 1.7.11 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.11 - MPC-HC Team)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NFOPad 1.72 (HKLM-x32\...\NFOPad) (Version: 1.72 - True Human Design)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.11.0.41 - Symantec Corporation)
Opera Stable 48.0.2685.39 (HKLM-x32\...\Opera 48.0.2685.39) (Version: 48.0.2685.39 - Opera Software)
Opera Stable 48.0.2685.39 (HKU\S-1-5-21-3000172399-2907617184-3595842285-1002\...\Opera 48.0.2685.39) (Version: 48.0.2685.39 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Seedbox Panel (HKU\S-1-5-21-3000172399-2907617184-3595842285-1002\...\214b711a4dffc9d9) (Version: 1.4.1.0 - MySeedbox.Site)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Viscosity 1.7.5 (1530) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.7.5.1530 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinRAR 5.50 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-12] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-12] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-14] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\buShell.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-12] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-12] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {108CF196-2235-4223-ACFB-E231E83303E9} - System32\Tasks\Opera scheduled Autoupdate 1498357332 => C:\Program Files\Opera\launcher.exe [2017-10-10] (Opera Software)
Task: {25E9E3E7-0824-4176-A6F5-1DC762C80505} - System32\Tasks\Microsoft\Windows\supdt\updtcln => C:\Program Files\supdt\updtcln.exe [2017-05-23] ()
Task: {5ACE0DF8-5A34-4098-9125-B8DC44B8F54D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\WSCStub.exe [2017-10-04] (Symantec Corporation)
Task: {646EB305-A676-427B-AD8E-4E884AC56286} - System32\Tasks\S-1-5-21-3000172399-2907617184-3595842285-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {899F05E1-6102-409B-A516-7C840DE6F2A8} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\SymErr.exe [2017-10-04] (Symantec Corporation)
Task: {8C4E7169-B3E6-4DB1-A0C9-7D752C3CCFE2} - System32\Tasks\Opera scheduled Autoupdate 1497543224 => C:\Users\theJOKER\AppData\Local\Programs\Opera\launcher.exe [2017-10-10] (Opera Software)
Task: {9C473298-0BB5-46CE-B770-25189A149ACF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-10-04] (Symantec Corporation)
Task: {C6D4A85C-0111-47DF-8CC9-0FF0CF525D79} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\SymErr.exe [2017-10-04] (Symantec Corporation)
Task: {D607A49F-A688-47E3-8D98-8CC0E2758A12} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\SymErr.exe [2017-10-04] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-29 11:32 - 2017-09-29 11:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-18 21:59 - 2017-03-20 04:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-25 03:07 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
2017-10-10 04:16 - 2017-10-10 04:16 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 17:19 - 2017-09-26 17:19 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-05 08:21 - 2017-10-05 08:21 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 14:28 - 2017-08-29 14:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-05 08:21 - 2017-10-05 08:22 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-08-30 13:39 - 2017-08-30 13:40 - 000016896 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
2017-08-30 13:39 - 2017-08-30 13:40 - 016135680 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.dll
2017-09-22 06:52 - 2017-09-22 06:53 - 005201816 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1709.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2017-03-20 04:45 - 2017-03-20 04:45 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.21.2212.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-10-05 08:21 - 2017-10-05 08:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 001982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-25 03:07 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\traynet.dll
2017-06-25 03:07 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\libcurl.dll
2017-06-25 03:07 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\zlib1.dll
2017-06-25 03:07 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\uexper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-3000172399-2907617184-3595842285-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\theJOKER\Pictures\Screenshots\abstract-background-20.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E4DD3443-99B2-4192-B784-B3B787BB96A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD2E9170-46A3-4171-8554-40BDF710FA61}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9813462F-C50B-49C4-9AF8-9CDA82D6A847}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1EB7853A-7760-4F6F-859C-548BA00B53A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B72B2BDA-B252-44AE-8669-854B73D59B1B}] => (Allow) C:\Program Files\Opera\48.0.2685.35\opera.exe
FirewallRules: [{EC1F0200-8CEB-4AB8-B95A-EAB9A22BD621}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe

==================== Restore Points =========================

18-10-2017 16:23:41 Windows Update
26-10-2017 07:45:59 Restore Operation
26-10-2017 09:05:26 After Restore 2 18TH OCT 2017

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs Pty Ltd
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2017 06:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2017.39081.15820.0, time stamp: 0x59cc392e
Faulting module name: igd10iumd64.dll, version: 20.19.15.4360, time stamp: 0x5678d000
Exception code: 0xc0000005
Fault offset: 0x00000000000220a6
Faulting process ID: 0x3250
Faulting application start time: 0x01d34f468e71f656
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Report ID: 316c9723-a6e8-4b94-9f73-455dda54eeb0
Faulting package full name: Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (10/27/2017 09:37:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8Q6S5P3)
Description: Activation of application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/26/2017 10:23:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8Q6S5P3)
Description: Activation of application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/26/2017 10:23:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8Q6S5P3)
Description: Activation of application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/26/2017 08:51:24 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [0]

Error: (10/26/2017 08:49:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialise the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (10/26/2017 02:45:58 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [0]

Error: (10/26/2017 02:44:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8EEDJQOI)
Description: Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/26/2017 02:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.674, time stamp: 0xaf452875
Exception code: 0xc000027b
Fault offset: 0x0000000000443b5f
Faulting process ID: 0xc14
Faulting application start time: 0x01d34e6084f0d0ca
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: d20f2b7f-dbe5-467f-9e22-cc286127df09
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (10/26/2017 02:44:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.674, time stamp: 0xaf452875
Exception code: 0xc000027b
Fault offset: 0x0000000000443b5f
Faulting process ID: 0x3bc
Faulting application start time: 0x01d34e60823f45a1
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 04964bc5-8b28-474b-affd-9a5c13c4b8fb
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (10/27/2017 09:48:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 09:12:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 04:10:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 01:53:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 12:08:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 09:40:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2017 09:37:50 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8EEDJQOI)
Description: The server Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy!WindowsDefaultLockScreen did not register with DCOM within the required timeout.

Error: (10/27/2017 03:56:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2017 10:23:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2017 10:23:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8EEDJQOI)
Description: The server Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy!WindowsDefaultLockScreen did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-10-12 13:02:29.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 13:02:28.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 13:02:28.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:30.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:30.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:29.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:28.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:28.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-10-12 12:59:27.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-27 22:29:57.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-5157U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8114.26 MB
Available physical RAM: 4466.38 MB
Total Virtual: 13234.26 MB
Available Virtual: 8713.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.55 GB) (Free:5.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F10E4070)

Partition: GPT.

==================== End of Addition.txt ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 29 October 2017 - 08:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-3000172399-2907617184-3595842285-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22.10.1.10&locale=en_GB&guid=87E98A15-5752-41B5-8B9D-39349E7B70E9&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170613.009\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\Norton Internet Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170613.009\NAVEX15.SYS [X]
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\depressed.clown\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers1_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-3000172399-2907617184-3595842285-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please let me know what problem persists with this computer.

#4 LostAccounts

LostAccounts
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 30 October 2017 - 04:04 PM

Things just keep getting from bad to worse. FRST has disappeared and I was advised by boopme not to do anything. However, overnight, the system updated itself to a new version of windows and there's noway to reverse this. What should I do next?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 31 October 2017 - 08:18 AM


Hi,

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#6 LostAccounts

LostAccounts
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 31 October 2017 - 09:35 PM


Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by depressed.clown on 01/11/2017 at 1:32:40.32.
Microsoft Windows 10 Home 10.0.16299 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\depressed.clown\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-10-31-200047.log 3495 bytes
C:\zoek-results2017-10-31-200939.log 4268 bytes
C:\zoek-results2017-10-31-222516.log 4189 bytes

==== System Restore Info ======================

01/11/2017 01:33:18 Zoek.exe System Restore Point Created Successfully.

==== FireFox Fix ======================

Deleted from C:\Users\depressed.clown\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\depressed.clown~2\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\depressed.clown~1\AppData\Roaming\Mozilla\Firefox\Profiles\vbnr87gi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\depressed.clown~1\AppData\Roaming\Mozilla\Firefox\Profiles\vbnr87gi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\theJOKER\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u4v1x6qi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\theJOKER\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u4v1x6qi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\theJOKER\AppData\Roaming\Mozilla\Firefox\Profiles\phl0a51a.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\theJOKER\AppData\Roaming\Mozilla\Firefox\Profiles\phl0a51a.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\happy.pills.supliment\AppData\Roaming\Mozilla\Firefox\Profiles\11lwyfzz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\happy.pills.supliment\AppData\Roaming\Mozilla\Firefox\Profiles\11lwyfzz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\depressed.clown~2\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\depressed.clown~1\AppData\Roaming\Mozilla\Firefox\Profiles\vbnr87gi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\theJOKER\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u4v1x6qi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\theJOKER\AppData\Roaming\Mozilla\Firefox\Profiles\phl0a51a.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\happy.pills.supliment\AppData\Roaming\Mozilla\Firefox\Profiles\11lwyfzz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.3.13\coFFAddon" [19/07/2017 06:06]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.3.13\coFFAddon" [19/07/2017 06:06]

==== Firefox Extensions ======================

ProfilePath: C:\Users\depressed.clown~2\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default
- British English Dictionary Marco Pinto - %ProfilePath%\extensions\marcoagpinto@mail.telepac.pt
- Undetermined - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Dictionary Extension - %ProfilePath%\extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Bluhell Firewall - %ProfilePath%\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ProfilePath: C:\Users\depressed.clown~1\AppData\Roaming\Mozilla\Firefox\Profiles\vbnr87gi.default
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Bluhell Firewall - %ProfilePath%\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\theJOKER\AppData\Roaming\Mozilla\Firefox\Profiles\phl0a51a.default
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- Undetermined - %ProfilePath%\extensions\staged
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- ImageHost Grabber em:version1.6.5.5.1-signed.1-signed em:creatorCybormatt em:descriptionDownloads all the images hosted on many of the popular free image hosts. em:homepageURLhttp:imagehost-grabber.com em:iconURLchrome:imagegrabbercontentimagegrabber.png em:optionsURLchrome:imagegrabbercontentinterfacesoptions.xul em:aboutURLchrome:imagegrabberlocalehelp.html - %ProfilePath%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
- Copy Urls Expert - %ProfilePath%\extensions\copy-urls-expert@kashiif-gmail.com.xpi
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- Undetermined - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Undetermined - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Skip adf.ly skip - %ProfilePath%\extensions\jid1-nSEySa4aWGanbw@jetpack.xpi
- Strict Pop-up Blocker - %ProfilePath%\extensions\jid1-P34HaABBBpOerQ@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Popup Blocker Ultimate - %ProfilePath%\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi
- Bluhell Firewall - %ProfilePath%\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
- Undetermined - %ProfilePath%\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ProfilePath: C:\Users\happy.pills.supliment\AppData\Roaming\Mozilla\Firefox\Profiles\11lwyfzz.default
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Popup Blocker Ultimate - %ProfilePath%\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\depressed.clown\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\theJOKER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\theJOKER\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\depressed.clown\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\theJOKER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\theJOKER\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\depressed.clown\AppData\Local\Mozilla\Firefox\Profiles\79p19vzl.default\cache2 emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Mozilla\Firefox\Profiles\vbnr87gi.default\Cache emptied successfully
C:\Users\depressed.clown PRO\AppData\Local\Mozilla\Firefox\Profiles\vbnr87gi.default\cache2 emptied successfully
C:\Users\theJOKER\AppData\Local\Mozilla\Firefox\Profiles\phl0a51a.default\cache2 emptied successfully
C:\Users\happy.pills.supliment\AppData\Local\Mozilla\Firefox\Profiles\11lwyfzz.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\depressed.clown\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\theJOKER\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\depressed.clown~2\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 01/11/2017 at 2:05:29.88 ======================

#7 LostAccounts

LostAccounts
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 31 October 2017 - 09:56 PM

I've done everything you've asked. Disabled Norton Smart Firewall, Auto Protect, Turned on Silent Mode.

I've ran Zoek 3 times and each time, PEVZ.exe was discovered in Task Manager and located in the TEMP folder. That's 3 times it came alive. The internet says its some kind of Trojan, or some virus dropper.

 

Ether pevz.exe was generated by Zoek or there's a process Zoek wants to get rid of and like a demon, pevz reveals itself when its being exorcised from the host machine.

 

Aside from all that, internet speeds have returned...fingers crossed it remains as it is.


Edited by LostAccounts, 31 October 2017 - 10:07 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 01 November 2017 - 09:09 AM

Hi,

Nothing to worry about pevz.exe, this program is used by the Zoek program.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 06 November 2017 - 08:13 AM



Hi,

I have just been made aware that this may help you solve your program.

That using Opera VPN can generate this error message. I saw it when I switched the location of Opera's own built in VPN from Amsterdam to Germany


https://forums.opera.com/topic/20408/vpn-triggering-unusual-traffic-message-on-google-pages/7

Hope it helps.

p.s.
If it helps please ask that your latest post be closed.
https://www.bleepingcomputer.com/forums/t/662057/our-systems-have-detected-unusual-traffic-from-your-computer-network-part-3/

#10 LostAccounts

LostAccounts
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 06 November 2017 - 10:20 AM

Hi,

I have just been made aware that this may help you solve your program.

That using Opera VPN can generate this error message. I saw it when I switched the location of Opera's own built in VPN from Amsterdam to Germany


https://forums.opera.com/topic/20408/vpn-triggering-unusual-traffic-message-on-google-pages/7

Hope it helps.

p.s.
If it helps please ask that your latest post be closed.
https://www.bleepingcomputer.com/forums/t/662057/our-systems-have-detected-unusual-traffic-from-your-computer-network-part-3/


Hi. Thank you for your reply, but it doesn't help. I'm Sorry. It happened whilst using Firefox.

I'll add - in the same week when all this started, I uninstalled OpenVPN client. A few days after that, it's when it all started.

Edited by LostAccounts, 06 November 2017 - 12:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users