Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This


  • This topic is locked This topic is locked
7 replies to this topic

#1 imerpailsun

imerpailsun

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 08 November 2017 - 12:05 AM

If anyone one can tell me what to kill please let me know.

Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe
C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\SteamLibrary\steamapps\common\Metronomicon\Metronomicon\Metronomicon.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Johnson\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [AMDDVR] "C:\Program Files\AMD\CNext\CNext\amddvr.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX330" /EF "HKCU"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "D:\lan_party\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: USB Control Center.lnk = C:\Program Files\Belkin\USB Control Center\Connect.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: Belkin USB Center Helper - Unknown owner - C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Perforce - Perforce Software Inc. - D:\Game Dev\Server\p4s.exe
O23 - Service: Plays.tv Update Service (PlaysService) (PlaysService) - Copyright © 2017 Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\lan_party\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
 
--

End of file - 10145 bytes 


Edited by imerpailsun, 08 November 2017 - 12:06 AM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 08 November 2017 - 07:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We do not have enough information to give you sound advice.
Please let me know what the problem is. If possible please execute the following instructions.


HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>


:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 imerpailsun

imerpailsun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 08 November 2017 - 09:04 PM

As requested here are all the logs:

 

Malwarebytes log:

-Log Details-
Scan Date: 11/8/17
Scan Time: 7:51 PM
Log File: 75fd3587-c4f0-11e7-8c60-76d02bcb8a70.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3209
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johnson-PC\Johnson
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347032
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 34 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
AWD Log:
 
# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 09 01:54:54 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-07-2017.2
# Running on Windows 7 Home Premium (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1663 B] - [2017/11/9 1:40:44]
C:/AdwCleaner/AdwCleaner[S0].txt - [1553 B] - [2017/11/9 1:38:12]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
 
Farbar Log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Johnson (administrator) on JOHNSON-PC (08-11-2017 19:45:48)
Running from C:\Users\Johnson\Desktop\Safety First Everyone
Loaded Profiles: Johnson (Available Profiles: Johnson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
(Perforce Software Inc.) D:\Game Dev\Server\p4s.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Akamai Technologies, Inc.) C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1259520 2016-09-15] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-11-07] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Johnson\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1548680 2017-11-02] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\Run: [Skype] => D:\lan_party\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {82655072-54ad-11e3-80bd-74d02bcb8a70} - E:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {82655076-54ad-11e3-80bd-74d02bcb8a70} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {96d546d1-559e-11e3-a245-74d02bcb8a70} - F:\Setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2017-07-18]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2242E53F-43B7-4C72-ACC0-A83BF4E80420}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4C246E31-EACA-49AF-BC34-CAB2F30040D3}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-772906369-1891486758-4006532919-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={77DC4212-D658-42BF-8C15-DC68D9A3390F}&mid=c5ade5ce958247cd914ff54322adbf8b-4cc35cfeda0722767e98212dbf70dca8f37c6f95&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-12-05 18:59:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-772906369-1891486758-4006532919-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Johnson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-772906369-1891486758-4006532919-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default [2017-11-08]
CHR Extension: (Docs) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (Google Search) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (VLC) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm [2015-03-03]
CHR Extension: (Fair AdBlocker) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]
CHR Extension: (Gmail) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-07]
CHR HKU\S-1-5-21-772906369-1891486758-4006532919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2017-11-02] () [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-19] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-19] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2016-03-29] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-16] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2016-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 Perforce; D:\Game Dev\Server\p4s.exe [3783736 2013-11-11] (Perforce Software Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-11-07] (Copyright © 2017 Plays.tv, LLC)
S2 SkypeUpdate; D:\lan_party\Updater\Updater.exe [317408 2017-07-18] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-10-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314640 2017-10-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-10-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-10-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-10-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-10-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-10-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-10-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-10-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1022288 2017-10-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [579584 2017-10-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [193768 2017-10-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [355856 2017-10-19] (AVG Technologies CZ, s.r.o.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-07] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658)
R3 ElgatoVAD; C:\Windows\System32\DRIVERS\ElgatoVAD.sys [28800 2016-08-16] (Elgato Systems GmbH)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [46008 2013-11-23] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-08] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-08] (Malwarebytes)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [317880 2016-03-29] (silex technology, Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-08 19:45 - 2017-11-08 19:45 - 000000000 ____D C:\FRST
2017-11-08 19:37 - 2017-11-08 19:40 - 000000000 ____D C:\AdwCleaner
2017-11-08 19:32 - 2017-11-08 19:45 - 000000000 ____D C:\Users\Johnson\Desktop\Safety First Everyone
2017-11-08 19:21 - 2017-11-08 19:41 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-08 19:21 - 2017-11-08 19:41 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-08 19:21 - 2017-11-08 19:41 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-08 19:21 - 2017-11-08 19:21 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-08 19:21 - 2017-11-08 19:21 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-08 19:21 - 2017-11-08 19:21 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-08 19:21 - 2017-11-08 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-08 19:21 - 2017-11-08 19:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-08 19:21 - 2017-11-08 19:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-08 19:21 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-08 19:19 - 2017-11-08 19:20 - 078346672 _____ (Malwarebytes ) C:\Users\Johnson\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-07 23:29 - 2017-11-07 23:29 - 000000000 ____D C:\Users\Johnson\AppData\LocalLow\AMD
2017-11-07 23:27 - 2017-11-07 23:27 - 000003274 _____ C:\Windows\System32\Tasks\AMD ThankingURL
2017-11-07 23:27 - 2017-11-07 23:27 - 000000197 _____ C:\LaunchURL.txt
2017-11-07 23:26 - 2017-11-07 23:26 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2017-11-07 23:26 - 2017-11-07 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-11-07 23:24 - 2017-11-07 23:24 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-11-07 23:23 - 2017-11-07 23:23 - 000000000 ____D C:\Users\Johnson\AppData\Local\RadeonInstaller
2017-11-07 23:16 - 2017-11-07 23:19 - 461189832 _____ (AMD Inc.) C:\Users\Johnson\Downloads\Non-WHQL-Win7-64Bit-Radeon-Software-Crimson-ReLive-17.11.1-Nov2.exe
2017-11-07 22:45 - 2017-11-07 22:45 - 010427120 _____ (Piriform Ltd) C:\Users\Johnson\Downloads\ccsetup536.exe
2017-11-07 22:45 - 2017-11-07 22:45 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-07 22:45 - 2017-11-07 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-07 22:42 - 2017-11-07 22:42 - 000060000 _____ C:\Users\Johnson\Downloads\radeon-crimson-relive-17.11.1-minimalsetup-171102_64bit.exe
2017-11-07 22:42 - 2017-11-07 22:42 - 000060000 _____ C:\Users\Johnson\Downloads\radeon-crimson-relive-17.10.1-minimalsetup-171010_64bit.exe
2017-11-06 23:04 - 2017-11-06 23:04 - 000000000 ___HD C:\temp
2017-11-06 22:50 - 2017-11-06 22:50 - 000003178 _____ C:\Windows\System32\Tasks\{33536A27-1029-4537-AD4E-C7072A1D5E0B}
2017-11-06 22:46 - 2017-11-06 22:53 - 000000000 ____D C:\Users\Johnson\Desktop\Cracked
2017-11-06 22:26 - 2017-11-06 22:26 - 000003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Johnson-PC-Johnson
2017-11-06 22:26 - 2017-11-06 22:26 - 000000000 ____D C:\Users\Public\Documents\Adobe
2017-11-06 22:26 - 2017-11-06 22:26 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-06 21:27 - 2017-11-06 21:27 - 000000000 ____D C:\Users\Johnson\AppData\Local\SplitMediaLabs
2017-11-06 21:26 - 2017-11-06 21:26 - 000001079 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2017-11-06 21:26 - 2017-11-06 21:26 - 000000000 ____D C:\ProgramData\SplitMediaLabs
2017-11-06 21:26 - 2017-11-06 21:26 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs
2017-11-06 21:25 - 2017-11-06 21:25 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\SplitmediaLabs
2017-11-06 21:18 - 2017-11-06 21:21 - 125318808 _____ (SplitmediaLabs) C:\Users\Johnson\Downloads\XSplit_Broadcaster_3.1.1709.1535.exe
2017-11-05 23:23 - 2017-11-05 23:23 - 000000000 ____D C:\Users\Johnson\AppData\Local\RadeonSettings
2017-11-04 23:52 - 2017-11-08 00:13 - 000000000 ____D C:\Users\Johnson\Documents\MetronomiconSaves
2017-11-04 22:47 - 2017-11-04 22:47 - 000000000 ____D C:\Users\Johnson\AppData\LocalLow\TheMeatly Games
2017-11-02 15:12 - 2017-11-02 15:12 - 000151592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2017-11-02 15:12 - 2017-11-02 15:12 - 000123752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2017-11-02 13:14 - 2017-11-02 13:14 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2017-11-02 13:13 - 2017-11-02 13:13 - 011579464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2017-11-02 13:13 - 2017-11-02 13:13 - 009412328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2017-11-02 13:13 - 2017-11-02 13:13 - 000470920 _____ C:\Windows\system32\dgtrayicon.exe
2017-11-02 13:13 - 2017-11-02 13:13 - 000449416 _____ C:\Windows\system32\GameManager64.dll
2017-11-02 13:13 - 2017-11-02 13:13 - 000172680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2017-11-02 13:13 - 2017-11-02 13:13 - 000143352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 013131144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 001541080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000698760 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-11-02 13:12 - 2017-11-02 13:12 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000536456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-11-02 13:12 - 2017-11-02 13:12 - 000475016 _____ (AMD) C:\Windows\system32\atitmm64.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000472456 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-11-02 13:12 - 2017-11-02 13:12 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000405384 _____ C:\Windows\system32\atieah64.exe
2017-11-02 13:12 - 2017-11-02 13:12 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2017-11-02 13:12 - 2017-11-02 13:12 - 000194440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-11-02 13:12 - 2017-11-02 13:12 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 011820496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 010747768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2017-11-02 13:11 - 2017-11-02 13:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2017-11-02 13:11 - 2017-11-02 13:11 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2017-11-02 13:11 - 2017-11-02 13:11 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 040034184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2017-11-02 13:10 - 2017-11-02 13:10 - 012084104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 009776520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 002915208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000694664 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000342920 _____ C:\Windows\system32\clinfo.exe
2017-11-02 13:10 - 2017-11-02 13:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-11-02 13:10 - 2017-11-02 13:10 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 061976968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 031403912 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 013527944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 011090824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 002533256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 001232264 _____ (AMD) C:\Windows\system32\coinst_17.40.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000436616 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2017-11-02 13:09 - 2017-11-02 13:09 - 000159624 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000136584 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2017-11-02 13:09 - 2017-11-02 13:09 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2017-11-02 13:08 - 2017-11-02 13:08 - 048013704 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2017-11-02 13:08 - 2017-11-02 13:08 - 028929416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2017-11-02 13:08 - 2017-11-02 13:08 - 025040776 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2017-11-02 12:43 - 2017-11-02 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-02 12:30 - 2017-11-02 12:30 - 000835448 _____ C:\Windows\SysWOW64\atiapfxx.blb
2017-11-02 12:30 - 2017-11-02 12:30 - 000835448 _____ C:\Windows\system32\atiapfxx.blb
2017-11-02 12:27 - 2017-11-02 12:27 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2017-11-02 12:22 - 2017-11-02 12:22 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2017-11-01 05:58 - 2017-11-01 05:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-11-01 05:58 - 2017-11-01 05:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-11-01 05:58 - 2017-11-01 05:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-11-01 05:58 - 2017-11-01 05:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-30 20:13 - 2017-10-30 20:13 - 001293929 _____ C:\Users\Johnson\Downloads\FF8UJSWFZ8J3PJO.pdf
2017-10-30 20:13 - 2017-10-30 20:13 - 001028983 _____ C:\Users\Johnson\Downloads\FQ62G38FYTCHCS0.pdf
2017-10-30 19:52 - 2017-10-30 19:52 - 001100847 _____ C:\Users\Johnson\Downloads\FRRVAIYFZ8J3PK4.pdf
2017-10-24 15:56 - 2017-10-24 15:56 - 003330902 _____ C:\Users\Johnson\Downloads\Events & Catering Guide 2017 tosha  (2).pdf
2017-10-22 22:35 - 2017-10-22 22:35 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Doublefine
2017-10-21 00:11 - 2017-10-21 00:11 - 001003622 _____ C:\Users\Johnson\Downloads\00567.pptx
2017-10-19 15:36 - 2017-10-19 15:36 - 000011325 _____ C:\Users\Johnson\Downloads\bettynoirbb_tt.zip
2017-10-19 15:21 - 2017-10-19 15:21 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-10-18 06:55 - 2017-10-18 06:55 - 000980583 _____ C:\Windows\system32\amdicdxx.dat
2017-10-18 00:07 - 2017-10-18 00:07 - 003330902 _____ C:\Users\Johnson\Downloads\Events & Catering Guide 2017 tosha  (1).pdf
2017-10-15 11:20 - 2017-10-15 11:20 - 000016215 _____ C:\Users\Johnson\Downloads\arrrmateybb_tt.zip
2017-10-15 02:55 - 2017-10-15 02:55 - 000995673 _____ C:\Users\Johnson\Downloads\NHDFB.psd
2017-10-15 01:47 - 2017-10-15 01:47 - 000034582 _____ C:\Users\Johnson\Desktop\CHEST.psd
2017-10-14 23:41 - 2017-10-14 23:41 - 015882303 _____ C:\Users\Johnson\Desktop\logoattempt.psd
2017-10-14 23:14 - 2017-10-14 23:14 - 004987837 _____ C:\Users\Johnson\Downloads\Aseprite-v1.2.3-trial-Portable.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-08 19:42 - 2016-12-13 23:38 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Skype
2017-11-08 19:41 - 2017-09-10 20:50 - 000197138 _____ C:\Windows\ntbtlog.txt
2017-11-08 19:41 - 2017-09-05 17:13 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-08 19:41 - 2016-10-12 21:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-11-08 19:41 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-08 19:35 - 2016-03-14 00:23 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\PlaysTV
2017-11-08 19:34 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-08 19:34 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-11-08 19:31 - 2015-11-10 00:17 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Raptr
2017-11-08 19:27 - 2013-10-22 21:14 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-08 19:27 - 2013-10-22 19:45 - 000000000 ____D C:\Users\Johnson
2017-11-08 19:18 - 2017-09-05 17:13 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-08 18:43 - 2016-09-20 14:28 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-11-08 00:39 - 2017-10-01 13:18 - 000000000 ____D C:\Users\Johnson\AppData\Local\ElevatedDiagnostics
2017-11-07 23:30 - 2009-07-13 23:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-11-07 23:28 - 2017-09-11 19:47 - 000065632 _____ C:\Users\Johnson\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-07 23:28 - 2015-12-29 17:08 - 000000000 ____D C:\Users\Johnson\AppData\Local\AMD
2017-11-07 23:27 - 2017-09-11 19:46 - 000297568 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-07 23:27 - 2016-07-12 18:50 - 000000000 ____D C:\AMD
2017-11-07 23:26 - 2016-04-13 16:52 - 000000000 ____D C:\Program Files (x86)\AMD
2017-11-07 23:26 - 2013-10-22 21:01 - 000000000 ____D C:\ProgramData\AMD
2017-11-07 23:24 - 2016-04-13 16:52 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-07 22:45 - 2013-10-22 21:01 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-07 22:45 - 2013-10-22 21:01 - 000000000 ____D C:\Program Files\CCleaner
2017-11-07 17:21 - 2013-10-22 21:00 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-06 23:08 - 2013-12-07 20:03 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Adobe
2017-11-06 23:04 - 2016-05-10 21:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-06 22:26 - 2015-01-08 22:09 - 000000000 ____D C:\Users\Johnson\AppData\Local\Adobe
2017-11-06 22:16 - 2015-02-17 17:03 - 000000000 ____D C:\ProgramData\Adobe
2017-11-06 21:30 - 2017-07-23 20:44 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Elgato
2017-11-06 17:30 - 2017-05-29 05:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-04 23:51 - 2013-10-30 22:07 - 000000000 ____D C:\ProgramData\Oracle
2017-11-04 18:31 - 2014-11-24 10:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-02 13:14 - 2013-10-08 08:01 - 000195888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2017-11-02 13:13 - 2017-06-12 15:14 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-11-02 13:13 - 2017-06-12 15:14 - 000020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-11-02 13:13 - 2013-10-08 08:00 - 015934280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2017-11-02 13:12 - 2017-06-12 15:14 - 000020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-11-02 13:12 - 2016-09-16 13:41 - 000223112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-11-02 13:12 - 2016-09-16 13:41 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2017-11-02 13:12 - 2013-10-08 08:01 - 001931408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-11-02 13:10 - 2016-09-16 13:40 - 001454984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-11-02 13:07 - 2016-09-16 13:38 - 035220872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2017-11-02 12:43 - 2017-09-05 17:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-01 16:34 - 2016-12-18 14:55 - 000000000 ____D C:\Users\Johnson\Desktop\BILLs HERE!
2017-10-26 15:21 - 2017-05-23 22:17 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys
2017-10-25 16:50 - 2017-06-30 14:59 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 16:50 - 2014-11-24 10:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-25 16:50 - 2014-11-24 10:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-25 16:50 - 2014-11-24 10:38 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-25 16:50 - 2014-11-24 10:38 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-22 16:08 - 2016-04-13 16:48 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\DS4Windows
2017-10-21 16:22 - 2017-08-23 00:37 - 000000000 ____D C:\Yu-Gi-Oh! The Dawn of a New Era
2017-10-19 20:28 - 2013-10-30 21:55 - 000000000 ____D C:\Users\Johnson\AppData\Local\CrashDumps
2017-10-19 15:21 - 2017-05-23 22:17 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-10-19 15:21 - 2017-05-23 22:17 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-10-19 15:21 - 2015-12-05 19:35 - 000000000 ____D C:\ProgramData\Avg
 
==================== Files in the root of some directories =======
 
2013-10-22 22:10 - 2016-01-16 23:03 - 001065984 _____ () C:\Users\Johnson\AppData\Local\file__0.localstorage
2016-08-11 17:15 - 2016-08-11 17:15 - 000007597 _____ () C:\Users\Johnson\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-09-26 18:11 - 2017-09-26 18:12 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Johnson\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 21:24] - [2013-11-05 18:54] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2010-11-20 21:24] - [2013-11-05 18:54] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-08 00:32
 
==================== End of FRST.txt ============================

 

Attached Files


Edited by imerpailsun, 08 November 2017 - 09:04 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 09 November 2017 - 09:20 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {82655072-54ad-11e3-80bd-74d02bcb8a70} - E:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {82655076-54ad-11e3-80bd-74d02bcb8a70} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-772906369-1891486758-4006532919-1000\...\MountPoints2: {96d546d1-559e-11e3-a245-74d02bcb8a70} - F:\Setup.exe
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-772906369-1891486758-4006532919-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={77DC4212-D658-42BF-8C15-DC68D9A3390F}&mid=c5ade5ce958247cd914ff54322adbf8b-4cc35cfeda0722767e98212dbf70dca8f37c6f95&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-12-05 18:59:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (VLC) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm [2015-03-03]
CHR Extension: (Fair AdBlocker) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-07]
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2017-11-02] () [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} =>  -> No File
ShellIconOverlayIdentifiers: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} =>  -> No File
ShellIconOverlayIdentifiers: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} =>  -> No File
ShellIconOverlayIdentifiers-x32: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} =>  -> No File
ShellIconOverlayIdentifiers-x32: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} =>  -> No File
ShellIconOverlayIdentifiers-x32: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {53C0CA2B-60DA-41FD-869F-C7049AEFF8BC} - \DriverMaxAgent -> No File <==== ATTENTION
(x86)\AMD\Performance Profile Client

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
===

Please let me know what problem persists with this computer.

p.s.

I suggest your replace the Chrome Extension: (Fair AdBlocker) with AdBlock Plus.
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

#5 imerpailsun

imerpailsun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 10 November 2017 - 02:10 AM

Created the list, ran FRST and updated java. The log is attached.

 

Also switched back over to adblocker plus. 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 10 November 2017 - 08:27 AM

Has your problem been solved?

#7 imerpailsun

imerpailsun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 10 November 2017 - 03:40 PM

Yes, thank you kindly. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 11 November 2017 - 09:12 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users