Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Removal


  • This topic is locked This topic is locked
5 replies to this topic

#1 daogaz

daogaz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 January 2018 - 06:43 PM

Hey, I recently noticed that this virus is pretty much taking over my entire computer. I don't know what it is but no matter what anti-virus scan I run wont finish, same with any other installations. If you could make things easy, and simple on me that would be great. I am running on a Windows 7 64-bit operating system. Here are my logs:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018

Ran by New Owner (11-01-2018 18:36:57)
Running from C:\Users\New Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 16:59:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2693677803-4276754797-1801310105-500 - Administrator - Disabled)
Guest (S-1-5-21-2693677803-4276754797-1801310105-501 - Limited - Disabled)
New Owner (S-1-5-21-2693677803-4276754797-1801310105-1000 - Administrator - Enabled) => C:\Users\New Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Amazon Assistant (HKLM-x32\...\{EDA2A064-F600-47BA-9EBA-58BE807BF6D2}) (Version: 10.17.0926 - Amazon) <==== ATTENTION
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
ccc-core-static (HKLM-x32\...\{8ADE5280-35CA-CF98-A456-F66B98C77244}) (Version: 2010.0210.2206.39615 - ATI) Hidden
Color Suite v11.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.1 - Red Giant, LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Discord (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{22405A43-ACAB-441D-A9C5-E176170910BC}) (Version: 14.0.237 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
join.me (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\JoinMe) (Version: 3.2.1.5223 - LogMeIn, Inc.)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Magic Bullet PhotoLooks (HKLM-x32\...\Magic Bullet PhotoLooks) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.44.0 - Overwolf Ltd.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.12 (HKLM-x32\...\Skype_is1) (Version: 8.12 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
TunnelBear (HKLM-x32\...\{1FD610E3-CE7E-4E4B-9978-E3E569D66E19}) (Version: 3.0.34.0 - TunnelBear) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Warframe (HKLM-x32\...\{E292F481-4154-4E64-A49D-C3E77FD26A38}) (Version: 1.0.0 - Digital Extremes)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-02-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C86A39-C59D-4A2F-8FF8-2995A22F0329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {04804DA8-FE96-4081-9A53-A2E0EE8C3C42} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {04804DA8-FE96-4081-9A53-A2E0EE8C3C42} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {0ADEFDEC-EB1D-465A-B252-7059A447F878} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe <==== ATTENTION
Task: {18B3469F-D914-4A53-81F0-6027956E5A1B} - \DistromaticSearchProtect-hourly -> No File <==== ATTENTION
Task: {2DC13EA3-2C32-4D9A-9264-032204EA8E99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {40B970A5-3062-452D-8668-A8B2E473C8AE} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe <==== ATTENTION
Task: {5180E367-44F6-4A9A-9FAE-1F544E6FCC18} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe <==== ATTENTION
Task: {83B56D2D-B10D-4685-BCB9-7B1AB5259F8D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {83B56D2D-B10D-4685-BCB9-7B1AB5259F8D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {874FECE7-4430-4E2F-A460-FC07908825A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {8BC133C4-2DC8-4150-8725-BF1A644E0634} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {AE1752DF-AB3C-425D-9163-AE6E7410C261} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BEC3E6F7-474C-48C0-8375-B5D2897F4C83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F52DC32A-D5CE-4052-A082-07B73A449674} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\New Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-04 12:06 - 2017-10-04 12:06 - 000105136 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2017-10-04 12:07 - 2017-10-04 12:07 - 000159408 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll
2018-01-04 17:48 - 2017-06-06 20:42 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2016-09-24 17:20 - 2016-09-24 17:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-02-12 12:49 - 2005-08-07 23:54 - 000167936 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2018-01-04 17:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-04 17:25 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-02-12 12:25 - 2011-12-05 20:58 - 000078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-02-12 12:25 - 2011-12-05 20:58 - 000386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-02-12 12:28 - 2016-02-12 12:28 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001037600 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2017-04-04 00:03 - 2017-03-29 03:47 - 002885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 00:03 - 2017-03-29 03:47 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2016-04-13 05:03 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-13 05:03 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-04-13 05:03 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-13 05:03 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-28 23:54 - 2016-10-28 23:54 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-06-10 01:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-13 16:13 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-13 05:03 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-09 13:39 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 16:38 - 2018-01-09 16:38 - 001780216 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-09 13:39 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 13:39 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 16:38 - 2018-01-09 16:38 - 009804280 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 16:38 - 2018-01-09 16:38 - 001505784 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 16:38 - 2018-01-09 16:38 - 000513016 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 16:38 - 2018-01-09 16:38 - 002662904 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 16:38 - 2018-01-09 16:38 - 001517048 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 16:38 - 2018-01-09 16:38 - 002749944 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2017-05-28 07:25 - 2017-12-18 17:24 - 068214160 _____ () C:\Users\New Owner\AppData\Roaming\Spotify\libcef.dll
2017-05-28 07:25 - 2017-12-18 17:24 - 003112848 _____ () C:\Users\New Owner\AppData\Roaming\Spotify\libglesv2.dll
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by New Owner (11-01-2018 18:36:57)
Running from C:\Users\New Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 16:59:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2693677803-4276754797-1801310105-500 - Administrator - Disabled)
Guest (S-1-5-21-2693677803-4276754797-1801310105-501 - Limited - Disabled)
New Owner (S-1-5-21-2693677803-4276754797-1801310105-1000 - Administrator - Enabled) => C:\Users\New Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Amazon Assistant (HKLM-x32\...\{EDA2A064-F600-47BA-9EBA-58BE807BF6D2}) (Version: 10.17.0926 - Amazon) <==== ATTENTION
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
ccc-core-static (HKLM-x32\...\{8ADE5280-35CA-CF98-A456-F66B98C77244}) (Version: 2010.0210.2206.39615 - ATI) Hidden
Color Suite v11.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.1 - Red Giant, LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Discord (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{22405A43-ACAB-441D-A9C5-E176170910BC}) (Version: 14.0.237 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
join.me (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\JoinMe) (Version: 3.2.1.5223 - LogMeIn, Inc.)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Magic Bullet PhotoLooks (HKLM-x32\...\Magic Bullet PhotoLooks) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.44.0 - Overwolf Ltd.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.12 (HKLM-x32\...\Skype_is1) (Version: 8.12 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
TunnelBear (HKLM-x32\...\{1FD610E3-CE7E-4E4B-9978-E3E569D66E19}) (Version: 3.0.34.0 - TunnelBear) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Warframe (HKLM-x32\...\{E292F481-4154-4E64-A49D-C3E77FD26A38}) (Version: 1.0.0 - Digital Extremes)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-02-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C86A39-C59D-4A2F-8FF8-2995A22F0329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {04804DA8-FE96-4081-9A53-A2E0EE8C3C42} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {04804DA8-FE96-4081-9A53-A2E0EE8C3C42} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {0ADEFDEC-EB1D-465A-B252-7059A447F878} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe <==== ATTENTION
Task: {18B3469F-D914-4A53-81F0-6027956E5A1B} - \DistromaticSearchProtect-hourly -> No File <==== ATTENTION
Task: {2DC13EA3-2C32-4D9A-9264-032204EA8E99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {40B970A5-3062-452D-8668-A8B2E473C8AE} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe <==== ATTENTION
Task: {5180E367-44F6-4A9A-9FAE-1F544E6FCC18} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe <==== ATTENTION
Task: {83B56D2D-B10D-4685-BCB9-7B1AB5259F8D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {83B56D2D-B10D-4685-BCB9-7B1AB5259F8D} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {874FECE7-4430-4E2F-A460-FC07908825A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {8BC133C4-2DC8-4150-8725-BF1A644E0634} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {AE1752DF-AB3C-425D-9163-AE6E7410C261} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BEC3E6F7-474C-48C0-8375-B5D2897F4C83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F52DC32A-D5CE-4052-A082-07B73A449674} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\New Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-04 12:06 - 2017-10-04 12:06 - 000105136 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2017-10-04 12:07 - 2017-10-04 12:07 - 000159408 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll
2018-01-04 17:48 - 2017-06-06 20:42 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2016-09-24 17:20 - 2016-09-24 17:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-02-12 12:49 - 2005-08-07 23:54 - 000167936 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2018-01-04 17:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-04 17:25 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-02-12 12:25 - 2011-12-05 20:58 - 000078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-02-12 12:25 - 2011-12-05 20:58 - 000386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-02-12 12:28 - 2016-02-12 12:28 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001037600 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2017-04-04 00:03 - 2017-03-29 03:47 - 002885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 00:03 - 2017-03-29 03:47 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2016-04-13 05:03 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-13 05:03 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-13 05:03 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-16 15:31 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-04-13 05:03 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-13 05:03 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-28 23:54 - 2016-10-28 23:54 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-06-10 01:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-13 16:13 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-13 05:03 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-09 13:39 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 16:38 - 2018-01-09 16:38 - 001780216 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-09 13:39 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 13:39 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\New Owner\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 16:38 - 2018-01-09 16:38 - 009804280 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 16:38 - 2018-01-09 16:38 - 001505784 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 16:38 - 2018-01-09 16:38 - 000513016 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 16:38 - 2018-01-09 16:38 - 002662904 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 16:38 - 2018-01-09 16:38 - 001517048 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 16:38 - 2018-01-09 16:38 - 002749944 _____ () \\?\C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2017-05-28 07:25 - 2017-12-18 17:24 - 068214160 _____ () C:\Users\New Owner\AppData\Roaming\Spotify\libcef.dll
2017-05-28 07:25 - 2017-12-18 17:24 - 003112848 _____ () C:\Users\New Owner\AppData\Roaming\Spotify\libglesv2.dll
2017-05-28 07:25 - 2017-12-18 17:24 - 000089488 _____ () C:\Users\New Owner\AppData\Roaming\Spotify\libegl.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000249120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000345376 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000254240 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000437024 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2016-04-18 06:05 - 2018-01-04 20:03 - 006339360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2017-10-19 21:43 - 2017-10-19 21:43 - 025159968 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\phonon.dll
2017-11-20 20:56 - 2017-11-29 03:08 - 002588960 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\steamnetworkingsockets.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000206112 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001176864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000865568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000387360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000622368 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000213280 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000791328 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000267040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundsystem.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001002784 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000418080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 003298080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000622368 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000189728 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000264480 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001118496 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 000613152 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2016-04-18 06:05 - 2018-01-10 21:14 - 012557600 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2018-01-09 16:38 - 2018-01-09 16:38 - 000619512 _____ () C:\Users\New Owner\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\1\DiscordOverlay.dll
2016-04-18 06:05 - 2018-01-10 21:14 - 010522912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000095520 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2016-04-18 06:05 - 2017-05-02 19:21 - 000078624 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2017-05-04 08:37 - 2017-05-04 08:37 - 000020256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2016-04-18 06:06 - 2017-12-25 18:18 - 000091936 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2016-04-18 06:05 - 2017-12-25 18:18 - 001025824 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2016-04-18 06:06 - 2017-12-25 18:18 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\New Owner:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-06-11 17:29 - 000000002 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2693677803-4276754797-1801310105-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\New Owner\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\New Owner\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\New Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{ABA16A54-A643-48F6-868D-15C6CDAEBFB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9072C320-9DA5-4D3D-AD6A-C96B1ED18355}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{21802A9C-1E83-4751-9E61-5678344F871C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BAE00FCC-1FD4-4DDE-9600-C4CBE7AA729B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EEC16D51-FAA7-4BD8-84C1-C5E0D11BC146}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4816FF7-F70C-404F-B1DC-8EA82883A24E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5C13D66-BFF5-4CD2-A5E6-4D5FD526BFC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C3E05FAD-CA45-4355-8A00-EEA8C3264D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{17C367BC-688A-4697-8939-5F9A824AD517}] => (Allow) LPort=25565
FirewallRules: [{EBB09399-CB90-41C5-B747-407B336D2A8B}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{74F1F147-1636-4062-8CF7-DF2BD909367A}C:\users\new owner\appdata\local\temp\joi7d1e.tmp\join.me.exe] => (Allow) C:\users\new owner\appdata\local\temp\joi7d1e.tmp\join.me.exe
FirewallRules: [UDP Query User{49F05531-5910-42DB-8A44-A79DBD10C83A}C:\users\new owner\appdata\local\temp\joi7d1e.tmp\join.me.exe] => (Allow) C:\users\new owner\appdata\local\temp\joi7d1e.tmp\join.me.exe
FirewallRules: [{191E7CE9-494D-49DF-9F01-F4782A000BCB}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{FFD69DDC-BEC3-4CF1-AEC4-6A976C600DCD}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{FA98034B-841C-48C9-BDFE-F4A8B863E1FF}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{FC17A0E1-A34F-44F6-B2AB-47F9F6A38231}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{1305A72A-1EB1-4D0A-B047-2D342C38FF6D}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{007A04E1-1369-47B3-B347-A0A4E8FADEDA}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{CFCF2FCF-6A09-4130-B6C8-14D39835B696}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{2C8ADD6A-86CA-4338-A951-EAE37585612F}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{B5632935-3218-4414-B7D2-D750C881CA8E}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{DA3F1917-16F4-4C04-83A9-D9A8EB94976A}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D1EA8D5E-E944-42B1-916B-F6F4A8C72766}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{0B9BE326-5B6E-4625-BAAB-D4663EED876D}] => (Allow) C:\Users\New Owner\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{BDA6B732-F903-4D04-8197-EAE8515EFFB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FA02798A-D862-43DB-928D-8F9CB930AD43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{90E2BEAC-AC38-4111-8239-7D3D493F6C0A}C:\users\new owner\appdata\local\temp\joicbc8.tmp\join.me.exe] => (Block) C:\users\new owner\appdata\local\temp\joicbc8.tmp\join.me.exe
FirewallRules: [UDP Query User{2B31E278-C468-4B57-B5FF-97A4FA1C2AF5}C:\users\new owner\appdata\local\temp\joicbc8.tmp\join.me.exe] => (Block) C:\users\new owner\appdata\local\temp\joicbc8.tmp\join.me.exe
FirewallRules: [TCP Query User{BFA609F6-531B-486F-A165-3A7A7107F63F}C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{C5ABC3C9-EB7F-4F96-B920-6430F3F23ED0}C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{7409A0B1-54D7-432C-9F6C-849720269125}] => (Block) C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{9134B736-5E2A-4D2D-9980-D6C7B07170EF}] => (Block) C:\users\new owner\desktop\teamspeak3-server_win64-3.0.10.1\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{446AFE41-E7CF-45D2-9D2B-DDC6EF0F22D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [{85CF8ADC-4807-4885-9444-D41A9DAD80CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [{17B83E2C-897A-43D7-83D1-24DC9CD5CB74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8EE73322-19CA-4F94-8F3F-4B5B6256AE1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{4BB4477B-4B26-497F-B5FE-ECF781458216}C:\users\new owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\new owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F4C0DA26-DA53-4D43-810C-42D2379AE06F}C:\users\new owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\new owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CC951A58-5C54-404E-83AD-91060E82E389}C:\program files (x86)\adobe\adobe photoshop cs6\adobe photoshop cs6\app\photoshopcs6\photoshop.exe] => (Allow) C:\program files (x86)\adobe\adobe photoshop cs6\adobe photoshop cs6\app\photoshopcs6\photoshop.exe
FirewallRules: [UDP Query User{FBF83A74-4D5C-4C9B-A61C-760EAC6CAAAC}C:\program files (x86)\adobe\adobe photoshop cs6\adobe photoshop cs6\app\photoshopcs6\photoshop.exe] => (Allow) C:\program files (x86)\adobe\adobe photoshop cs6\adobe photoshop cs6\app\photoshopcs6\photoshop.exe
FirewallRules: [TCP Query User{C216C030-F7A7-42F0-A229-639BE55D2559}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [UDP Query User{EA193DF6-224E-46CA-B94D-54B09E8D2797}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [{2FFDB418-8005-41E4-834B-570A979282F7}] => (Allow) C:\Users\New Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{845743E0-98B0-4D82-AE59-8D777080FF2B}] => (Allow) C:\Users\New Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2B7AE371-03AE-4142-9799-CA2BD1FF36D9}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9202BA94-6593-4D80-8399-E9BA54D0BDF7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{A094F30F-6C20-43F9-8C4A-8109606CB252}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{06E2434B-88B5-433E-97E2-A33EAD3BCEA0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3FB8780E-1BBF-4DEB-8B44-C68F1257EBEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-12-2017 06:30:10 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl9b39e598
Description: MpKsl9b39e598
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl9b39e598
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2018 06:16:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe" /silent; Description = Installed DirectX; Error = 0x81000101).
 
Error: (01/10/2018 09:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/07/2018 01:47:11 AM) (Source: MsiInstaller) (EventID: 11904) (User: NewOwner-PC)
Description: Product: VEGAS Pro 15.0 -- Error 1904. Module C:\Program Files\VEGAS\VEGAS Pro 15.0\sfvstwrap.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.
 
Error: (01/06/2018 09:45:19 PM) (Source: MsiInstaller) (EventID: 11935) (User: NewOwner-PC)
Description: Product: MSVCRT Redists -- Error 1935. An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, component: {A75F2217-AD54-3EA6-AE14-F255F8660531}
 
Error: (01/04/2018 06:12:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\NEWOWN~1\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe -q -burn.elevated BurnPipe.{94605267-A0FD-494A-9CA7-E29B874B47B0} {F3B87681-0F09-43E9-AD63-F10BBCBDEA10} 2400; Description = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030; Error = 0x81000101).
 
Error: (01/04/2018 06:02:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Intel® C++ Redistributables on IA-32; Error = 0x81000101).
 
Error: (01/04/2018 05:59:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vcredist_x86 (1).exe version 11.0.61030.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 960
 
Start Time: 01d385af479a48ab
 
Termination Time: 2
 
Application Path: C:\Users\New Owner\Desktop\vcredist_x86 (1).exe
 
Report Id:
 
Error: (01/04/2018 05:52:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Intel® C++ Redistributables on IA-32; Error = 0x81000101).
 
Error: (01/04/2018 05:28:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Intel® C++ Redistributables on IA-32; Error = 0x81000101).
 
Error: (01/04/2018 05:22:21 PM) (Source: MsiInstaller) (EventID: 11500) (User: NewOwner-PC)
Description: Product: Intel® C++ Redistributables on Intel® 64 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
 
 
System errors:
=============
Error: (01/11/2018 06:18:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (01/10/2018 09:11:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/10/2018 09:11:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Genuine Software Integrity Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/10/2018 09:11:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:10:25 PM on ‎1/‎10/‎2018 was unexpected.
 
Error: (01/06/2018 09:27:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3C6859CE-230B-48A4-BE6C-932C0C202048} did not register with DCOM within the required timeout.
 
Error: (01/04/2018 05:58:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (01/03/2018 01:33:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/03/2018 01:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Genuine Software Integrity Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/03/2018 07:36:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (01/02/2018 01:47:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4350 Quad-Core Processor 
Percentage of memory in use: 74%
Total physical RAM: 7918.12 MB
Available physical RAM: 1986.18 MB
Total Virtual: 15834.42 MB
Available Virtual: 8576.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:624.7 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0CE1CC34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 12 January 2018 - 01:14 PM

Hi daogaz,

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
In the meantime:

  • Locate FRST.txt on your Desktop
  • Double-click it to open it
  • Copy and paste the contents of FRST.txt into your next reply to me
  • If you cannot locate FRST.txt, then run FRST64 again

Let me know if you have any questions.
 
polskamachina


Edited by polskamachina, 13 January 2018 - 11:31 AM.


#3 daogaz

daogaz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 15 January 2018 - 01:08 AM

Hey the message is to large to send without a file attachment, here:

Attached Files

  • Attached File  FRST.txt   148.89KB   4 downloads


#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 16 January 2018 - 02:47 PM

Hi daogaz :)
 
I noticed in your logs there is evidence of pirated software. These pirated programs are a good source of malware infection as you do not know what was included when the original product was patched/pirated. Ethics aside, it may be illegal depending on the cyber law of your country. We at Bleeping Computer strongly recommend you to avoid using cracks, keygens and such. If you decide to keep the cracked software you risk infecting your computer. Also note that some of your cracked software may be removed by the tools we use.
 
Next:

  • Highlight the text below in its entirety and press Ctrl-C to copy it:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\GUT1143.tmp
C:\Program Files (x86)\GUT53EA.tmp
C:\Program Files (x86)\GUT7B25.tmp
C:\Program Files (x86)\GUT81BD.tmp
C:\Program Files (x86)\GUT8823.tmp
C:\Program Files (x86)\GUTB673.tmp
EmptyTemp:
End::
  • Run FRST64
  • This time click on Fix
  • It may take some time to complete the fix depending on how many temporary files need removing
  • When the fix has completed, you will be asked to restart your machine
  • Click OK to restart your machine
  • After the reboot, you will find a file on your desktop named, Fixlog.txt
  • Please copy and paste that log into your next reply to me

Next:

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click Back, then click Finish to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 

Next:

  • Run FRST64 again
  • Click on Scan
  • Please copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • Fixlog.txt
  • ESET log of found threats if applicable
  • FRST.txt
  • Addition.txt

Let me know if you have any questions.

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 19 January 2018 - 01:26 PM

Hi daogaz :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:58 AM

Posted 22 January 2018 - 01:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users