Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Process Manager (32 bit) and igfxmtc (32 bit)


  • This topic is locked This topic is locked
17 replies to this topic

#1 Crusader527

Crusader527

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 13 January 2018 - 08:17 PM

Ever since 12/22/2017, I have had an unknown application running in my task manager, known as "igfxmtc (32 bit)" and "sierzdksvc". I have done plenty of research on how to get rid of it, and processes like it, but I can't seem to get rid of it. It has now gotten to the point where my computer runs very slowly unless I restart frequently, due to another application called "Windows Process Manager (32 bit)". When trying to remove "igfxmtc (32 bit)" and "sierzdksvc", I found multiple folders in the file directory "C:\Users\(my username)\AppData\Local" that didn't seem to belong. Including the folders "igfxmtc (32 bit)" and "sierzdksvc". When I tried to delete the folders, they said, "You require permission from the computer's administrator to make changes to this folder", even after I give myself owner permissions over the folders. I have ran mbar and it has removed 10 rootkits out of 13, the 3 remaining being "igfxmtc (32 bit)", which doesn't seem to want to be removed. I also found out that it is classified, not just as a trojan, but also as a "smart service trojan", which I have no clue as to what that means, but it doesn't sound good. I am, however, following the "preparation guide for use before using malware removal tools and requesting help", and thus, have ran FRST and have my files ready. Strangely enough, I noticed that it can scan, but it can't "fix" anything because it requires a "fixlist", which I have no idea what that is either. Any help will be appreciated, thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2018 01
Ran by Crusader (administrator) on DESKTOP-R1SQMUC (13-01-2018 19:51:46)
Running from C:\Users\Crusader\Desktop
Loaded Profiles: Crusader (Available Profiles: Crusader)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\sierzdksvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Twitch.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\Crusader\AppData\Local\avigcue\avigcue.exe
() C:\Users\Crusader\AppData\Local\igfxmtc\igfxmtc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [deduct] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM\...\Run: [deductdeduct] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [cregg] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM-x32\...\Run: [creggcregg] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [Discord] => C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executives] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executivesexecutives] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanni] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanniyanni] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [oti] => "C:\Program Files (x86)\Firestorm\kiper.exe"
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk [2017-12-22]
ShortcutTarget: executrix.lnk -> C:\Program Files (x86)\Firestorm\kiper.exe (No File)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk [2017-12-22]
ShortcutTarget: executrixexecutrix.lnk -> C:\Program Files (x86)\institutionalized\walther.exe (No File)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-01-05]
ShortcutTarget: Twitch.lnk -> C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26942e23-f31f-4bc5-899c-7b4495eee6ed}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1596144107-502323947-3988411073-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1596144107-502323947-3988411073-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-09] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-09] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: orl3ai51.default
FF ProfilePath: C:\Users\Crusader\AppData\Roaming\Mozilla\Firefox\Profiles\orl3ai51.default [2017-12-22]
FF Homepage: Mozilla\Firefox\Profiles\orl3ai51.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-22] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default [2018-01-13]
CHR Extension: (Slides) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-22]
CHR Extension: (Docs) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-22]
CHR Extension: (Google Drive) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-22]
CHR Extension: (YouTube) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-22]
CHR Extension: (Sheets) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-22]
CHR Extension: (Gmail) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp <==== ATTENTION (Rootkit!)

R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-09] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-09] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 12733588; C:\WINDOWS\system32\drivers\12733588.sys [255928 2018-01-13] (Malwarebytes)
S3 CMUAC; C:\WINDOWS\system32\DRIVERS\CMUAC.SYS [572416 2014-01-08] (C-Media Inc.)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-09] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-09] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-09] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 19:51 - 2018-01-13 19:52 - 000013878 _____ C:\Users\Crusader\Desktop\FRST.txt
2018-01-13 19:42 - 2018-01-13 19:42 - 000032396 _____ C:\Users\Crusader\Downloads\Addition.txt
2018-01-13 19:33 - 2018-01-13 19:49 - 002393088 _____ (Farbar) C:\Users\Crusader\Desktop\FRST64.exe
2018-01-13 19:23 - 2018-01-13 19:51 - 000000000 ____D C:\FRST
2018-01-13 19:18 - 2018-01-13 19:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\76323112.sys
2018-01-13 18:51 - 2018-01-13 18:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-13 18:50 - 2018-01-13 19:18 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-13 18:50 - 2018-01-13 18:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\D5639643.sys
2018-01-13 18:44 - 2018-01-13 18:44 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieehlor.sys
2018-01-13 18:30 - 2018-01-13 18:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (3).exe
2018-01-13 18:22 - 2018-01-13 18:43 - 000000000 ____D C:\AdwCleaner
2018-01-13 17:51 - 2018-01-13 17:51 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (2).exe
2018-01-13 17:47 - 2018-01-13 18:19 - 000000000 ____D C:\Users\Crusader\Desktop\mbar
2018-01-13 17:45 - 2018-01-13 17:46 - 014161479 _____ C:\Users\Crusader\Downloads\mbar-1.10.3.1001-nr (1).exe
2018-01-13 17:45 - 2018-01-13 17:46 - 008198432 _____ (Malwarebytes) C:\Users\Crusader\Downloads\AdwCleaner.exe
2018-01-13 17:43 - 2018-01-13 17:46 - 082149144 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe
2018-01-11 17:50 - 2018-01-11 17:50 - 000001717 _____ C:\Users\Public\Desktop\Enter the Gungeon.lnk
2018-01-11 17:50 - 2018-01-11 17:50 - 000001717 _____ C:\ProgramData\Desktop\Enter the Gungeon.lnk
2018-01-11 17:50 - 2018-01-11 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enter the Gungeon [GOG.com]
2018-01-11 17:46 - 2018-01-11 18:42 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Dodge Roll
2018-01-11 17:46 - 2018-01-11 17:46 - 000000000 ____D C:\GOG Games
2018-01-11 17:40 - 2018-01-11 17:41 - 000000000 ____D C:\Users\Crusader\Downloads\Enter.The.Gungeon.v2.7.0.9-GOG
2018-01-07 17:18 - 2018-01-07 17:18 - 007186992 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x64 (1).exe
2018-01-07 17:18 - 2018-01-07 17:18 - 006554576 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x86 (1).exe
2018-01-06 15:10 - 2018-01-06 15:10 - 007186992 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x64.exe
2018-01-06 15:10 - 2018-01-06 15:10 - 006554576 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x86.exe
2018-01-06 15:06 - 2018-01-06 15:07 - 000000000 ____D C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21
2018-01-06 14:55 - 2018-01-06 15:03 - 933398193 _____ C:\Users\Crusader\Downloads\The.Binding.of.Isaac.Afterbirth.Plus.Update.21.rar
2018-01-06 14:53 - 2018-01-06 14:55 - 000000000 ____D C:\Users\Crusader\Downloads\The Binding of Isaac - Afterbirth Plus
2018-01-06 14:45 - 2018-01-06 14:45 - 048409208 _____ (HP.inc ) C:\Users\Crusader\Downloads\sp78033 (1).exe
2018-01-06 14:45 - 2018-01-06 14:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\hpqLog
2018-01-06 14:45 - 2018-01-06 14:45 - 000000000 ____D C:\ProgramData\HP
2018-01-06 14:38 - 2018-01-06 14:38 - 014572000 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x64 (1).exe
2018-01-06 14:38 - 2018-01-06 14:38 - 013767776 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x86.exe
2018-01-06 14:26 - 2018-01-06 14:26 - 014572000 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x64.exe
2018-01-06 14:25 - 2018-01-06 14:25 - 048409208 _____ (HP.inc ) C:\Users\Crusader\Downloads\sp78033.exe
2018-01-06 13:37 - 2018-01-06 13:37 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Bennett Foddy
2018-01-06 13:36 - 2018-01-06 13:36 - 000000000 ____D C:\Users\Crusader\Desktop\Getting Over It With Bennett Foddy
2018-01-06 13:29 - 2018-01-06 13:34 - 643233319 _____ C:\Users\Crusader\Downloads\Getting_Over_It_with_Bennett_Foddy_Windows.zip
2018-01-06 13:17 - 2018-01-06 14:36 - 000000000 ___HD C:\Program Files (x86)\Nicalis Inc
2018-01-05 19:15 - 2018-01-05 19:15 - 000000000 ____D C:\Users\Crusader\Documents\Curse
2018-01-05 16:30 - 2018-01-05 16:30 - 000000000 ____D C:\ProgramData\Twitch
2018-01-05 16:29 - 2018-01-13 19:18 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Twitch
2018-01-05 16:29 - 2018-01-05 16:29 - 000001034 _____ C:\Users\Crusader\Desktop\Twitch.lnk
2018-01-05 16:29 - 2018-01-05 16:29 - 000001020 _____ C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-01-05 16:28 - 2018-01-05 16:29 - 109436736 _____ C:\Users\Crusader\Downloads\TwitchSetup.exe
2018-01-05 00:40 - 2018-01-05 00:40 - 000000000 __SHD C:\ProgramData\DSS
2018-01-05 00:39 - 2018-01-05 00:39 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Lionhead Studios
2018-01-05 00:03 - 2018-01-05 00:03 - 000001222 _____ C:\Users\Public\Desktop\Fable III.lnk
2018-01-05 00:03 - 2018-01-05 00:03 - 000001222 _____ C:\ProgramData\Desktop\Fable III.lnk
2018-01-04 22:48 - 2018-01-04 22:53 - 000000000 ____D C:\Users\Crusader\Desktop\Fable III Complete repack Mr DJ
2017-12-24 12:54 - 2018-01-13 16:07 - 000004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1270B3EA-5781-4386-BF37-A6EF7AFADFFE}
2017-12-23 18:11 - 2017-12-23 18:11 - 000000000 ____D C:\Users\Crusader\Desktop\The Binding of Isaac Rebirth Update 10
2017-12-23 17:38 - 2017-12-23 17:46 - 000000000 ____D C:\Users\Crusader\Downloads\The Binding of Isaac Rebirth Update 10 repack Mr DJ
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\FiraxisLive
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\Users\Crusader\AppData\Local\My Games
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\ProgramData\Steam
2017-12-23 14:13 - 2018-01-05 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-12-23 14:13 - 2017-12-23 14:13 - 000001441 _____ C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth Launcher.lnk
2017-12-23 14:13 - 2017-12-23 14:13 - 000001441 _____ C:\ProgramData\Desktop\Sid Meiers Civilization Beyond Earth Launcher.lnk
2017-12-23 13:58 - 2018-01-04 23:31 - 000000000 ___HD C:\Program Files (x86)\Mr DJ
2017-12-23 13:55 - 2018-01-04 23:31 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2017-12-23 13:55 - 2018-01-04 23:31 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-12-23 13:25 - 2017-12-23 13:27 - 000000000 ____D C:\Users\Crusader\Downloads\Sid Meiers Civilization Beyond Earth repack Mr DJ
2017-12-23 12:47 - 2018-01-11 18:14 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\BitTorrent
2017-12-23 12:47 - 2018-01-11 17:40 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\BitTorrent
2017-12-23 12:47 - 2017-12-23 12:47 - 000000978 _____ C:\Users\Crusader\Desktop\BitTorrent.lnk
2017-12-23 12:46 - 2017-12-23 12:46 - 002870880 _____ (BitTorrent Inc.) C:\Users\Crusader\Downloads\BitTorrent (1).exe
2017-12-23 12:33 - 2017-12-23 12:33 - 000000000 ____D C:\Users\Crusader\Documents\FeedbackHub
2017-12-22 23:57 - 2017-12-22 23:57 - 002267848 _____ (wj32 ) C:\Users\Crusader\Downloads\processhacker-2.39-setup (1).exe
2017-12-22 23:55 - 2017-12-22 23:55 - 002267848 _____ (wj32 ) C:\Users\Crusader\Downloads\processhacker-2.39-setup.exe
2017-12-22 23:52 - 2017-12-22 23:52 - 001931969 _____ C:\Users\Crusader\Downloads\ProcessExplorer.zip
2017-12-22 23:37 - 2017-12-22 23:37 - 000863696 _____ (Malwarebytes) C:\Users\Crusader\Downloads\mb-clean-3.1.0.1031.exe
2017-12-22 23:34 - 2017-12-22 23:34 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (1).exe
2017-12-22 23:34 - 2017-12-22 23:34 - 002755584 _____ C:\Users\Crusader\Downloads\SH-Alt-Install.exe
2017-12-22 23:31 - 2017-12-22 23:31 - 005195952 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer-k.com
2017-12-22 23:25 - 2017-12-22 23:25 - 000881904 _____ (Plumbytes Software) C:\Users\Crusader\Downloads\antimalwaresetup.exe
2017-12-22 23:24 - 2018-01-06 01:30 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-22 23:24 - 2018-01-06 01:30 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-22 23:24 - 2018-01-06 01:30 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-12-22 23:23 - 2017-12-22 23:23 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-22 23:23 - 2017-12-22 23:23 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-22 22:33 - 2017-12-22 22:33 - 001790024 _____ (Malwarebytes) C:\Users\Crusader\Downloads\JRT.exe
2017-12-22 22:29 - 2017-12-22 22:42 - 622582408 _____ (Doctor Web, Ltd.) C:\Users\Crusader\Downloads\drweb-livedisk-900-usb.exe
2017-12-22 22:29 - 2017-12-22 22:31 - 083316440 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2017-12-22 22:27 - 2018-01-13 18:21 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\12733588.sys
2017-12-22 22:25 - 2017-12-22 22:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1596144107-502323947-3988411073-1001
2017-12-22 21:52 - 2017-12-22 21:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5134634F.sys
2017-12-22 21:51 - 2018-01-13 19:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-22 21:50 - 2017-12-22 21:51 - 014161479 _____ C:\Users\Crusader\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-22 21:41 - 2017-12-22 21:41 - 000346112 _____ C:\Users\Crusader\Downloads\Unlocker 1.9.2.msi
2017-12-22 21:41 - 2017-12-22 21:41 - 000346112 _____ C:\Users\Crusader\Downloads\Unlocker 1.9.2 (1).msi
2017-12-22 21:29 - 2017-12-22 21:29 - 000167034 _____ C:\Users\Crusader\Downloads\fileassassin-setup-1.06.exe
2017-12-22 20:55 - 2018-01-13 09:21 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-22 20:06 - 2017-12-22 20:06 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-22 19:59 - 2017-12-25 06:33 - 000000000 ____D C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:53 - 2017-12-22 19:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-22 19:46 - 2017-12-22 19:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-22 19:44 - 2017-12-22 19:45 - 083316440 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-22 19:37 - 2018-01-13 19:49 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2018-01-13 18:45 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\terence
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\Sutch
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\SysWOW64\snbgxzv
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
2017-12-22 19:32 - 2017-12-22 19:32 - 000822328 _____ (Roblox Corporation) C:\Users\Crusader\Downloads\RobloxPlayerLauncher.exe
2017-12-22 19:32 - 2017-12-22 19:32 - 000822328 _____ (Roblox Corporation) C:\Users\Crusader\Downloads\RobloxPlayerLauncher(1).exe
2017-12-22 19:32 - 2017-12-22 19:32 - 000001209 _____ C:\Users\Crusader\Desktop\Roblox Studio.lnk
2017-12-22 19:32 - 2017-12-22 19:32 - 000000047 _____ C:\Users\Crusader\AppData\LocalLow\rbxcsettings.rbx
2017-12-22 19:32 - 2017-12-22 19:32 - 000000000 ____D C:\ProgramData\Roblox
2017-12-22 19:32 - 2017-12-22 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-22 19:24 - 2018-01-13 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-12-22 19:24 - 2017-12-22 23:33 - 000000000 ____D C:\ProgramData\Lavasoft
2017-12-22 19:22 - 2017-12-22 19:22 - 002870880 _____ (BitTorrent Inc.) C:\Users\Crusader\Downloads\BitTorrent.exe
2017-12-22 18:57 - 2017-12-23 18:11 - 000000000 ____D C:\Users\Crusader\Documents\My Games
2017-12-22 18:09 - 2017-12-22 18:09 - 000000221 _____ C:\Users\Crusader\Desktop\The Elder Scrolls V Skyrim.url
2017-12-21 22:53 - 2017-12-21 22:53 - 000037157 _____ C:\WINDOWS\uninstaller.dat
2017-12-19 00:03 - 2017-12-22 08:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-19 00:03 - 2017-12-22 08:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-18 21:51 - 2017-12-18 21:51 - 000000000 ____D C:\Users\Crusader\Documents\Elder Scrolls Online
2017-12-18 21:51 - 2017-12-18 21:51 - 000000000 ____D C:\ProgramData\Elder Scrolls Online
2017-12-18 21:44 - 2018-01-06 15:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-18 21:42 - 2017-12-18 21:42 - 000000000 ____D C:\WINDOWS\jre
2017-12-18 21:42 - 2017-12-18 21:42 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-12-18 21:41 - 2017-12-18 21:42 - 000000000 ____D C:\Program Files (x86)\Zero G Registry
2017-12-18 21:33 - 2017-12-18 21:33 - 000000000 ___HD C:\Users\Crusader\InstallAnywhere
2017-12-18 21:32 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-12-18 21:32 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-12-18 21:32 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-12-18 21:32 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-12-18 21:32 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-18 21:32 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-12-18 21:32 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-12-18 21:32 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-12-18 21:32 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-12-18 21:32 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-18 21:32 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-18 21:32 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-12-18 21:32 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-18 21:32 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-12-18 21:32 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-18 21:32 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-12-18 21:32 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-18 21:32 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-12-18 21:32 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-18 21:32 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-12-18 21:32 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-18 21:32 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-12-18 21:32 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-18 21:32 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-12-18 21:32 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-18 21:32 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-12-18 21:32 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-18 21:32 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-12-18 21:32 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-18 21:32 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-12-18 21:31 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-18 21:31 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-12-18 21:31 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-18 21:31 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-12-18 21:31 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-12-18 21:31 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-12-18 21:31 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-18 21:31 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-18 21:31 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-18 21:31 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-12-18 21:31 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-12-18 21:31 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-12-18 21:31 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-18 21:31 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-18 21:31 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-12-18 21:31 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-18 21:31 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-12-18 21:31 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-18 21:31 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-12-18 21:31 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-18 21:31 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-12-18 21:31 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-18 21:31 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-12-18 21:31 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-18 21:31 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-12-18 21:31 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-18 21:31 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-12-18 21:31 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-18 21:31 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-12-18 21:31 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-18 21:31 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-12-18 21:31 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-18 21:31 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-12-18 21:31 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-18 21:31 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-12-17 21:29 - 2017-12-17 21:29 - 000000000 ____D C:\Users\Crusader\AppData\Local\DBG
2017-12-17 21:20 - 2017-12-18 21:30 - 000001310 _____ C:\Users\Crusader\Desktop\nativelog.txt
2017-12-17 20:19 - 2017-12-17 20:19 - 000000222 _____ C:\Users\Crusader\Desktop\Guild Quest.url
2017-12-17 20:19 - 2017-12-17 20:19 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Hyper Hippo Games
2017-12-17 20:15 - 2017-12-17 20:15 - 000000222 _____ C:\Users\Crusader\Desktop\AdVenture Communist.url
2017-12-17 19:25 - 2017-12-17 19:25 - 000000222 _____ C:\Users\Crusader\Desktop\The Elder Scrolls Online Tamriel Unlimited.url
2017-12-17 19:10 - 2017-12-17 19:10 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Holyday Studios
2017-12-17 19:05 - 2017-12-17 19:05 - 000000000 ____D C:\Users\Crusader\AppData\Local\NVIDIA
2017-12-17 15:07 - 2017-12-17 15:07 - 000000222 _____ C:\Users\Crusader\Desktop\Holyday City Reloaded.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 18:50 - 2017-12-10 11:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-13 18:50 - 2017-12-10 00:38 - 001244530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-13 18:49 - 2017-12-10 00:29 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-13 18:49 - 2017-12-09 22:14 - 000000000 ____D C:\Users\Crusader
2018-01-13 18:45 - 2017-12-10 00:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-13 18:44 - 2017-12-09 23:58 - 013631488 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-13 18:44 - 2017-12-09 23:58 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-13 18:17 - 2017-12-10 00:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-13 16:43 - 2017-12-10 00:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-13 09:22 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-13 09:21 - 2017-12-10 00:07 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-11 18:36 - 2017-12-09 22:15 - 000000000 ____D C:\Users\Crusader\AppData\Local\ConnectedDevicesPlatform
2018-01-11 18:21 - 2017-12-09 22:15 - 000000000 ____D C:\Users\Crusader\AppData\Local\Packages
2018-01-11 17:52 - 2017-12-10 00:07 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-09 18:57 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\discord
2018-01-09 00:18 - 2017-12-09 22:19 - 000002347 _____ C:\Users\Crusader\Desktop\Discord.lnk
2018-01-09 00:18 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-01-09 00:18 - 2017-12-09 22:18 - 000000000 ____D C:\Users\Crusader\AppData\Local\Discord
2018-01-06 13:16 - 2017-12-10 00:06 - 000000000 ____D C:\WINDOWS\INF
2017-12-27 05:44 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-24 12:46 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-22 23:24 - 2017-12-09 22:17 - 000000000 ____D C:\Users\Crusader\AppData\Local\Google
2017-12-22 23:24 - 2017-12-09 22:17 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-22 23:19 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Mozilla
2017-12-22 23:19 - 2017-12-09 22:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-21 23:26 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\rescache
2017-12-19 00:04 - 2017-12-09 22:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-19 00:04 - 2017-12-09 22:15 - 000000000 ___RD C:\Users\Crusader\3D Objects
2017-12-19 00:03 - 2017-12-10 00:26 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-18 20:36 - 2017-12-11 20:10 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\.minecraft

Some files in TEMP:
====================
2018-01-13 18:32 - 2018-01-13 04:01 - 000863696 _____ (Malwarebytes) C:\Users\Crusader\AppData\Local\Temp\mb-clean.exe
2018-01-13 18:32 - 2018-01-13 17:46 - 082149144 _____ (Malwarebytes ) C:\Users\Crusader\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wieehlor.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2018-01-11 23:15

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by Crusader (13-01-2018 19:52:33)
Running from C:\Users\Crusader\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-10 05:35:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1596144107-502323947-3988411073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1596144107-502323947-3988411073-503 - Limited - Disabled)
Guest (S-1-5-21-1596144107-502323947-3988411073-501 - Limited - Disabled)
Hunter (S-1-5-21-1596144107-502323947-3988411073-1005 - Administrator - Enabled)
Crusader (S-1-5-21-1596144107-502323947-3988411073-1001 - Administrator - Enabled) => C:\Users\Crusader
WDAGUtilityAccount (S-1-5-21-1596144107-502323947-3988411073-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
BitTorrent (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Discord (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Fable III version 1.1.1.3 (HKLM-x32\...\Fable III_is1) (Version: 1.1.1.3 - Mr DJ)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Sid Meiers Civilization Beyond Earth version 1.1.2.4035 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: 1.1.2.4035 - Mr DJ)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Twitch (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F28A5C-5017-47EA-A4CF-B1880CA0FF1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {310D6DA3-1320-42C4-89B2-73ED297633DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {36D96391-6B00-43CC-9F47-9921DC0ADBC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)
Task: {58A56D5C-0B1D-4BB2-8B21-CC03460F8461} - System32\Tasks\S-1-5-21-1596144107-502323947-3988411073-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {5B665183-CAF9-4CBB-8814-DA85FB83D03D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {B44C1912-6597-4D87-8E91-E99F3AABA627} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {BEF2D72C-F554-4073-8DB6-66EB3E9D5DAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-12 18:18 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 18:18 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 20:08 - 2018-01-03 20:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 20:08 - 2018-01-03 20:09 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 004063064 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 000099672 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-09 11:34 - 2018-01-09 11:34 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-09 22:18 - 2017-12-09 22:18 - 000102088 _____ () C:\Users\Crusader\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 001780216 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2017-12-10 11:10 - 2017-11-29 00:09 - 000781088 ____R () C:\Program Files (x86)\Steam\SDL2.dll
2017-12-10 11:10 - 2017-12-15 14:59 - 002558752 ____R () C:\Program Files (x86)\Steam\video.dll
2017-12-10 11:10 - 2016-08-31 20:02 - 004969248 ____R () C:\Program Files (x86)\Steam\v8.dll
2017-12-19 00:05 - 2017-11-03 20:54 - 000695584 ____R () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-19 00:05 - 2017-11-03 20:54 - 000847136 ____R () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-19 00:05 - 2017-11-03 20:54 - 005137696 ____R () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-19 00:05 - 2017-11-03 20:54 - 000783648 ____R () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-10 11:10 - 2016-08-31 20:02 - 001563936 ____R () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-10 11:10 - 2016-08-31 20:02 - 001195296 ____R () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-19 00:05 - 2017-11-03 20:54 - 000351520 ____R () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-10 11:10 - 2017-12-15 14:59 - 000904992 ____R () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-12-10 11:10 - 2016-07-04 17:17 - 000266560 ____R () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 000393608 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\opus.dll
2018-01-05 16:29 - 2018-01-11 13:18 - 000535872 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libegl.dll
2017-12-10 11:11 - 2017-09-06 21:04 - 000678400 ____R () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-10 11:11 - 2017-10-30 23:44 - 071471904 ____R () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-12-10 11:10 - 2015-09-24 18:52 - 000119208 ____R () C:\Program Files (x86)\Steam\winh264.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 009804280 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001505784 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 000513016 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002662904 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001517048 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002749944 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2018-01-05 16:29 - 2018-01-05 16:29 - 001950528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 002270528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 000088384 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-12-10 00:08 - 2017-12-10 00:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Crusader\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\unknown (2).png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "deduct"
HKLM\...\StartupApproved\Run: => "deductdeduct"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "cregg"
HKLM\...\StartupApproved\Run32: => "creggcregg"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrixexecutrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "oti"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executives"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanniyanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executivesexecutives"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77C4E3F0-32BD-40D9-B340-84EBDA410B23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8128BF22-6B4E-4249-922E-F5933F62196D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{04D09654-5997-4138-B673-8EA1BED61DA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F54B51FE-5299-4080-A644-3C5933968DCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{15868C90-4458-4870-8C70-D33981D8D08B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ABA673E8-B8E1-44EA-B706-12315D19D694}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F07F3A07-E0E8-41A2-B169-432051397EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F5C996E0-B315-4290-9EC3-495FA68126DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{B8FAE79F-8A2B-494F-85CD-1BFDAE603D44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{8794C33C-FAF7-4C69-AC35-D30840FA39EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{DE5173D7-6875-4327-A138-A70D4C80E9FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [TCP Query User{900BDBC0-0193-4C33-B90F-32F6BE817E0F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C328FEF5-F868-4F8A-BBE5-7E339D9B6E21}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4BB714E6-B94D-4C39-8664-07637A88A128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{643729CA-6FBB-4956-9414-45D06F4F3810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{C0C588A4-631F-47B0-BCD7-2F01A5689B7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0044C331-FE92-4503-80A0-1854AA88C115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{26A4439B-6EB1-4E6D-B909-7F45817BD7D7}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6F7DF5F7-F5AF-4966-8E78-23236ED491EC}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}] => (Allow) C:\Program Files (x86)\Firestorm\kiper.exe
FirewallRules: [{5B942356-2D06-4FF8-B59E-BD898E13184F}] => (Allow) C:\Program Files (x86)\Sutch\kiper.exe
FirewallRules: [{1AA48E4C-AC62-4172-8100-06207FF21122}] => (Allow) C:\Program Files (x86)\institutionalized\walther.exe
FirewallRules: [{6A773B17-6F46-4835-A37E-593ACA175CBC}] => (Allow) C:\Program Files (x86)\Sutch\walther.exe

==================== Restore Points =========================

13-01-2018 19:07:00 Malwarebytes Anti-Rootkit Restore Point
13-01-2018 19:32:33 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/13/2018 07:50:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/13/2018 06:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-R1SQMUC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 05:43:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 63.0.3239.132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 296c

Start Time: 01d38b32c8344e95

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: bc70fea9-4b18-4b8d-9850-071a79f16ab1

Faulting package full name:

Faulting package-relative application ID:

Error: (01/13/2018 04:45:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TwitchUI.exe version 1.4.12.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ce8

Start Time: 01d38b328a9ed910

Termination Time: 4294967295

Application Path: C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe

Report Id: 53fd602b-9568-424c-adff-c5ec689972bf

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/13/2018 07:26:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
Date: 2018-01-11 18:16:51.560
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 18:54:53.839
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-07 17:13:51.366
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 19:03:57.859
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-01 20:58:24.699
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-23 12:12:44.883
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-22 23:46:43.194
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-22 23:46:34.770
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-22 23:34:59.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-22 23:24:13.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon™ HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 20375.29 MB
Available physical RAM: 15224.45 MB
Total Virtual: 23447.29 MB
Available Virtual: 17777.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.74 GB) (Free:764.62 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.85 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: () (Removable) (Total:3.63 GB) (Free:3.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9B86520)

Partition: GPT.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 13 January 2018 - 10:38 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 13 January 2018 - 10:37 PM

Greetings Crusader527 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. Since I am about to end for the evening you can expect a reply from me tomorrow morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 11:53 AM

Thank you for your patience. There was a lot to review.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\...\Run: [deduct] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM\...\Run: [deductdeduct] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
C:\Program Files (x86)\Firestorm
C:\Program Files (x86)\Sutch
HKLM-x32\...\Run: [cregg] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM-x32\...\Run: [creggcregg] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executives] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executivesexecutives] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanni] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanniyanni] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [oti] => "C:\Program Files (x86)\Firestorm\kiper.exe"
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk [2017-12-22]
ShortcutTarget: executrix.lnk -> C:\Program Files (x86)\Firestorm\kiper.exe (No File)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk [2017-12-22]
ShortcutTarget: executrixexecutrix.lnk -> C:\Program Files (x86)\institutionalized\walther.exe (No File)
HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
2018-01-13 18:44 - 2018-01-13 18:44 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieehlor.sys
2018-01-06 13:17 - 2018-01-06 14:36 - 000000000 ___HD C:\Program Files (x86)\Nicalis Inc
C:\WINDOWS\msdownld.tmp
C:\Users\Crusader\Downloads\antimalwaresetup.exe
C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:37 - 2018-01-13 19:49 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2018-01-13 18:45 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\terence
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\Sutch
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\SysWOW64\snbgxzv
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
C:\Users\Crusader\InstallAnywhere
C:\WINDOWS\system32\drivers\wieehlor.sys
HKLM\...\StartupApproved\Run: => "deduct"
HKLM\...\StartupApproved\Run: => "deductdeduct"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "cregg"
HKLM\...\StartupApproved\Run32: => "creggcregg"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrixexecutrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "oti"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executives"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanniyanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executivesexecutives"
FirewallRules: [{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}] => (Allow) C:\Program Files (x86)\Firestorm\kiper.exe
FirewallRules: [{5B942356-2D06-4FF8-B59E-BD898E13184F}] => (Allow) C:\Program Files (x86)\Sutch\kiper.exe
FirewallRules: [{1AA48E4C-AC62-4172-8100-06207FF21122}] => (Allow) C:\Program Files (x86)\institutionalized\walther.exe
FirewallRules: [{6A773B17-6F46-4835-A37E-593ACA175CBC}] => (Allow) C:\Program Files (x86)\Sutch\walther.exe
C:\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys
Folder: C:\Users\Crusader\AppData\Local\DBG
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 01:06 PM

Hi Gary, thank you for replying back so quickly. I am planning on removing my P2P software after I get rid of the trojan. I never had a problem with it before, but now that I have, I don't feel like making the same mistake again. After running the fix and restarting my computer, it seems to have gotten rid of the Windows Process Manager (32 bit), however, after a little while it pops back up, and igfxmtc (32 bit) is still running. My computer performance is perfectly fine though. Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by Crusader (14-01-2018 12:57:06) Run:1
Running from C:\Users\Crusader\Desktop
Loaded Profiles: Crusader (Available Profiles: Crusader)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\...\Run: [deduct] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM\...\Run: [deductdeduct] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
C:\Program Files (x86)\Firestorm
C:\Program Files (x86)\Sutch
HKLM-x32\...\Run: [cregg] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM-x32\...\Run: [creggcregg] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executives] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executivesexecutives] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanni] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanniyanni] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [oti] => "C:\Program Files (x86)\Firestorm\kiper.exe"
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk [2017-12-22]
ShortcutTarget: executrix.lnk -> C:\Program Files (x86)\Firestorm\kiper.exe (No File)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk [2017-12-22]
ShortcutTarget: executrixexecutrix.lnk -> C:\Program Files (x86)\institutionalized\walther.exe (No File)
HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
2018-01-13 18:44 - 2018-01-13 18:44 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieehlor.sys
2018-01-06 13:17 - 2018-01-06 14:36 - 000000000 ___HD C:\Program Files (x86)\Nicalis Inc
C:\WINDOWS\msdownld.tmp
C:\Users\Crusader\Downloads\antimalwaresetup.exe
C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:37 - 2018-01-13 19:49 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2018-01-13 18:45 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\terence
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\Sutch
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\SysWOW64\snbgxzv
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
C:\Users\Crusader\InstallAnywhere
C:\WINDOWS\system32\drivers\wieehlor.sys
HKLM\...\StartupApproved\Run: => "deduct"
HKLM\...\StartupApproved\Run: => "deductdeduct"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "cregg"
HKLM\...\StartupApproved\Run32: => "creggcregg"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrixexecutrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "oti"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executives"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanniyanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executivesexecutives"
FirewallRules: [{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}] => (Allow) C:\Program Files (x86)\Firestorm\kiper.exe
FirewallRules: [{5B942356-2D06-4FF8-B59E-BD898E13184F}] => (Allow) C:\Program Files (x86)\Sutch\kiper.exe
FirewallRules: [{1AA48E4C-AC62-4172-8100-06207FF21122}] => (Allow) C:\Program Files (x86)\institutionalized\walther.exe
FirewallRules: [{6A773B17-6F46-4835-A37E-593ACA175CBC}] => (Allow) C:\Program Files (x86)\Sutch\walther.exe
C:\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys
Folder: C:\Users\Crusader\AppData\Local\DBG
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\deduct" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\deductdeduct" => removed successfully
"C:\Program Files (x86)\Firestorm" => not found
C:\Program Files (x86)\Sutch => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cregg" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\creggcregg" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\executives" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\executivesexecutives" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\yanni" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\yanniyanni" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\oti" => removed successfully
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\MozillaMaintenance" => removed successfully
MozillaMaintenance => service removed successfully
Could not move "C:\WINDOWS\system32\Drivers\wieehlor.sys" => Scheduled to move on reboot.
C:\Program Files (x86)\Nicalis Inc => moved successfully
C:\WINDOWS\msdownld.tmp => moved successfully
"C:\Users\Crusader\Downloads\antimalwaresetup.exe" => not found
"C:\Users\Crusader\AppData\Local\cgorkut" => not found
"C:\Users\Crusader\AppData\Local\avigcue" => not found
"C:\Users\Crusader\AppData\Local\igfxmtc" => not found
C:\WINDOWS\system32\sierzdksvc.exe => moved successfully
C:\Program Files (x86)\terence => moved successfully
"C:\Program Files (x86)\Sutch" => not found
C:\WINDOWS\SysWOW64\snbgxzv => moved successfully
 
"C:\WINDOWS\system32\snbgxzv" folder move:
 
Could not move "C:\WINDOWS\system32\snbgxzv" => Scheduled to move on reboot.
 
"C:\Users\Crusader\InstallAnywhere" => not found
Could not move "C:\WINDOWS\system32\drivers\wieehlor.sys" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\deduct" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\deduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\deductdeduct" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\deductdeduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cregg" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cregg" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\creggcregg" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\creggcregg" => not found
C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk => moved successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\executrixexecutrix.lnk" => removed successfully
C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk => moved successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\executrix.lnk" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\oti" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oti" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\yanni" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\executives" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\executives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\yanniyanni" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yanniyanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\executivesexecutives" => removed successfully
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\executivesexecutives" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B942356-2D06-4FF8-B59E-BD898E13184F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AA48E4C-AC62-4172-8100-06207FF21122}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A773B17-6F46-4835-A37E-593ACA175CBC}" => not found
"C:\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys" => not found
 
========================= Folder: C:\Users\Crusader\AppData\Local\DBG ========================
 
not found.
 
====== End of Folder: ======
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-01-2018 12:59:28)
 
C:\WINDOWS\system32\Drivers\wieehlor.sys => Is moved successfully
C:\WINDOWS\system32\snbgxzv => Could not move
C:\WINDOWS\system32\drivers\wieehlor.sys => Is moved successfully
 
==== End of Fixlog 12:59:28 ====

Edited by Crusader527, 14 January 2018 - 01:24 PM.


#5 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 01:20 PM

Edit: My apologies, I forgot that I replaced my computer's username with one of my old ones because it is my first and last name. After replacing where my username was changed to the actual one, I got this for the fixlist, practically everything was removed except for the AppData\Local files:

 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by Crusader (14-01-2018 13:14:04) Run:2
Running from C:\Users\Crusader\Desktop
Loaded Profiles: Crusader (Available Profiles: Crusader)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\...\Run: [deduct] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM\...\Run: [deductdeduct] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
C:\Program Files (x86)\Firestorm
C:\Program Files (x86)\Sutch
HKLM-x32\...\Run: [cregg] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKLM-x32\...\Run: [creggcregg] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executives] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [executivesexecutives] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanni] => "C:\Program Files (x86)\Firestorm\kiper.exe"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [yanniyanni] => C:\Program Files (x86)\Sutch\kiper.exe [11776 2017-12-22] (Kiper)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [oti] => "C:\Program Files (x86)\Firestorm\kiper.exe"
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk [2017-12-22]
ShortcutTarget: executrix.lnk -> C:\Program Files (x86)\Firestorm\kiper.exe (No File)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk [2017-12-22]
ShortcutTarget: executrixexecutrix.lnk -> C:\Program Files (x86)\institutionalized\walther.exe (No File)
HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
2018-01-13 18:44 - 2018-01-13 18:44 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieehlor.sys
2018-01-06 13:17 - 2018-01-06 14:36 - 000000000 ___HD C:\Program Files (x86)\Nicalis Inc
C:\WINDOWS\msdownld.tmp
C:\Users\Crusader\Downloads\antimalwaresetup.exe
C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:37 - 2018-01-13 19:49 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2018-01-13 18:45 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\terence
2017-12-22 19:35 - 2017-12-22 19:51 - 000000000 ____D C:\Program Files (x86)\Sutch
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\SysWOW64\snbgxzv
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
C:\Users\Crusader\InstallAnywhere
C:\WINDOWS\system32\drivers\wieehlor.sys
HKLM\...\StartupApproved\Run: => "deduct"
HKLM\...\StartupApproved\Run: => "deductdeduct"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "cregg"
HKLM\...\StartupApproved\Run32: => "creggcregg"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrixexecutrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\StartupFolder: => "executrix.lnk"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "oti"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executives"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "yanniyanni"
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\StartupApproved\Run: => "executivesexecutives"
FirewallRules: [{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}] => (Allow) C:\Program Files (x86)\Firestorm\kiper.exe
FirewallRules: [{5B942356-2D06-4FF8-B59E-BD898E13184F}] => (Allow) C:\Program Files (x86)\Sutch\kiper.exe
FirewallRules: [{1AA48E4C-AC62-4172-8100-06207FF21122}] => (Allow) C:\Program Files (x86)\institutionalized\walther.exe
FirewallRules: [{6A773B17-6F46-4835-A37E-593ACA175CBC}] => (Allow) C:\Program Files (x86)\Sutch\walther.exe
C:\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys
Folder: C:\Users\Crusader\AppData\Local\DBG
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove, key could be protected
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\deduct" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\deductdeduct" => not found
"C:\Program Files (x86)\Firestorm" => not found
"C:\Program Files (x86)\Sutch" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cregg" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\creggcregg" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\executives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\executivesexecutives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\yanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\yanniyanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Software\Microsoft\Windows\CurrentVersion\Run\\oti" => not found
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
HKLM\SYSTEM\CurrentControlSet\Services\udiskMgr => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp => Error: No automatic fix found for this entry.
MozillaMaintenance => service not found.
"C:\WINDOWS\system32\Drivers\wieehlor.sys" => not found
"C:\Program Files (x86)\Nicalis Inc" => not found
"C:\WINDOWS\msdownld.tmp" => not found
C:\Users\Crusader\Downloads\antimalwaresetup.exe => moved successfully
 
"C:\Users\Crusader\AppData\Local\cgorkut" folder move:
 
Could not move "C:\Users\Crusader\AppData\Local\cgorkut" => Scheduled to move on reboot.
 
 
"C:\Users\Crusader\AppData\Local\avigcue" folder move:
 
Could not move "C:\Users\Crusader\AppData\Local\avigcue" => Scheduled to move on reboot.
 
 
"C:\Users\Crusader\AppData\Local\igfxmtc" folder move:
 
Could not move "C:\Users\Crusader\AppData\Local\igfxmtc" => Scheduled to move on reboot.
 
C:\WINDOWS\system32\sierzdksvc.exe => moved successfully
"C:\Program Files (x86)\terence" => not found
"C:\Program Files (x86)\Sutch" => not found
"C:\WINDOWS\SysWOW64\snbgxzv" => not found
 
"C:\WINDOWS\system32\snbgxzv" folder move:
 
Could not move "C:\WINDOWS\system32\snbgxzv" => Scheduled to move on reboot.
 
C:\Users\Crusader\InstallAnywhere => moved successfully
"C:\WINDOWS\system32\drivers\wieehlor.sys" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\deduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\deduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\deductdeduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\deductdeduct" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cregg" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cregg" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\creggcregg" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\creggcregg" => not found
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrixexecutrix.lnk" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\executrixexecutrix.lnk" => not found
"C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\executrix.lnk" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\executrix.lnk" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\oti" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\oti" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\yanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\executives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\executives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\yanniyanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yanniyanni" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\executivesexecutives" => not found
"HKU\S-1-5-21-1596144107-502323947-3988411073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\executivesexecutives" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94EC3D2D-7A93-44B8-9EC7-2423C9141F86}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B942356-2D06-4FF8-B59E-BD898E13184F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AA48E4C-AC62-4172-8100-06207FF21122}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A773B17-6F46-4835-A37E-593ACA175CBC}" => not found
"C:\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys" => not found
 
========================= Folder: C:\Users\Crusader\AppData\Local\DBG ========================
 
 
====== End of Folder: ======
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-01-2018 13:16:13)
 
C:\Users\Crusader\AppData\Local\cgorkut => Could not move
C:\Users\Crusader\AppData\Local\avigcue => Could not move
C:\Users\Crusader\AppData\Local\igfxmtc => Could not move
C:\WINDOWS\system32\snbgxzv => Could not move
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove, key could be protected
 
==== End of Fixlog 13:16:13 ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 01:51 PM

Thanks.

We have more work to do. Please run a fresh FRST scan and copy/paste the reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 02:07 PM

FRST file:

 

 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wieknrux.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2018-01-11 23:15
 
==================== End of FRST.txt ============================
 
Addition file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by Crusader (14-01-2018 14:04:51)
Running from C:\Users\Crusader\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-10 05:35:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1596144107-502323947-3988411073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1596144107-502323947-3988411073-503 - Limited - Disabled)
Guest (S-1-5-21-1596144107-502323947-3988411073-501 - Limited - Disabled)
Hunter (S-1-5-21-1596144107-502323947-3988411073-1005 - Administrator - Enabled)
Crusader (S-1-5-21-1596144107-502323947-3988411073-1001 - Administrator - Enabled) => C:\Users\Crusader
WDAGUtilityAccount (S-1-5-21-1596144107-502323947-3988411073-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
BitTorrent (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Discord (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DLL-Files.com Client (HKLM-x32\...\DA71BA65-680A-4212-9150-6239217B53DC_DLL-Files.c~79141F26_is1) (Version: 2.3.0.4908 - DLL-Files.com Client)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Fable III version 1.1.1.3 (HKLM-x32\...\Fable III_is1) (Version: 1.1.1.3 - Mr DJ)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Sid Meiers Civilization Beyond Earth version 1.1.2.4035 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: 1.1.2.4035 - Mr DJ)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Twitch (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09F28A5C-5017-47EA-A4CF-B1880CA0FF1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {310D6DA3-1320-42C4-89B2-73ED297633DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {36D96391-6B00-43CC-9F47-9921DC0ADBC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)
Task: {58A56D5C-0B1D-4BB2-8B21-CC03460F8461} - System32\Tasks\S-1-5-21-1596144107-502323947-3988411073-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {5B665183-CAF9-4CBB-8814-DA85FB83D03D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {B44C1912-6597-4D87-8E91-E99F3AABA627} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {BEF2D72C-F554-4073-8DB6-66EB3E9D5DAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-12 18:18 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 18:18 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 004063064 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 000099672 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 20:08 - 2018-01-03 20:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 20:08 - 2018-01-03 20:09 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 11:34 - 2018-01-09 11:34 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-09 22:18 - 2017-12-09 22:18 - 000102088 _____ () C:\Users\Crusader\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 001780216 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-05 16:29 - 2018-01-05 16:29 - 000393608 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\opus.dll
2018-01-05 16:29 - 2018-01-11 13:18 - 000535872 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 009804280 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001505784 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 000513016 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002662904 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001517048 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002749944 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2018-01-05 16:29 - 2018-01-05 16:29 - 001950528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 002270528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 000088384 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-12-10 00:08 - 2017-12-10 00:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Crusader\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\unknown (2).png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SynTPEnh"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{77C4E3F0-32BD-40D9-B340-84EBDA410B23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8128BF22-6B4E-4249-922E-F5933F62196D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{04D09654-5997-4138-B673-8EA1BED61DA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F54B51FE-5299-4080-A644-3C5933968DCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{15868C90-4458-4870-8C70-D33981D8D08B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ABA673E8-B8E1-44EA-B706-12315D19D694}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F07F3A07-E0E8-41A2-B169-432051397EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F5C996E0-B315-4290-9EC3-495FA68126DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{B8FAE79F-8A2B-494F-85CD-1BFDAE603D44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{10223DB6-416E-4752-A9BF-F443E08EB806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{4F5F32DC-DD10-4974-9AB6-594EFEC01D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{A951500B-8D18-4A4E-9728-47501BB367DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holyday City Reloaded\Holyday City Reloaded.exe
FirewallRules: [{F7495C03-4E1F-446E-86C3-0491018B9363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holyday City Reloaded\Holyday City Reloaded.exe
FirewallRules: [{8794C33C-FAF7-4C69-AC35-D30840FA39EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{DE5173D7-6875-4327-A138-A70D4C80E9FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{EF3826BE-EC34-4E11-BB9A-0E1663058436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{EABEBC65-BA89-41AF-A4F3-61FB1AFEF914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [TCP Query User{900BDBC0-0193-4C33-B90F-32F6BE817E0F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C328FEF5-F868-4F8A-BBE5-7E339D9B6E21}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4BB714E6-B94D-4C39-8664-07637A88A128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{643729CA-6FBB-4956-9414-45D06F4F3810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{C0C588A4-631F-47B0-BCD7-2F01A5689B7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0044C331-FE92-4503-80A0-1854AA88C115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{26A4439B-6EB1-4E6D-B909-7F45817BD7D7}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6F7DF5F7-F5AF-4966-8E78-23236ED491EC}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
 
==================== Restore Points =========================
 
14-01-2018 13:11:05 Windows Update
14-01-2018 13:14:05 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2018 12:57:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/14/2018 12:57:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {42315c8c-43b2-4998-8e11-5a9b33a72128}
 
Error: (01/13/2018 10:24:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RoomEditor.exe, version: 0.0.0.0, time stamp: 0x586b7d92
Faulting module name: RoomEditor.exe, version: 0.0.0.0, time stamp: 0x586b7d92
Exception code: 0xc0000005
Fault offset: 0x00503ff0
Faulting process id: 0x24d4
Faulting application start time: 0x01d38ce7327512f6
Faulting application path: C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21\tools\RoomEditor\RoomEditor.exe
Faulting module path: C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21\tools\RoomEditor\RoomEditor.exe
Report Id: b65fdc64-df4b-4d75-9292-a4c5f47c9750
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/13/2018 07:50:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/13/2018 07:50:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (01/14/2018 01:22:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892).
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-11 18:16:51.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-09 18:54:53.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-07 17:13:51.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-05 19:03:57.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-01 20:58:24.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-23 12:12:44.883
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-22 23:46:43.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-22 23:46:34.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-22 23:34:59.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-22 23:24:13.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 20375.29 MB
Available physical RAM: 15444.28 MB
Total Virtual: 23447.29 MB
Available Virtual: 18001.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.74 GB) (Free:762.68 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.85 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9B86520)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 02:13 PM

Can you try to post the FRST.txt file again, we only got part of it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 02:16 PM

That's the file, nothing else is in there but those few lines.



#10 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 02:32 PM

Rescanned in case there was something wrong, seems to have worked. 

 

FRST.txt: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Crusader (administrator) on DESKTOP-R1SQMUC (14-01-2018 14:29:38)
Running from C:\Users\Crusader\Desktop
Loaded Profiles: Crusader (Available Profiles: Crusader)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\sierzdksvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Twitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
() C:\Users\Crusader\AppData\Local\avigcue\avigcue.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
() C:\Users\Crusader\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
() C:\Users\Crusader\AppData\Local\avigcue\lshbzgt.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [Discord] => C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
Startup: C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-01-05]
ShortcutTarget: Twitch.lnk -> C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26942e23-f31f-4bc5-899c-7b4495eee6ed}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1596144107-502323947-3988411073-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1596144107-502323947-3988411073-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-09] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-09] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: orl3ai51.default
FF ProfilePath: C:\Users\Crusader\AppData\Roaming\Mozilla\Firefox\Profiles\orl3ai51.default [2017-12-22]
FF Homepage: Mozilla\Firefox\Profiles\orl3ai51.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-22] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default [2018-01-14]
CHR Extension: (Slides) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-22]
CHR Extension: (Docs) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-22]
CHR Extension: (Google Drive) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-22]
CHR Extension: (YouTube) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-22]
CHR Extension: (Sheets) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-22]
CHR Extension: (Gmail) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Crusader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\xnaltzdp <==== ATTENTION (Rootkit!)
 
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-09] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-09] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 12733588; C:\WINDOWS\system32\drivers\12733588.sys [255928 2018-01-13] (Malwarebytes)
R3 CMUAC; C:\WINDOWS\system32\DRIVERS\CMUAC.SYS [572416 2014-01-08] (C-Media Inc.)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-09] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-09] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-09] (Microsoft Corporation)
R3 udiskMgr; system32\drivers\jnqtwa.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-14 14:29 - 2018-01-14 14:29 - 000012199 _____ C:\Users\Crusader\Desktop\FRST.txt
2018-01-14 14:06 - 2018-01-14 14:06 - 000000000 ____D C:\Users\Crusader\Desktop\New folder (2)
2018-01-14 14:04 - 2018-01-14 14:04 - 000000000 ____D C:\Users\Crusader\Desktop\New folder
2018-01-14 13:15 - 2018-01-14 13:15 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2018-01-14 13:15 - 2018-01-14 13:15 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieknrux.sys
2018-01-14 13:15 - 2018-01-14 13:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-14 13:13 - 2018-01-14 13:13 - 000004381 _____ C:\Users\Crusader\Desktop\New Text Document.txt
2018-01-14 12:57 - 2018-01-14 13:23 - 000011746 _____ C:\Users\Crusader\Desktop\Fixlog.txt
2018-01-14 12:56 - 2018-01-14 12:56 - 000000000 ____D C:\Users\Crusader\Desktop\FRST-OlderVersion
2018-01-13 22:53 - 2018-01-13 22:53 - 000050761 _____ C:\Users\Crusader\Downloads\xinput1_3.zip
2018-01-13 22:53 - 2018-01-13 22:53 - 000020202 _____ C:\Users\Crusader\Downloads\xinput1_4.zip
2018-01-13 22:52 - 2018-01-13 22:52 - 000035377 _____ C:\Users\Crusader\Downloads\xinput1_2.zip
2018-01-13 22:46 - 2018-01-13 22:46 - 000035307 _____ C:\Users\Crusader\Downloads\xinput1_1.zip
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\DLL-files.com
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\DFXCT
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2018-01-13 22:42 - 2018-01-13 22:42 - 005673816 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x64 (2).exe
2018-01-13 22:39 - 2018-01-13 22:39 - 001852992 _____ (Oracle Corporation) C:\Users\Crusader\Downloads\JavaSetup8u151 (1).exe
2018-01-13 22:36 - 2018-01-13 22:36 - 000292184 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\dxwebsetup.exe
2018-01-13 22:34 - 2018-01-13 22:34 - 000889416 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\dotNetFx40_Full_setup.exe
2018-01-13 22:34 - 2018-01-13 22:34 - 000051387 _____ C:\Users\Crusader\Downloads\NETFx4RTM.htm
2018-01-13 22:33 - 2018-01-13 22:33 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2018-01-13 22:32 - 2018-01-13 22:32 - 007054336 _____ C:\Users\Crusader\Downloads\xnafx40_redist.msi
2018-01-13 22:32 - 2018-01-13 22:32 - 001497400 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\NDP46-KB3045560-Web.exe
2018-01-13 22:31 - 2018-01-13 22:31 - 002786824 _____ (DLL-Files.com Client ) C:\Users\Crusader\Downloads\clientsetup_d-0.exe
2018-01-13 22:31 - 2017-11-03 16:30 - 000627368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-01-13 22:31 - 2017-04-19 13:35 - 000095656 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2018-01-13 22:30 - 2018-01-13 22:30 - 000201817 _____ C:\Users\Crusader\Downloads\msvcp140.zip
2018-01-13 22:29 - 2018-01-13 22:29 - 000053272 _____ C:\Users\Crusader\Downloads\vcruntime140.zip
2018-01-13 20:17 - 2018-01-13 20:17 - 000054325 _____ C:\Users\Crusader\Downloads\FRST.txt
2018-01-13 19:42 - 2018-01-13 19:42 - 000032396 _____ C:\Users\Crusader\Downloads\Addition.txt
2018-01-13 19:33 - 2018-01-14 12:56 - 002393088 _____ (Farbar) C:\Users\Crusader\Desktop\FRST64.exe
2018-01-13 19:23 - 2018-01-14 14:29 - 000000000 ____D C:\FRST
2018-01-13 19:18 - 2018-01-13 19:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\76323112.sys
2018-01-13 18:51 - 2018-01-13 18:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-13 18:50 - 2018-01-13 19:18 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-13 18:50 - 2018-01-13 18:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\D5639643.sys
2018-01-13 18:30 - 2018-01-13 18:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (3).exe
2018-01-13 18:22 - 2018-01-13 18:43 - 000000000 ____D C:\AdwCleaner
2018-01-13 17:51 - 2018-01-13 17:51 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (2).exe
2018-01-13 17:47 - 2018-01-13 18:19 - 000000000 ____D C:\Users\Crusader\Desktop\mbar
2018-01-13 17:45 - 2018-01-13 17:46 - 014161479 _____ C:\Users\Crusader\Downloads\mbar-1.10.3.1001-nr (1).exe
2018-01-13 17:45 - 2018-01-13 17:46 - 008198432 _____ (Malwarebytes) C:\Users\Crusader\Downloads\AdwCleaner.exe
2018-01-13 17:43 - 2018-01-13 17:46 - 082149144 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe
2018-01-11 17:50 - 2018-01-11 17:50 - 000001717 _____ C:\Users\Public\Desktop\Enter the Gungeon.lnk
2018-01-11 17:50 - 2018-01-11 17:50 - 000001717 _____ C:\ProgramData\Desktop\Enter the Gungeon.lnk
2018-01-11 17:50 - 2018-01-11 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enter the Gungeon [GOG.com]
2018-01-11 17:46 - 2018-01-11 18:42 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Dodge Roll
2018-01-11 17:46 - 2018-01-11 17:46 - 000000000 ____D C:\GOG Games
2018-01-11 17:40 - 2018-01-11 17:41 - 000000000 ____D C:\Users\Crusader\Downloads\Enter.The.Gungeon.v2.7.0.9-GOG
2018-01-07 17:18 - 2018-01-07 17:18 - 007186992 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x64 (1).exe
2018-01-07 17:18 - 2018-01-07 17:18 - 006554576 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x86 (1).exe
2018-01-06 15:10 - 2018-01-06 15:10 - 007186992 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x64.exe
2018-01-06 15:10 - 2018-01-06 15:10 - 006554576 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vcredist_x86.exe
2018-01-06 15:06 - 2018-01-13 22:50 - 000000000 ____D C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21
2018-01-06 14:55 - 2018-01-06 15:03 - 933398193 _____ C:\Users\Crusader\Downloads\The.Binding.of.Isaac.Afterbirth.Plus.Update.21.rar
2018-01-06 14:53 - 2018-01-06 14:55 - 000000000 ____D C:\Users\Crusader\Downloads\The Binding of Isaac - Afterbirth Plus
2018-01-06 14:45 - 2018-01-06 14:45 - 048409208 _____ (HP.inc ) C:\Users\Crusader\Downloads\sp78033 (1).exe
2018-01-06 14:45 - 2018-01-06 14:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\hpqLog
2018-01-06 14:45 - 2018-01-06 14:45 - 000000000 ____D C:\ProgramData\HP
2018-01-06 14:38 - 2018-01-06 14:38 - 014572000 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x64 (1).exe
2018-01-06 14:38 - 2018-01-06 14:38 - 013767776 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x86.exe
2018-01-06 14:26 - 2018-01-06 14:26 - 014572000 _____ (Microsoft Corporation) C:\Users\Crusader\Downloads\vc_redist.x64.exe
2018-01-06 14:25 - 2018-01-06 14:25 - 048409208 _____ (HP.inc ) C:\Users\Crusader\Downloads\sp78033.exe
2018-01-06 13:37 - 2018-01-06 13:37 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Bennett Foddy
2018-01-06 13:36 - 2018-01-06 13:36 - 000000000 ____D C:\Users\Crusader\Desktop\Getting Over It With Bennett Foddy
2018-01-06 13:29 - 2018-01-06 13:34 - 643233319 _____ C:\Users\Crusader\Downloads\Getting_Over_It_with_Bennett_Foddy_Windows.zip
2018-01-05 19:15 - 2018-01-05 19:15 - 000000000 ____D C:\Users\Crusader\Documents\Curse
2018-01-05 16:30 - 2018-01-05 16:30 - 000000000 ____D C:\ProgramData\Twitch
2018-01-05 16:29 - 2018-01-14 14:29 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Twitch
2018-01-05 16:29 - 2018-01-05 16:29 - 000001034 _____ C:\Users\Crusader\Desktop\Twitch.lnk
2018-01-05 16:29 - 2018-01-05 16:29 - 000001020 _____ C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-01-05 16:28 - 2018-01-05 16:29 - 109436736 _____ C:\Users\Crusader\Downloads\TwitchSetup.exe
2018-01-05 00:40 - 2018-01-05 00:40 - 000000000 __SHD C:\ProgramData\DSS
2018-01-05 00:39 - 2018-01-05 00:39 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Lionhead Studios
2018-01-05 00:03 - 2018-01-05 00:03 - 000001222 _____ C:\Users\Public\Desktop\Fable III.lnk
2018-01-05 00:03 - 2018-01-05 00:03 - 000001222 _____ C:\ProgramData\Desktop\Fable III.lnk
2018-01-04 22:48 - 2018-01-04 22:53 - 000000000 ____D C:\Users\Crusader\Desktop\Fable III Complete repack Mr DJ
2017-12-24 12:54 - 2018-01-14 10:28 - 000004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1270B3EA-5781-4386-BF37-A6EF7AFADFFE}
2017-12-23 18:11 - 2017-12-23 18:11 - 000000000 ____D C:\Users\Crusader\Desktop\The Binding of Isaac Rebirth Update 10
2017-12-23 17:38 - 2017-12-23 17:46 - 000000000 ____D C:\Users\Crusader\Downloads\The Binding of Isaac Rebirth Update 10 repack Mr DJ
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\FiraxisLive
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\Users\Crusader\AppData\Local\My Games
2017-12-23 14:14 - 2017-12-23 14:14 - 000000000 ____D C:\ProgramData\Steam
2017-12-23 14:13 - 2018-01-05 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-12-23 14:13 - 2017-12-23 14:13 - 000001441 _____ C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth Launcher.lnk
2017-12-23 14:13 - 2017-12-23 14:13 - 000001441 _____ C:\ProgramData\Desktop\Sid Meiers Civilization Beyond Earth Launcher.lnk
2017-12-23 13:58 - 2018-01-04 23:31 - 000000000 ___HD C:\Program Files (x86)\Mr DJ
2017-12-23 13:55 - 2018-01-04 23:31 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-12-23 13:25 - 2017-12-23 13:27 - 000000000 ____D C:\Users\Crusader\Downloads\Sid Meiers Civilization Beyond Earth repack Mr  DJ
2017-12-23 12:47 - 2018-01-11 18:14 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\BitTorrent
2017-12-23 12:47 - 2018-01-11 17:40 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\BitTorrent
2017-12-23 12:47 - 2017-12-23 12:47 - 000000978 _____ C:\Users\Crusader\Desktop\BitTorrent.lnk
2017-12-23 12:46 - 2017-12-23 12:46 - 002870880 _____ (BitTorrent Inc.) C:\Users\Crusader\Downloads\BitTorrent (1).exe
2017-12-23 12:33 - 2017-12-23 12:33 - 000000000 ____D C:\Users\Crusader\Documents\FeedbackHub
2017-12-22 23:57 - 2017-12-22 23:57 - 002267848 _____ (wj32 ) C:\Users\Crusader\Downloads\processhacker-2.39-setup (1).exe
2017-12-22 23:55 - 2017-12-22 23:55 - 002267848 _____ (wj32 ) C:\Users\Crusader\Downloads\processhacker-2.39-setup.exe
2017-12-22 23:52 - 2017-12-22 23:52 - 001931969 _____ C:\Users\Crusader\Downloads\ProcessExplorer.zip
2017-12-22 23:37 - 2017-12-22 23:37 - 000863696 _____ (Malwarebytes) C:\Users\Crusader\Downloads\mb-clean-3.1.0.1031.exe
2017-12-22 23:34 - 2017-12-22 23:34 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer (1).exe
2017-12-22 23:34 - 2017-12-22 23:34 - 002755584 _____ C:\Users\Crusader\Downloads\SH-Alt-Install.exe
2017-12-22 23:31 - 2017-12-22 23:31 - 005195952 _____ (Enigma Software Group USA, LLC.) C:\Users\Crusader\Downloads\SpyHunter-Installer-k.com
2017-12-22 23:24 - 2018-01-06 01:30 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-22 23:24 - 2018-01-06 01:30 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-22 23:24 - 2018-01-06 01:30 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-12-22 23:23 - 2017-12-22 23:23 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-22 23:23 - 2017-12-22 23:23 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-22 22:33 - 2017-12-22 22:33 - 001790024 _____ (Malwarebytes) C:\Users\Crusader\Downloads\JRT.exe
2017-12-22 22:29 - 2017-12-22 22:42 - 622582408 _____ (Doctor Web, Ltd.) C:\Users\Crusader\Downloads\drweb-livedisk-900-usb.exe
2017-12-22 22:29 - 2017-12-22 22:31 - 083316440 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2017-12-22 22:27 - 2018-01-13 18:21 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\12733588.sys
2017-12-22 22:25 - 2017-12-22 22:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1596144107-502323947-3988411073-1001
2017-12-22 21:52 - 2017-12-22 21:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5134634F.sys
2017-12-22 21:51 - 2018-01-14 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-22 21:50 - 2017-12-22 21:51 - 014161479 _____ C:\Users\Crusader\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-22 21:41 - 2017-12-22 21:41 - 000346112 _____ C:\Users\Crusader\Downloads\Unlocker 1.9.2.msi
2017-12-22 21:41 - 2017-12-22 21:41 - 000346112 _____ C:\Users\Crusader\Downloads\Unlocker 1.9.2 (1).msi
2017-12-22 21:29 - 2017-12-22 21:29 - 000167034 _____ C:\Users\Crusader\Downloads\fileassassin-setup-1.06.exe
2017-12-22 20:55 - 2018-01-13 09:21 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-22 20:06 - 2017-12-22 20:06 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-22 19:59 - 2017-12-25 06:33 - 000000000 ____D C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:46 - 2017-12-22 19:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-22 19:44 - 2017-12-22 19:45 - 083316440 _____ (Malwarebytes ) C:\Users\Crusader\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-22 19:37 - 2018-01-14 14:27 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
2017-12-22 19:32 - 2017-12-22 19:32 - 000822328 _____ (Roblox Corporation) C:\Users\Crusader\Downloads\RobloxPlayerLauncher.exe
2017-12-22 19:32 - 2017-12-22 19:32 - 000822328 _____ (Roblox Corporation) C:\Users\Crusader\Downloads\RobloxPlayerLauncher(1).exe
2017-12-22 19:32 - 2017-12-22 19:32 - 000001209 _____ C:\Users\Crusader\Desktop\Roblox Studio.lnk
2017-12-22 19:32 - 2017-12-22 19:32 - 000000047 _____ C:\Users\Crusader\AppData\LocalLow\rbxcsettings.rbx
2017-12-22 19:32 - 2017-12-22 19:32 - 000000000 ____D C:\ProgramData\Roblox
2017-12-22 19:32 - 2017-12-22 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-22 19:24 - 2018-01-13 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-12-22 19:24 - 2017-12-22 23:33 - 000000000 ____D C:\ProgramData\Lavasoft
2017-12-22 19:22 - 2017-12-22 19:22 - 002870880 _____ (BitTorrent Inc.) C:\Users\Crusader\Downloads\BitTorrent.exe
2017-12-22 18:57 - 2017-12-23 18:11 - 000000000 ____D C:\Users\Crusader\Documents\My Games
2017-12-22 18:09 - 2017-12-22 18:09 - 000000221 _____ C:\Users\Crusader\Desktop\The Elder Scrolls V Skyrim.url
2017-12-21 22:53 - 2017-12-21 22:53 - 000037157 _____ C:\WINDOWS\uninstaller.dat
2017-12-19 00:03 - 2017-12-22 08:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-19 00:03 - 2017-12-22 08:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-18 21:51 - 2017-12-18 21:51 - 000000000 ____D C:\Users\Crusader\Documents\Elder Scrolls Online
2017-12-18 21:51 - 2017-12-18 21:51 - 000000000 ____D C:\ProgramData\Elder Scrolls Online
2017-12-18 21:44 - 2018-01-13 22:40 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-18 21:42 - 2017-12-18 21:42 - 000000000 ____D C:\WINDOWS\jre
2017-12-18 21:42 - 2017-12-18 21:42 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-12-18 21:41 - 2017-12-18 21:42 - 000000000 ____D C:\Program Files (x86)\Zero G Registry
2017-12-18 21:32 - 2016-08-10 10:38 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-12-18 21:32 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-12-18 21:32 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-18 21:32 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-12-18 21:32 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-12-18 21:32 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-12-18 21:32 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-12-18 21:32 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-12-18 21:32 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-12-18 21:32 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-12-18 21:32 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-12-18 21:32 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-12-18 21:32 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-12-18 21:32 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-12-18 21:32 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-12-18 21:32 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-18 21:32 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-12-18 21:32 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-12-18 21:32 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-12-18 21:32 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-12-18 21:32 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-18 21:32 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-12-18 21:32 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-12-18 21:32 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-18 21:32 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-18 21:32 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-18 21:32 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-12-18 21:32 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-18 21:32 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-12-18 21:32 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-18 21:32 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-12-18 21:32 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-18 21:32 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-18 21:32 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-12-18 21:32 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-18 21:32 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-12-18 21:32 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-18 21:32 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-18 21:32 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-12-18 21:32 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-18 21:32 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-18 21:32 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-12-18 21:32 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-18 21:32 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-12-18 21:32 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-12-18 21:32 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-18 21:32 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-18 21:32 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-12-18 21:31 - 2016-08-21 14:29 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-12-18 21:31 - 2016-08-10 14:46 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-12-18 21:31 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-18 21:31 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-12-18 21:31 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-18 21:31 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-12-18 21:31 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-12-18 21:31 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-18 21:31 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-12-18 21:31 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-12-18 21:31 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-18 21:31 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-18 21:31 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-18 21:31 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-12-18 21:31 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-12-18 21:31 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-18 21:31 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-18 21:31 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-12-18 21:31 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-18 21:31 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-12-18 21:31 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-18 21:31 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-18 21:31 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-12-18 21:31 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-18 21:31 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-12-18 21:31 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-18 21:31 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-12-18 21:31 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-18 21:31 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-12-18 21:31 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-18 21:31 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-12-18 21:31 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-18 21:31 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-12-18 21:31 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-18 21:31 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-12-18 21:31 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-18 21:31 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-12-17 21:29 - 2017-12-17 21:29 - 000000000 ____D C:\Users\Crusader\AppData\Local\DBG
2017-12-17 21:20 - 2017-12-18 21:30 - 000001310 _____ C:\Users\Crusader\Desktop\nativelog.txt
2017-12-17 20:19 - 2017-12-17 20:19 - 000000222 _____ C:\Users\Crusader\Desktop\Guild Quest.url
2017-12-17 20:19 - 2017-12-17 20:19 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Hyper Hippo Games
2017-12-17 20:15 - 2017-12-17 20:15 - 000000222 _____ C:\Users\Crusader\Desktop\AdVenture Communist.url
2017-12-17 19:25 - 2017-12-17 19:25 - 000000222 _____ C:\Users\Crusader\Desktop\The Elder Scrolls Online Tamriel Unlimited.url
2017-12-17 19:10 - 2017-12-17 19:10 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Holyday Studios
2017-12-17 19:05 - 2017-12-17 19:05 - 000000000 ____D C:\Users\Crusader\AppData\Local\NVIDIA
2017-12-17 15:07 - 2017-12-17 15:07 - 000000222 _____ C:\Users\Crusader\Desktop\Holyday City Reloaded.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-14 13:24 - 2017-12-10 00:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-14 13:23 - 2017-12-10 11:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-14 13:21 - 2017-12-10 00:38 - 001280630 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-14 13:15 - 2017-12-10 00:29 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-14 13:15 - 2017-12-10 00:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-14 13:15 - 2017-12-09 23:58 - 013631488 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-14 13:15 - 2017-12-09 23:58 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-14 13:14 - 2017-12-09 22:14 - 000000000 ____D C:\Users\Crusader
2018-01-14 13:08 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-14 11:05 - 2017-12-10 00:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-14 03:43 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\rescache
2018-01-13 09:21 - 2017-12-10 00:07 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-11 18:36 - 2017-12-09 22:15 - 000000000 ____D C:\Users\Crusader\AppData\Local\ConnectedDevicesPlatform
2018-01-11 18:21 - 2017-12-09 22:15 - 000000000 ____D C:\Users\Crusader\AppData\Local\Packages
2018-01-11 17:52 - 2017-12-10 00:07 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-09 18:57 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\discord
2018-01-09 00:18 - 2017-12-09 22:19 - 000002347 _____ C:\Users\Crusader\Desktop\Discord.lnk
2018-01-09 00:18 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-01-09 00:18 - 2017-12-09 22:18 - 000000000 ____D C:\Users\Crusader\AppData\Local\Discord
2018-01-06 13:16 - 2017-12-10 00:06 - 000000000 ____D C:\WINDOWS\INF
2017-12-27 05:44 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-24 12:46 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-22 23:24 - 2017-12-09 22:17 - 000000000 ____D C:\Users\Crusader\AppData\Local\Google
2017-12-22 23:24 - 2017-12-09 22:17 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-22 23:19 - 2017-12-09 22:19 - 000000000 ____D C:\Users\Crusader\AppData\LocalLow\Mozilla
2017-12-22 23:19 - 2017-12-09 22:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-19 00:04 - 2017-12-09 22:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-19 00:04 - 2017-12-09 22:15 - 000000000 ___RD C:\Users\Crusader\3D Objects
2017-12-19 00:03 - 2017-12-10 00:26 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-19 00:01 - 2017-12-10 00:07 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-18 20:36 - 2017-12-11 20:10 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\.minecraft
 
Some files in TEMP:
====================
2018-01-13 18:32 - 2018-01-13 04:01 - 000863696 _____ (Malwarebytes) C:\Users\Crusader\AppData\Local\Temp\mb-clean.exe
2018-01-13 18:32 - 2018-01-13 17:46 - 082149144 _____ (Malwarebytes                                                ) C:\Users\Crusader\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wieknrux.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2018-01-11 23:15
 
==================== End of FRST.txt ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by Crusader (14-01-2018 14:30:26)
Running from C:\Users\Crusader\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-10 05:35:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1596144107-502323947-3988411073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1596144107-502323947-3988411073-503 - Limited - Disabled)
Guest (S-1-5-21-1596144107-502323947-3988411073-501 - Limited - Disabled)
Hunter (S-1-5-21-1596144107-502323947-3988411073-1005 - Administrator - Enabled)
Crusader (S-1-5-21-1596144107-502323947-3988411073-1001 - Administrator - Enabled) => C:\Users\Crusader
WDAGUtilityAccount (S-1-5-21-1596144107-502323947-3988411073-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
BitTorrent (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Discord (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DLL-Files.com Client (HKLM-x32\...\DA71BA65-680A-4212-9150-6239217B53DC_DLL-Files.c~79141F26_is1) (Version: 2.3.0.4908 - DLL-Files.com Client)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Fable III version 1.1.1.3 (HKLM-x32\...\Fable III_is1) (Version: 1.1.1.3 - Mr DJ)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Sid Meiers Civilization Beyond Earth version 1.1.2.4035 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: 1.1.2.4035 - Mr DJ)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Twitch (HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09F28A5C-5017-47EA-A4CF-B1880CA0FF1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {310D6DA3-1320-42C4-89B2-73ED297633DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {36D96391-6B00-43CC-9F47-9921DC0ADBC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)
Task: {58A56D5C-0B1D-4BB2-8B21-CC03460F8461} - System32\Tasks\S-1-5-21-1596144107-502323947-3988411073-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {5B665183-CAF9-4CBB-8814-DA85FB83D03D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {B44C1912-6597-4D87-8E91-E99F3AABA627} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-09] (Microsoft Corporation)
Task: {BEF2D72C-F554-4073-8DB6-66EB3E9D5DAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-12 18:18 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 18:18 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 004063064 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 01:30 - 2018-01-03 04:20 - 000099672 ____H () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 20:08 - 2018-01-03 20:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:08 - 2018-01-03 20:10 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 20:08 - 2018-01-03 20:09 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 11:34 - 2018-01-09 11:34 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-09 22:18 - 2017-12-09 22:18 - 000102088 _____ () C:\Users\Crusader\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 001780216 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-05 16:29 - 2018-01-05 16:29 - 000393608 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\opus.dll
2018-01-05 16:29 - 2018-01-11 13:18 - 000535872 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 00:18 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Crusader\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 18:57 - 2018-01-09 18:57 - 009804280 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001505784 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 000513016 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002662904 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 18:57 - 2018-01-09 18:57 - 001517048 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 18:57 - 2018-01-09 18:57 - 002749944 _____ () \\?\C:\Users\Crusader\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2018-01-05 16:29 - 2018-01-05 16:29 - 001950528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 002270528 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2018-01-05 16:29 - 2018-01-05 16:29 - 000088384 _____ () C:\Users\Crusader\AppData\Roaming\Twitch\Bin\Electron\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1596144107-502323947-3988411073-1001\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-12-10 00:08 - 2017-12-10 00:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1596144107-502323947-3988411073-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Crusader\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\unknown (2).png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SynTPEnh"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{77C4E3F0-32BD-40D9-B340-84EBDA410B23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8128BF22-6B4E-4249-922E-F5933F62196D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{04D09654-5997-4138-B673-8EA1BED61DA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F54B51FE-5299-4080-A644-3C5933968DCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{15868C90-4458-4870-8C70-D33981D8D08B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ABA673E8-B8E1-44EA-B706-12315D19D694}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F07F3A07-E0E8-41A2-B169-432051397EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F5C996E0-B315-4290-9EC3-495FA68126DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{B8FAE79F-8A2B-494F-85CD-1BFDAE603D44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{10223DB6-416E-4752-A9BF-F443E08EB806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{4F5F32DC-DD10-4974-9AB6-594EFEC01D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{A951500B-8D18-4A4E-9728-47501BB367DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holyday City Reloaded\Holyday City Reloaded.exe
FirewallRules: [{F7495C03-4E1F-446E-86C3-0491018B9363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holyday City Reloaded\Holyday City Reloaded.exe
FirewallRules: [{8794C33C-FAF7-4C69-AC35-D30840FA39EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{DE5173D7-6875-4327-A138-A70D4C80E9FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{EF3826BE-EC34-4E11-BB9A-0E1663058436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{EABEBC65-BA89-41AF-A4F3-61FB1AFEF914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [TCP Query User{900BDBC0-0193-4C33-B90F-32F6BE817E0F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C328FEF5-F868-4F8A-BBE5-7E339D9B6E21}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4BB714E6-B94D-4C39-8664-07637A88A128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{643729CA-6FBB-4956-9414-45D06F4F3810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{C0C588A4-631F-47B0-BCD7-2F01A5689B7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0044C331-FE92-4503-80A0-1854AA88C115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{26A4439B-6EB1-4E6D-B909-7F45817BD7D7}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6F7DF5F7-F5AF-4966-8E78-23236ED491EC}] => (Allow) C:\Users\Crusader\AppData\Roaming\BitTorrent\BitTorrent.exe
 
==================== Restore Points =========================
 
14-01-2018 13:11:05 Windows Update
14-01-2018 13:14:05 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/14/2018 02:16:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/14/2018 02:16:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/14/2018 12:57:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/14/2018 12:57:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {42315c8c-43b2-4998-8e11-5a9b33a72128}
 
Error: (01/13/2018 10:24:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RoomEditor.exe, version: 0.0.0.0, time stamp: 0x586b7d92
Faulting module name: RoomEditor.exe, version: 0.0.0.0, time stamp: 0x586b7d92
Exception code: 0xc0000005
Fault offset: 0x00503ff0
Faulting process id: 0x24d4
Faulting application start time: 0x01d38ce7327512f6
Faulting application path: C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21\tools\RoomEditor\RoomEditor.exe
Faulting module path: C:\Users\Crusader\Desktop\The.Binding.of.Isaac.Afterbirth.Plus.Update.21\tools\RoomEditor\RoomEditor.exe
Report Id: b65fdc64-df4b-4d75-9292-a4c5f47c9750
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/14/2018 01:22:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892).
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/14/2018 01:18:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-11 18:16:51.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-09 18:54:53.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-07 17:13:51.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-05 19:03:57.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-01 20:58:24.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-23 12:12:44.883
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\2183acbc84179aaad89cd4c050730ebc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-22 23:46:43.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-22 23:46:34.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-22 23:34:59.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-22 23:24:13.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 25%
Total physical RAM: 20375.29 MB
Available physical RAM: 15123.73 MB
Total Virtual: 23447.29 MB
Available Virtual: 17699.28 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.74 GB) (Free:763.62 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.85 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9B86520)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 04:21 PM

Thank you.

We have some more work to do. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • While on a clean computer download Farbar Recovery Scan Tool for either 64 bit or 32 bit computers and save it to your USB device. If you are unsure which version you need download both versions.
  • Press the Windows Key + R at the same time, type Notepad then press Enter
  • Copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
HKLM\SYSTEM\ControlSet001\Services\xnaltzdp
R3 udiskMgr; system32\drivers\jnqtwa.sys
C:\Windows\system32\drivers\jnqtwa.sys
2018-01-14 13:15 - 2018-01-14 13:15 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sierzdksvc.exe
2018-01-14 13:15 - 2018-01-14 13:15 - 000142160 ____N C:\WINDOWS\system32\Drivers\wieknrux.sys
2018-01-13 22:53 - 2018-01-13 22:53 - 000050761 _____ C:\Users\Crusader\Downloads\xinput1_3.zip
2018-01-13 22:53 - 2018-01-13 22:53 - 000020202 _____ C:\Users\Crusader\Downloads\xinput1_4.zip
2018-01-13 22:52 - 2018-01-13 22:52 - 000035377 _____ C:\Users\Crusader\Downloads\xinput1_2.zip
2018-01-13 22:46 - 2018-01-13 22:46 - 000035307 _____ C:\Users\Crusader\Downloads\xinput1_1.zip
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\DLL-files.com
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Users\Crusader\AppData\Roaming\DFXCT
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2018-01-13 22:45 - 2018-01-13 22:45 - 000000000 ____D C:\Program Files (x86)\DLL-Files.com Client
C:\Users\Crusader\AppData\Local\cgorkut
2017-12-22 19:37 - 2018-01-14 14:27 - 000000000 ____D C:\Users\Crusader\AppData\Local\avigcue
2017-12-22 19:37 - 2017-12-22 19:39 - 000000000 ____D C:\Users\Crusader\AppData\Local\igfxmtc
2017-12-22 19:35 - 2017-12-22 19:35 - 000000000 ____D C:\WINDOWS\system32\snbgxzv
C:\Users\Crusader\AppData\Local\DBG
C:\WINDOWS\system32\drivers\wieknrux.sys
  • On your infected computer hold down the Shift Key, left click Start, click the Power icon, then select Restart
  • Select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Insert the USB device into your infected computer
  • Type Notepad and hit Enter
  • Click File, Open, then This PC
  • Double click on the drive letter representing your USB device
  • Next to Files of type: select All Files
  • Right click on FRST and select Run as administrator
  • Click Fix
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Edited by Oh My!, 14 January 2018 - 05:25 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 04:31 PM

Is there any way to do that, that doesn't involve a clean computer? This is the only computer I have access to.


Edited by Crusader527, 14 January 2018 - 04:32 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 05:27 PM

Unfortunately not. The malware compromises the download.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Crusader527

Crusader527
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 14 January 2018 - 05:52 PM

Alright, I'll try to go to a local library or contact a friend and see if I can do what I need to. I'll let you know if I'm successful.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 January 2018 - 06:40 PM

Very good.

Sorry about the inconvenience but our hands are tied.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users