Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus / Malware via cmd transferring


  • This topic is locked This topic is locked
10 replies to this topic

#1 dafdaf

dafdaf

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 18 January 2018 - 01:51 AM

Hi folks,

I couldn't cope with that kind. I used malwarebyte and FRST several times but could not fix it. Here's my last scan log files for each programs.

Thank you so much for your attention before everything else :)

 

 

 

••••••••••••••••••••••••••••••••••••••••
------------------------------------------
  ☻--   FRST  logs --☻

------------------------------------------

••••••••••••••••••••••••••••••••••••••••

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by AGTV (administrator) on AGTV-PC (18-01-2018 07:40:07)
Running from C:\Users\AGTV\Desktop\BUGRA
Loaded Profiles: AGTV & DefaultAppPool (Available Profiles: AGTV & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: İngilizce (Amerikan)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\AGTV\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BitTorrent Inc.) C:\Users\AGTV\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\AGTV\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\AGTV\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5155072 2016-01-07] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2017-11-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2017-11-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299520 2017-05-11] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\Run: [Chromium] => "c:\users\agtv\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\Run: [go] => C:\Users\AGTV\AppData\Local\Go!\Application\go.exe --no-startup-window
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\MountPoints2: {b0bb3e52-f8ba-11e7-b961-201a069c6c3e} - F:\setup.exe
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\MountPoints2: {dc57f6cd-e66f-11e7-9d8b-485ab6ced890} - G:\AutoRun.exe
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\MountPoints2: {dc57f6d8-e66f-11e7-9d8b-485ab6ced890} - G:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-11-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7C3228A6-A6C9-42CB-8864-75AD41DD9BA9}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3680190877-228863176-2197478847-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-3680190877-228863176-2197478847-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "","hxxps://www.google.com/","hxxp://www.hxxps://www.google.com//?affID=119716&babsrc=HP_ss&mntrId=c68aeb8b000000000000001e64652b64","hxxp://www1.hxxps://www.google.com//?babsrc=HP_ss&mntrId=C68A001E64652B65&affID=119820&tt=160713_91114&tsp=4945","hxxp://websearch.goodforsearch.info/?pid=23503&r=2015/05/13&hid=16881473558444970323&lg=EN&cc=AT&unqvl=86","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]
CHR Extension: (Docs) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-18]
CHR Extension: (Google Drive) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-18]
CHR Extension: (YouTube) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-18]
CHR Extension: (Adblock Plus) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-18]
CHR Extension: (Adobe Acrobat) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-18]
CHR Extension: (AG TV CANLI YAYIN PENCERESI) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfaepjgldoalfnfibbhiogombjkclda [2017-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-18]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-11-18]
CHR Extension: (Google Mail-Checker) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-11-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-18]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-01-16]
CHR Extension: (Google Mail) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\AGTV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-02-19] (Broadcom Corporation.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2000-01-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-26] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [271128 2017-06-09] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 17596343; C:\Windows\system32\drivers\17596343.sys [255928 2018-01-15] (Malwarebytes)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [89496 2017-10-30] (Advanced Micro Devices, Inc.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2018-01-14] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-18] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-18] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [200792 2017-06-25] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [782304 2017-04-12] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [420832 2017-04-07] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [3095296 2016-01-07] (Realtek Semiconductor Corp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-01-08] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Switchers; C:\Windows\System32\DRIVERS\Switchers.sys [15872 2017-07-17] (Blackmagic Design)
S3 WebPresenter; C:\Windows\System32\DRIVERS\WebPresenter.sys [15872 2017-04-28] (Blackmagic Design)
S3 ysusb_w8_1_64; C:\Windows\System32\drivers\ysusb_w8_1_64.sys [135584 2017-10-03] (Yamaha Corporation)
S3 CnxtHdAudService; system32\drivers\CHDRT64.sys [X]
S3 Streaming; system32\DRIVERS\BlackmagicStreaming.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 07:23 - 2018-01-18 07:23 - 000001355 _____ C:\Users\AGTV\Desktop\Malwarebytes_AGTV.txt
2018-01-18 07:20 - 2018-01-18 07:20 - 008198432 _____ (Malwarebytes) C:\Users\AGTV\Downloads\adwcleaner_7.0.6.0.exe
2018-01-18 05:56 - 2018-01-18 05:57 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-18 05:56 - 2018-01-18 05:56 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-18 05:56 - 2018-01-18 05:56 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-18 05:56 - 2018-01-18 05:56 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-18 05:56 - 2018-01-18 05:56 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-17 21:40 - 2018-01-17 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-17 21:40 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-17 01:14 - 2018-01-17 01:14 - 000283000 _____ C:\Windows\Minidump\011718-11232-01.dmp
2018-01-16 20:11 - 2018-01-16 20:11 - 000000000 ____D C:\Users\AGTV\AppData\Local\CrashDumps
2018-01-16 19:59 - 2018-01-16 19:59 - 000000000 ____D C:\Users\AGTV\Documents\Keysticks
2018-01-16 19:59 - 2018-01-16 19:59 - 000000000 ____D C:\Users\AGTV\AppData\Local\Keysticks.net
2018-01-16 19:59 - 2018-01-16 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keysticks
2018-01-16 19:59 - 2018-01-16 19:59 - 000000000 ____D C:\ProgramData\Keysticks.net
2018-01-16 19:42 - 2018-01-16 19:42 - 000283000 _____ C:\Windows\Minidump\011618-11731-01.dmp
2018-01-16 19:41 - 2018-01-16 19:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2018-01-16 19:41 - 2018-01-16 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2018-01-16 19:41 - 2018-01-16 19:41 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2018-01-15 22:48 - 2018-01-16 22:53 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-15 22:48 - 2018-01-15 22:48 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-01-15 22:48 - 2011-04-12 09:28 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-01-15 22:46 - 2018-01-15 22:46 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\AVAST Software
2018-01-15 22:45 - 2018-01-15 22:45 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw34ccfe9bed715239.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe724ed58e7ad8d9b.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw33b0cfe9da3addc0.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3d32345fd38544fc.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf446221f16b59f53.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswedb2294957bf4db7.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf81dc11d1bb99986.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2bdd88d38628ac01.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw739195d2aa778f57.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7e2fd66b1518ed98.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb9f7ed2b98b99119.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1b306ef5b03c4300.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw51e5d390cd75f469.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5a6f9b5656050196.tmp
2018-01-15 22:45 - 2018-01-15 22:45 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-15 22:42 - 2018-01-15 22:42 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-15 22:41 - 2018-01-15 22:41 - 000085528 _____ C:\Users\AGTV\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-15 22:36 - 2018-01-15 22:36 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\anyburn
2018-01-15 22:31 - 2018-01-15 22:33 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-15 03:48 - 2018-01-15 03:48 - 000282944 _____ C:\Windows\Minidump\011518-10686-01.dmp
2018-01-15 03:31 - 2018-01-15 04:15 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-15 03:31 - 2018-01-15 03:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\17596343.sys
2018-01-15 03:23 - 2018-01-18 07:40 - 000000000 ____D C:\FRST
2018-01-15 02:13 - 2018-01-15 02:13 - 000000000 ____D C:\Windows\SysWOW64\BestPractices
2018-01-15 02:13 - 2018-01-15 02:13 - 000000000 ____D C:\Windows\system32\BestPractices
2018-01-15 02:13 - 2018-01-15 02:13 - 000000000 ____D C:\inetpub
2018-01-14 04:12 - 2018-01-14 04:12 - 000282944 _____ C:\Windows\Minidump\011418-11185-01.dmp
2018-01-14 00:58 - 2018-01-14 00:58 - 000000000 ____D C:\Users\AGTV\AppData\Local\UnrealEngine
2018-01-14 00:58 - 2018-01-14 00:58 - 000000000 ____D C:\Users\AGTV\AppData\Local\HellbladeGame
2018-01-14 00:58 - 2018-01-14 00:58 - 000000000 ____D C:\ProgramData\Steam
2018-01-14 00:50 - 2018-01-14 00:50 - 000030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-01-14 00:50 - 2018-01-14 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2018-01-14 00:50 - 2018-01-14 00:50 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-01-13 23:55 - 2018-01-17 21:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-13 23:55 - 2018-01-13 23:55 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-13 23:31 - 2018-01-13 23:31 - 000000000 ____D C:\ProgramData\Avg
2018-01-13 20:53 - 2018-01-13 22:23 - 000000000 ____D C:\Users\AGTV\AppData\LocalLow\Unity
2018-01-13 20:52 - 2018-01-13 20:52 - 000002128 _____ C:\Users\AGTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go!.lnk
2018-01-13 20:42 - 2018-01-18 07:08 - 000003262 _____ C:\Windows\System32\Tasks\OdBtAxabe
2018-01-13 20:42 - 2018-01-17 22:08 - 000003466 _____ C:\Windows\System32\Tasks\OzwaULUraSUx
2018-01-13 20:42 - 2018-01-13 20:42 - 000003622 _____ C:\Windows\System32\Tasks\BvdYAYwbHiVoQ
2018-01-13 20:42 - 2010-11-21 04:24 - 000186368 _____ (Microsoft Corporation) C:\Users\AGTV\feYAnAuULiPTV.exe
2018-01-13 20:42 - 2009-07-14 02:14 - 000001063 _____ C:\Program Files (x86)\Uyoym
2018-01-13 20:42 - 2009-07-14 02:14 - 000000991 _____ C:\Users\AGTV\IabYYmsBY
2018-01-13 20:42 - 2009-07-14 02:14 - 000000058 _____ C:\Program Files (x86)\ueyOVhODEYEg
2018-01-13 20:42 - 2009-07-14 02:14 - 000000053 _____ C:\Users\AGTV\AppData\Roaming\fIet
2018-01-13 20:40 - 2018-01-13 20:43 - 000000000 ____D C:\ProgramData\Mail.Ru
2018-01-13 02:23 - 2018-01-18 00:59 - 000000000 ____D C:\Users\AGTV\AppData\LocalLow\uTorrent
2018-01-09 15:09 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2018-01-09 15:09 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2018-01-09 15:09 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-01-09 15:09 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-01-09 15:09 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2018-01-09 15:09 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-01-09 15:09 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-01-09 15:09 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-01-09 15:09 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-01-09 15:09 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-01-09 15:09 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-01-09 15:09 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-01-09 15:09 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-01-09 15:09 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-01-09 15:09 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-01-09 15:09 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-01-09 15:09 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-01-09 15:09 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-01-09 15:09 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-01-09 15:09 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-01-09 15:09 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-01-09 15:09 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-01-09 15:09 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-01-09 15:09 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-01-09 15:09 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-01-09 15:09 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-01-09 15:09 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-01-09 15:09 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-01-09 15:09 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-01-09 15:09 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-01-09 15:09 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-01-09 15:09 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-01-09 15:09 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-01-09 15:09 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-01-09 15:09 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-01-09 15:09 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-01-09 15:09 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-01-09 15:09 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-01-09 15:09 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-01-09 15:09 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-01-09 15:09 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-01-09 15:09 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-01-09 15:09 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-01-09 15:09 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-01-09 15:09 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-01-09 15:09 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-01-09 15:09 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-01-09 15:09 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-01-09 15:09 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-01-09 15:09 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-01-09 15:09 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-01-09 15:09 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-01-09 15:09 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-01-09 15:09 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-01-09 15:09 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-01-09 15:09 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-01-09 15:09 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-01-09 15:09 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-01-09 15:09 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-01-09 15:09 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-01-09 15:09 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-01-09 15:09 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-01-09 15:09 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-01-09 15:09 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-01-09 15:09 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-01-09 15:09 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-01-09 15:08 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-01-09 15:08 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-01-09 15:08 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-01-09 15:08 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-01-09 15:08 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-01-09 15:08 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-01-09 15:08 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-01-09 15:08 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-01-09 15:08 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-01-09 15:08 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-01-09 15:08 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-01-09 15:08 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-01-09 15:08 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-01-09 15:08 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-01-09 15:08 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-01-09 15:08 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-01-09 15:08 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-01-09 15:08 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-01-09 15:08 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-01-09 15:08 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-01-09 15:08 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-01-09 15:08 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-01-09 15:08 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-01-09 15:08 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-01-09 15:08 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-01-09 15:08 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-01-09 15:08 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-01-09 15:08 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-01-09 15:08 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-01-09 15:08 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-01-09 15:08 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-01-09 15:08 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-01-09 15:08 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-01-09 15:08 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-01-09 15:08 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-01-09 15:08 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-01-09 15:08 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-01-09 15:08 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-01-09 15:08 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-01-09 15:08 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-01-09 15:08 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-01-09 15:08 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-01-09 15:08 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-01-09 15:08 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-01-09 15:08 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-01-09 15:08 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-01-09 15:08 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-01-09 15:08 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-01-09 15:08 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-01-09 15:08 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-01-09 15:08 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-01-09 15:08 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2018-01-09 15:08 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-01-09 15:08 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-01-09 15:07 - 2018-01-09 15:09 - 000000000 ____D C:\Users\AGTV\Documents\WBGames
2018-01-09 15:07 - 2018-01-09 15:07 - 000000000 ____D C:\Users\Public\Documents\WBGames
2018-01-09 15:07 - 2018-01-09 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-01-08 19:27 - 2018-01-08 19:28 - 000163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2018-01-08 19:27 - 2018-01-08 19:27 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-01-07 04:16 - 2018-01-18 07:40 - 000000000 ____D C:\Users\AGTV\Desktop\BUGRA
2018-01-06 22:53 - 2018-01-06 23:26 - 000000000 ____D C:\Users\AGTV\AppData\Local\Microsoft Games
2018-01-04 17:58 - 2018-01-04 17:59 - 000000000 ____D C:\Users\AGTV\Desktop\BIlder
2017-12-30 11:14 - 2017-12-30 11:14 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-12-30 11:14 - 2017-12-30 11:14 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-25 18:03 - 2017-12-25 18:03 - 000000000 ____D C:\Users\AGTV\AppData\Local\ElevatedDiagnostics
2017-12-19 11:19 - 2017-12-19 11:19 - 000086839 _____ C:\Users\AGTV\Desktop\Son Test 2017_12_19.vmix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 07:39 - 2017-11-18 13:47 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\uTorrent
2018-01-18 05:01 - 2009-07-14 05:45 - 000025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-18 05:01 - 2009-07-14 05:45 - 000025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-18 01:03 - 2017-11-19 02:03 - 000000000 ____D C:\Users\AGTV\Desktop\BUGRA CEKIMLER
2018-01-17 23:21 - 2017-11-19 01:59 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\Anvsoft
2018-01-17 23:20 - 2017-11-18 12:15 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\vlc
2018-01-17 23:07 - 2017-11-18 05:40 - 000786742 _____ C:\Windows\system32\perfh007.dat
2018-01-17 23:07 - 2017-11-18 05:40 - 000182138 _____ C:\Windows\system32\perfc007.dat
2018-01-17 23:07 - 2017-11-18 05:34 - 000725160 _____ C:\Windows\system32\perfh01F.dat
2018-01-17 23:07 - 2017-11-18 05:34 - 000171570 _____ C:\Windows\system32\perfc01F.dat
2018-01-17 23:07 - 2009-07-14 06:13 - 002745650 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-17 23:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-17 22:05 - 2017-11-18 22:24 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-17 22:05 - 2017-11-18 06:19 - 000000000 __SHD C:\Users\AGTV\IntelGraphicsProfiles
2018-01-17 22:05 - 2009-07-14 06:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-17 22:05 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-17 21:53 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-17 21:53 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-17 01:14 - 2017-12-03 08:41 - 863575446 _____ C:\Windows\MEMORY.DMP
2018-01-17 01:14 - 2017-12-03 08:41 - 000000000 ____D C:\Windows\Minidump
2018-01-16 00:30 - 2017-12-12 13:59 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-15 02:14 - 2017-11-18 05:08 - 002569264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-15 02:13 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-15 02:13 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Microsoft Games
2018-01-15 02:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-01-15 02:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\inetsrv
2018-01-14 00:57 - 2017-11-18 05:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-14 00:50 - 2017-11-18 12:43 - 000000000 ____D C:\Users\AGTV\AppData\Roaming\DAEMON Tools Lite
2018-01-14 00:42 - 2017-11-18 04:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-14 00:04 - 2017-11-18 06:12 - 000000000 ____D C:\ProgramData\Uniblue
2018-01-13 22:24 - 2017-11-18 06:14 - 000000000 ____D C:\Users\AGTV\AppData\Local\SlimWare Utilities Inc
2018-01-13 20:42 - 2017-11-18 04:45 - 000000000 ____D C:\Users\AGTV
2018-01-09 20:14 - 2017-11-18 12:51 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 20:14 - 2017-11-18 12:51 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 20:14 - 2017-11-18 12:51 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 20:14 - 2017-11-18 12:51 - 000004378 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 20:14 - 2017-11-18 12:51 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 20:14 - 2017-11-18 12:51 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 02:41 - 2017-11-18 05:14 - 000002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 02:41 - 2017-11-18 05:14 - 000002182 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 19:11 - 2017-11-18 04:45 - 000000000 ____D C:\Users\AGTV\AppData\Local\VirtualStore
2018-01-08 14:48 - 2017-11-18 12:13 - 000000000 ____D C:\Users\AGTV\AppData\Local\AMD
2018-01-05 08:02 - 2017-11-22 09:14 - 000000000 ____D C:\Users\AGTV\AppData\Local\LenovoServiceBridge
2017-12-30 11:14 - 2017-11-18 12:52 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-26 23:53 - 2017-11-18 12:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-26 14:01 - 2017-11-18 20:45 - 000000000 ____D C:\Users\AGTV\Documents\ATEM Autosave
2017-12-24 18:11 - 2017-11-18 12:14 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-12-24 18:11 - 2017-11-18 12:14 - 000000966 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-12-20 16:28 - 2017-12-17 04:29 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-12-19 11:19 - 2017-11-18 20:53 - 000086839 _____ C:\Users\AGTV\AppData\Roaming\last.vmix
 
==================== Files in the root of some directories =======
 
2018-01-13 20:42 - 2010-11-21 04:24 - 000186368 _____ (Microsoft Corporation) C:\Users\AGTV\feYAnAuULiPTV.exe
2009-07-14 02:14 - 2009-07-14 02:14 - 000000991 _____ () C:\Users\AGTV\IabYYmsBY.bat
2018-01-13 20:42 - 2009-07-14 02:14 - 000000058 _____ () C:\Program Files (x86)\ueyOVhODEYEg
2009-07-14 02:14 - 2009-07-14 02:14 - 000000058 _____ () C:\Program Files (x86)\ueyOVhODEYEg.bat
2018-01-13 20:42 - 2009-07-14 02:14 - 000001063 _____ () C:\Program Files (x86)\Uyoym
2009-07-14 02:14 - 2009-07-14 02:14 - 000001063 _____ () C:\Program Files (x86)\Uyoym.bat
2018-01-13 20:42 - 2009-07-14 02:14 - 000000053 _____ () C:\Users\AGTV\AppData\Roaming\fIet
2009-07-14 02:14 - 2009-07-14 02:14 - 000000053 _____ () C:\Users\AGTV\AppData\Roaming\fIet.bat
2017-11-18 20:53 - 2017-12-19 11:19 - 000086839 _____ () C:\Users\AGTV\AppData\Roaming\last.vmix
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-08 06:31
 
==================== End of FRST.txt ============================

>

>

>

>

>

>

>>

••••••••••••••••••••••••••••••••••••••••
------------------------------------------
  ☻-- Malwarebyte logs --☻

------------------------------------------

••••••••••••••••••••••••••••••••••••••••
 

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/18/18
Scan Time: 6:00 AM
Log File: 84d49600-fc0c-11e7-8afe-201a069c6c3e.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3719
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AGTV-PC\AGTV
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 234237
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 52 min, 34 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
RiskWare.GameHack, D:\PROGRAM FILES (X86)\HELLBLADE SENUAS SACRIFICE\ENGINE\BINARIES\THIRDPARTY\STEAMWORKS\STEAMV132\WIN64\STEAM_API64.DLL, No Action By User, [403], [305544],1.0.3719
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 18 January 2018 - 08:06 AM

Hi dafdaf :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

When you ran FRST, a second log should've been produced as well, Addition.txt. Can you copy/paste its content here?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 dafdaf

dafdaf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 18 January 2018 - 09:44 PM

Hi dafdaf :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

When you ran FRST, a second log should've been produced as well, Addition.txt. Can you copy/paste its content here?

 

First of all Thank you so much for your quick response. I guess that i deleted on the first scan.Sorry ior it.. But I did a new scan Is it ok?
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by AGTV (19-01-2018 03:36:28)
Running from C:\Users\AGTV\Desktop\BUGRA
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-18 03:45:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3680190877-228863176-2197478847-500 - Administrator - Disabled)
AGTV (S-1-5-21-3680190877-228863176-2197478847-1000 - Administrator - Enabled) => C:\Users\AGTV
Guest (S-1-5-21-3680190877-228863176-2197478847-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Any Video Converter 6.2.0 (HKLM-x32\...\Any Video Converter) (Version: 6.2.0 - Anvsoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AX88772A & AX88772 Windows 7 Drivers (HKLM-x32\...\{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772A & AX88772 Windows 7 Drivers (HKLM-x32\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.1.0 - ASIX Electronics Corporation)
Blackmagic ATEM Switchers (HKLM\...\{8E10D5A9-8E8C-4898-9F05-CA45F4CF46C3}) (Version: 7.2.0.0 - Blackmagic Design)
Blackmagic Web Presenter (HKLM\...\{58C3ACD9-247F-429A-8B07-0E83DBC2338A}) (Version: 1.2.0.0 - Blackmagic Design)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.75 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.01 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11165 - Realtek Semiconductor Corp.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
F.E.A.R. 2 - Project Origin + Reborn (HKLM-x32\...\1425479123_is1) (Version: 2.0.0.3 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hellblade: Senua's Sacrifice (HKLM\...\aGVsbGJsYWRlc2VudWFzc2FjcmlmaWNl_is1) (Version: 1 - )
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Keysticks (HKLM-x32\...\{7A14FE45-8517-462D-BCB4-4015395945C8}) (Version: 1.91 - Keysticks.net)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Lenovo Service Bridge (HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
Lenovo Solution Center (HKLM\...\{06913C0C-88EB-42AF-9D94-3E9136CEE9BC}) (Version: 3.6.002.003 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
MagicYUV Lossless Video Codec version 1.1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.1 - INNOMAGIC Bt.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Ihr Firmenname) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
vMix (HKLM-x32\...\{93D664E9-E81E-4277-9E90-6CDABAC7208F}_is1) (Version:  - StudioCoast)
vMix Social (HKLM-x32\...\{1A0C8557-EB4A-4DD1-B4F9-A974ADEFE05F}_is1) (Version:  - StudioCoast Pty Ltd)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows Sürücü Paketi - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM\...\{81D09AFD-74A6-4BDB-809F-7587D04614F3}) (Version: 1.9.11 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.9.11 - Yamaha Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3680190877-228863176-2197478847-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2000-01-01] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DED6B0E-A1AF-488F-8DD1-A99E671F9E57} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {1AAF7895-2B8C-44A2-9D2C-4D3CF18C7935} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-06-09] (Lenovo)
Task: {257DD657-9959-4732-BD56-3265DD7792BC} - System32\Tasks\OdBtAxabe => C:\Users\AGTV\AppData\Roaming\fIet.bat [2009-07-14] () <==== ATTENTION
Task: {3ACF89F5-57A3-4A3A-9C23-71F210B4F970} - System32\Tasks\AMD ThankingURL => "" [Argument = -LAUNCHTHQURL]
Task: {3F3882DF-1C09-4BB2-8267-15FEB712D30E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-06-09] (Lenovo)
Task: {5D43014B-451B-4A4B-A1D9-10F6BB570683} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {746FEE1B-E652-4D3F-93AA-DEBAD6BC3A50} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {7C566CE9-69A7-4F4C-BD0D-AC55BC1F088E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {7EB733A8-C329-42C1-B104-1A80FB406A2C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3680190877-228863176-2197478847-1000 => C:\Users\AGTV\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
Task: {867DD5FC-E85C-493E-B255-EF49AD586C72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-18] (Google Inc.)
Task: {98971547-9C06-4A54-90A9-9FAA0BF907AD} - System32\Tasks\OzwaULUraSUx => C:\Program Files (x86)\ueyOVhODEYEg.bat <==== ATTENTION
Task: {A1939806-5B6A-4E60-82F5-A8458E50B474} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-06-09] ()
Task: {A7530B91-810D-4FC7-93E8-4DFD254ADA6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {A89A31D5-BD48-4D60-A206-05B0F7821684} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B46D1ED5-4F65-45DF-93B0-9DEBAE1A3019} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation)
Task: {B6823606-6DE5-4494-9389-B973EDD6422C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {C06A0057-467D-4307-A315-1A5EFDDB8979} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {E4268531-9F74-44B3-884D-18BC101B6379} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {E87D0643-3B33-47B3-996B-5BA43F78CAD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-18] (Google Inc.)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FDF0A9FA-0826-46B6-9EDC-B43ED01CFC6C} - System32\Tasks\BvdYAYwbHiVoQ => C:\Users\AGTV\AppData\Local\AeiKaDUSUO.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-01-17 21:40 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-17 21:40 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2008-12-20 03:20 - 2017-11-20 21:27 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 16:30 - 2017-11-20 21:27 - 001509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-08 15:42 - 2017-11-20 21:27 - 000011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\tr-TR\EMWpfUI.resources.dll
2008-12-20 03:20 - 2017-11-20 21:27 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2017-07-22 00:55 - 2017-07-22 00:55 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-22 00:55 - 2017-07-22 00:55 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-11-22 10:57 - 2017-08-16 15:07 - 000023928 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2018-01-09 02:41 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 02:41 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-06-26 13:24 - 2017-06-26 13:24 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\AGTV\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F7390797-A9E0-4F74-AD89-0B3870AA9407}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5C22242A-F971-475B-A01C-9539676FB973}] => (Allow) C:\Users\AGTV\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{81A5F5F9-F1EB-444E-BBCB-4A4F1CE63D40}] => (Allow) C:\Users\AGTV\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{03361EE7-CB00-48A7-8577-A86CB0EF5B31}C:\program files (x86)\blackmagic design\blackmagic atem switchers\atem setup\atem setup.exe] => (Allow) C:\program files (x86)\blackmagic design\blackmagic atem switchers\atem setup\atem setup.exe
FirewallRules: [UDP Query User{AACBD10F-F57E-4CCD-9DD3-741D83BAC02E}C:\program files (x86)\blackmagic design\blackmagic atem switchers\atem setup\atem setup.exe] => (Allow) C:\program files (x86)\blackmagic design\blackmagic atem switchers\atem setup\atem setup.exe
FirewallRules: [{6D1E29DA-C5E2-44B2-A82C-B395FC5F9E30}] => (Allow) C:\Program Files (x86)\vMix\vMix.exe
FirewallRules: [{A0974687-B48B-4724-8BCA-636BAF78A07C}] => (Allow) C:\Program Files (x86)\vMix\vMix64.exe
FirewallRules: [{DE405E51-C084-467C-969A-BCB2F002EA20}] => (Allow) C:\Program Files (x86)\vMix\ndi\vMixNDIHelper.exe
FirewallRules: [{DC3C0B01-E1B2-4348-BD40-18F637808991}] => (Allow) C:\Program Files (x86)\vMix\vMixDesktopCapture.exe
FirewallRules: [{FB794DA3-AF2F-4D82-9C10-B5EDF4C8C9E6}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{A4A69769-40F6-4AB5-8E72-5B8441281350}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B53F6E92-C4F1-4D79-A2B7-E1F99B4A4270}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3DC0F2BB-202F-4018-97CD-8C27D5693623}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{02C2E50C-ADB1-44B8-AEF1-F8B4291102DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{716BE4C5-340A-44FE-9FF5-6B4BAF91069F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C15A7E46-6072-4D9D-A627-95AA3F347165}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DFBE9350-58FA-4215-8891-EC1B8902727C}] => (Allow) C:\Users\AGTV\AppData\Local\Go!\Application\go.exe
 
==================== Restore Points =========================
 
14-01-2018 00:42:01 Removed Call of Duty® 2
15-01-2018 02:08:14 Windows Modules Installer
15-01-2018 03:46:24 Malwarebytes Anti-Rootkit Restore Point
16-01-2018 19:40:16 Installed DirectX
16-01-2018 19:54:58 Installed SlimDX Runtime .NET 4.0 x86 (January 2012)
16-01-2018 19:58:39 Installed Keysticks
17-01-2018 21:52:37 Restore Point Created by FRST
17-01-2018 22:04:17 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2018 08:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 10:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 10:04:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Access is denied.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {daa7d2ad-e246-4b94-8172-0c647daa2759}
 
Error: (01/17/2018 09:56:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 09:52:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Access is denied.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {34807427-fd56-4bb4-be87-703779893837}
 
Error: (01/17/2018 09:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 09:47:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 09:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/17/2018 01:15:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/16/2018 08:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: Keysticks.exe, sürüm: 1.9.1.0, zaman damgası: 0x59f5fe27
Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000
Özel durum kodu: 0xc0000005
Hata uzaklığı 0xfff7418b
Hatalı işlem kimliği: 0x13b0
Uygulama başlangıç zamanı: 0x01d38efc2922c3d9
Hatalı uygulama yolu: D:\Program Files (x86)\Keysticks.net\Keysticks\Keysticks.exe
Hatalı modül yolu: unknown
Rapor kimliği: 183a054a-faf1-11e7-9f39-201a069c6c3e
 
 
System errors:
=============
Error: (01/18/2018 08:22:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kaydolamadı.
 
Error: (01/18/2018 05:18:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 04:32:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 03:45:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 02:59:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 02:12:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 01:49:35 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 01:35:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 01:26:21 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
Error: (01/18/2018 01:21:42 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Şu önemli uyarı alındı: 40.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-18 20:28:24.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-18 20:28:24.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-18 20:28:08.149
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-18 20:28:08.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-18 20:25:39.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-18 20:25:39.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Switchers.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16300.36 MB
Available physical RAM: 13021.75 MB
Total Virtual: 32598.9 MB
Available Virtual: 28909.51 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:195.59 GB) (Free:78.77 GB) NTFS
Drive d: (AGTV) (Fixed) (Total:281.25 GB) (Free:197.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 2B70B28C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 19 January 2018 - 08:09 AM

Alright follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 dafdaf

dafdaf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 19 January 2018 - 08:42 AM

Here's the results. ı think it fixed. :) ...

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by AGTV (19-01-2018 14:29:15) Run:4
Running from C:\Users\AGTV\Desktop\BUGRA
Loaded Profiles: AGTV (Available Profiles: AGTV & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
cmd: type "C:\Program Files (x86)\Uyoym"
cmd: type "C:\Program Files (x86)\Uyoym.bat"
cmd: type "C:\Program Files (x86)\ueyOVhODEYEg"
cmd: type "C:\Program Files (x86)\ueyOVhODEYEg.bat"
cmd: type "C:\Users\AGTV\IabYYmsBY"
cmd: type "C:\Users\AGTV\IabYYmsBY.bat"
cmd: type "C:\Users\AGTV\AppData\Roaming\fIet"
cmd: type "C:\Users\AGTV\AppData\Roaming\fIet.bat"
 
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\Run: [Chromium] => "c:\users\agtv\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3680190877-228863176-2197478847-1000\...\Run: [go] => C:\Users\AGTV\AppData\Local\Go!\Application\go.exe --no-startup-window
 
CHR StartupUrls: Default -> "","hxxps://www.google.com/","hxxp://www.hxxps://www.google.com//?affID=119716&babsrc=HP_ss&mntrId=c68aeb8b000000000000001e64652b64","hxxp://www1.hxxps://www.google.com//?babsrc=HP_ss&mntrId=C68A001E64652B65&affID=119820&tt=160713_91114&tsp=4945","hxxp://websearch.goodforsearch.info/?pid=23503&r=2015/05/13&hid=16881473558444970323&lg=EN&cc=AT&unqvl=86","hxxps://www.google.com/"
 
S3 17596343; C:\Windows\system32\drivers\17596343.sys [255928 2018-01-15] (Malwarebytes)
 
Task: {257DD657-9959-4732-BD56-3265DD7792BC} - System32\Tasks\OdBtAxabe => C:\Users\AGTV\AppData\Roaming\fIet.bat [2009-07-14] () <==== ATTENTION
Task: {98971547-9C06-4A54-90A9-9FAA0BF907AD} - System32\Tasks\OzwaULUraSUx => C:\Program Files (x86)\ueyOVhODEYEg.bat <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FDF0A9FA-0826-46B6-9EDC-B43ED01CFC6C} - System32\Tasks\BvdYAYwbHiVoQ => C:\Users\AGTV\AppData\Local\AeiKaDUSUO.exe
 
FirewallRules: [{DFBE9350-58FA-4215-8891-EC1B8902727C}] => (Allow) C:\Users\AGTV\AppData\Local\Go!\Application\go.exe
 
C:\Program Files (x86)\Uyoym
C:\Program Files (x86)\Uyoym.bat
C:\Program Files (x86)\ueyOVhODEYEg
C:\Program Files (x86)\ueyOVhODEYEg.bat
C:\ProgramData\Mail.Ru
C:\Users\AGTV\IabYYmsBY
C:\Users\AGTV\IabYYmsBY.bat
C:\Users\AGTV\feYAnAuULiPTV.exe
C:\Users\AGTV\AppData\Roaming\fIet
C:\Users\AGTV\AppData\Roaming\fIet.bat
C:\Windows\system32\Drivers\17596343.sys
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
 
========= type "C:\Program Files (x86)\Uyoym" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Program Files (x86)\Uyoym.bat" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Program Files (x86)\ueyOVhODEYEg" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Program Files (x86)\ueyOVhODEYEg.bat" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Users\AGTV\IabYYmsBY" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Users\AGTV\IabYYmsBY.bat" =========
 
Sistem belirtilen dosyayÕ bulamÕyor.
 
========= End of CMD: =========
 
 
========= type "C:\Users\AGTV\AppData\Roaming\fIet" =========
 
start /min cmd /c "C:\Users\AGTV\IabYYmsBY.bat"
exit
========= End of CMD: =========
 
 
========= type "C:\Users\AGTV\AppData\Roaming\fIet.bat" =========
 
start /min cmd /c "C:\Users\AGTV\IabYYmsBY.bat"
exit
========= End of CMD: =========
 
"HKU\S-1-5-21-3680190877-228863176-2197478847-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-3680190877-228863176-2197478847-1000\Software\Microsoft\Windows\CurrentVersion\Run\\go" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\17596343" => removed successfully
17596343 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{257DD657-9959-4732-BD56-3265DD7792BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{257DD657-9959-4732-BD56-3265DD7792BC}" => removed successfully
C:\Windows\System32\Tasks\OdBtAxabe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OdBtAxabe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98971547-9C06-4A54-90A9-9FAA0BF907AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98971547-9C06-4A54-90A9-9FAA0BF907AD}" => removed successfully
C:\Windows\System32\Tasks\OzwaULUraSUx => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OzwaULUraSUx" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDF0A9FA-0826-46B6-9EDC-B43ED01CFC6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDF0A9FA-0826-46B6-9EDC-B43ED01CFC6C}" => removed successfully
C:\Windows\System32\Tasks\BvdYAYwbHiVoQ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BvdYAYwbHiVoQ" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFBE9350-58FA-4215-8891-EC1B8902727C}" => removed successfully
"C:\Program Files (x86)\Uyoym" => removed successfully
"C:\Program Files (x86)\Uyoym.bat" => removed successfully
"C:\Program Files (x86)\ueyOVhODEYEg" => removed successfully
"C:\Program Files (x86)\ueyOVhODEYEg.bat" => removed successfully
"C:\ProgramData\Mail.Ru" => removed successfully
"C:\Users\AGTV\IabYYmsBY" => removed successfully
"C:\Users\AGTV\IabYYmsBY.bat" => removed successfully
"C:\Users\AGTV\feYAnAuULiPTV.exe" => removed successfully
C:\Users\AGTV\AppData\Roaming\fIet => moved successfully
C:\Users\AGTV\AppData\Roaming\fIet.bat => moved successfully
C:\Windows\system32\Drivers\17596343.sys => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13551633 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 522044176 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
AGTV => 6546317 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 525 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:29:43 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 19 January 2018 - 08:49 AM

Looks like it to me :) Were there any other issues to address, or that was it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 dafdaf

dafdaf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 19 January 2018 - 08:52 AM

No there's no any other. Thank you so much again. You are awesome!! :bounce:  :)



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 19 January 2018 - 08:53 AM

No problem dafdaf, you're welcome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 dafdaf

dafdaf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 19 January 2018 - 09:04 AM

Alright. I'm doing that :) I wish for you an unstressfully and comfortly nice days & life :)  :clapping:


Edited by dafdaf, 19 January 2018 - 09:04 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 21 January 2018 - 11:42 AM

No problem dafdaf, you're welcome! I wish you the same :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 21 January 2018 - 11:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users