Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus can't be deleted. ACCESS DENIED despite administrator priveleges


  • This topic is locked This topic is locked
23 replies to this topic

#1 drbulbasaur

drbulbasaur

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 06:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by gaming (administrator) on GAMING-PC (09-03-2018 18:37:08)
Running from C:\Users\gaming\Downloads
Loaded Profiles: gaming (Available Profiles: gaming & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\vdhtouzsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\gaming\AppData\Local\lsigpmv\lsigpmv.exe
() C:\Users\gaming\AppData\Local\raipeoc\nikavcu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\gaming\AppData\Local\lsigpmv\zahunkg.exe
() C:\Users\gaming\AppData\Local\lsigpmv\zahunkg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\gaming\AppData\Local\lsigpmv\zahunkg.exe
() C:\Users\gaming\AppData\Local\lsigpmv\zahunkg.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [crusty] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKLM\...\Run: [FLxHCIm] => "C:\Windows\system32\FLxHCIm.exe" i********************************************************************************************************************************************************************* (the data entry has 59 more characters).
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [antimissile] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-02-12] (Disc Soft Ltd)
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [les] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [summarised] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [qualifies] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {16fda12a-235c-11e8-9134-94de80a42866} - L:\SETUP.EXE
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {747608f0-129f-11e8-85f4-94de80a42866} - H:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {dacb508a-12d8-11e8-aba4-94de80a42866} - G:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {dacb50b0-12d8-11e8-aba4-94de80a42866} - H:\SETUP.EXE
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {dacb50fb-12d8-11e8-aba4-94de80a42866} - I:\setup.exe
Startup: C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fumbled.lnk [2018-02-19]
ShortcutTarget: fumbled.lnk -> C:\Program Files (x86)\Quadriplegic\copulate.exe (No File)
Startup: C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fumbledfumbled.lnk [2018-02-19]
ShortcutTarget: fumbledfumbled.lnk -> C:\Program Files (x86)\beachy\glycolic.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{475F4FA4-8B11-4CE8-9FD9-AEFFED5C0E0E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{475F4FA4-8B11-4CE8-9FD9-AEFFED5C0E0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{708E22C6-C5C3-488C-8828-55FE59DC93EB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{708E22C6-C5C3-488C-8828-55FE59DC93EB}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: ebr1mdd8.default
FF ProfilePath: C:\Users\gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ebr1mdd8.default [2018-03-09]
FF Session Restore: Mozilla\Firefox\Profiles\ebr1mdd8.default -> is enabled.
FF Extension: (Avast Online Security) - C:\Users\gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ebr1mdd8.default\Extensions\wrc@avast.com.xpi [2018-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{20F5333B-4F30-482f-9A53-E5E963B5D9C5}] - C:\Program Files (x86)\YTD\YTD\YTDE_FF.xpi
FF Extension: (YTD Extension) - C:\Program Files (x86)\YTD\YTD\YTDE_FF.xpi [2016-07-09] [Legacy]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-02-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_55.0.2883.59_u_hp_sp","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_57.0.2987.92_u_hp_sp","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_57.0.2987.93_u_hp_sp"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-16]
CHR Extension: (Docs) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-16]
CHR Extension: (Google Drive) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-16]
CHR Extension: (AdGuard AdBlocker) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-03-08]
CHR Extension: (YouTube) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-16]
CHR Extension: (uBlock Origin) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-12]
CHR Extension: (Video Downloader professional) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-12-17]
CHR Extension: (Sheets) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-16]
CHR Extension: (Popup Blocker Pro) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-16]
CHR Extension: (Gmail) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-08]
CHR Profile: C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-03-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\zhdrg <==== ATTENTION (Rootkit!)

S2 ASUSSwitchUSB; C:\ProgramData\ASUS Driver\USB-AC55 WLAN Card Utilities\U2U3Switch\ASUSSwitchUSB.exe [190704 2015-05-14] ()
S2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-02-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2018-01-17] (EasyAntiCheat Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-12-29] (Macrovision Europe Ltd.) [File not signed]
S2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2017-09-01] (Advanced Micro Devices) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-02-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-02-15] (Disc Soft Ltd)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
S1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-07] (COMODO)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-09] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2238136 2015-07-20] (MediaTek Inc.)
S3 illlpp; system32\drivers\fffiii.sys [X]
S3 nquxad; system32\drivers\txadhk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 18:37 - 2018-03-09 18:37 - 000015658 _____ C:\Users\gaming\Downloads\FRST.txt
2018-03-09 18:36 - 2018-03-09 18:37 - 000000000 ____D C:\FRST
2018-03-09 18:35 - 2018-03-09 18:35 - 002403328 _____ (Farbar) C:\Users\gaming\Downloads\FRST64.exe
2018-03-09 18:19 - 2018-03-09 18:19 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer(1).exe
2018-03-09 18:19 - 2018-03-09 18:19 - 000116682 _____ C:\Windows\ntbtlog.txt
2018-03-09 18:14 - 2018-03-09 18:14 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
2018-03-09 17:08 - 2018-03-09 17:08 - 006968952 _____ (ESET spol. s r.o.) C:\Users\gaming\Downloads\esetonlinescanner_enu.exe
2018-03-09 16:45 - 2018-03-09 16:45 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer.exe
2018-03-09 15:38 - 2018-03-09 15:38 - 000143184 ____N C:\Windows\system32\Drivers\vssptwzc.sys
2018-03-09 15:27 - 2018-03-09 15:29 - 000000000 ____D C:\AdwCleaner
2018-03-09 15:27 - 2018-03-09 15:27 - 008222496 _____ (Malwarebytes) C:\Users\gaming\Downloads\AdwCleaner.exe
2018-03-09 15:26 - 2018-03-09 15:26 - 000003562 _____ C:\Users\gaming\Documents\MalwarebytesExportSummary.txt
2018-03-09 15:19 - 2018-03-09 18:19 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-09 15:19 - 2018-03-09 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 15:19 - 2018-03-09 15:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-09 15:19 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-09 15:15 - 2018-03-09 15:16 - 068724528 _____ (Malwarebytes ) C:\Users\gaming\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe
2018-03-08 23:14 - 2018-03-08 23:15 - 000023908 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.14.53_log.txt
2018-03-08 23:09 - 2018-03-08 23:09 - 000000468 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.09.06_log.txt
2018-03-08 22:09 - 2018-03-08 22:10 - 000000000 ____D C:\Users\gaming\Documents\faterealtanua_savedata
2018-03-08 17:25 - 2018-03-08 17:25 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2018-03-08 05:47 - 2018-03-08 05:47 - 000000867 _____ C:\Users\gaming\Desktop\田舎の無知なむちむち娘.lnk
2018-03-08 05:47 - 2018-03-08 05:47 - 000000867 _____ C:\Users\Administrator\Desktop\田舎の無知なむちむち娘.lnk
2018-03-08 05:47 - 2018-03-08 05:47 - 000000000 ____D C:\Users\gaming\Documents\クレージュ
2018-03-08 05:47 - 2018-03-08 05:47 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\クレージュ
2018-03-08 05:47 - 2018-03-08 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\クレージュ
2018-03-08 01:50 - 2018-03-09 01:43 - 000000000 ____D C:\Users\gaming\Documents\cattleya
2018-03-08 01:49 - 2018-03-08 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATTLEYA
2018-03-05 21:00 - 2018-03-05 21:00 - 000000000 ____D C:\Users\gaming\Documents\GIGA
2018-03-05 20:57 - 2018-03-05 20:57 - 000000000 ____D C:\Users\gaming\Documents\SETTEC
2018-03-05 20:57 - 2018-03-05 20:57 - 000000000 ____D C:\ProgramData\ASign
2018-03-05 20:56 - 2018-03-05 20:56 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGA
2018-03-05 20:45 - 2018-03-05 20:45 - 000000000 ____D C:\Users\gaming\Documents\WitchFlame
2018-03-05 20:45 - 2018-03-05 20:45 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WitchFlame
2018-03-05 20:36 - 2018-03-05 20:36 - 000000712 _____ C:\Users\gaming\Desktop\僕らの世界に祝福を.lnk
2018-03-05 20:36 - 2018-03-05 20:36 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\かわうそソフト
2018-03-05 19:35 - 2018-03-05 19:35 - 000000000 ____D C:\Users\gaming\Documents\overdose
2018-03-05 19:35 - 2018-03-05 19:35 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\オーバードーズ
2018-03-05 19:34 - 2017-10-22 21:52 - 001065984 ____N (nobukichi) C:\Windows\eiunin22.exe
2018-03-05 06:58 - 2018-03-05 06:58 - 000000000 ____D C:\Users\gaming\AppData\Roaming\とるてそふと
2018-03-05 06:58 - 2018-03-05 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\とるてそふと
2018-03-03 15:19 - 2018-03-03 15:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\Disc_Soft_Ltd
2018-02-25 10:40 - 2018-02-25 10:40 - 000000000 ____D C:\Users\gaming\AppData\Roaming\すたじお緑茶
2018-02-25 10:40 - 2018-02-25 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\すたじお緑茶 夏彩恋唄
2018-02-24 00:49 - 2018-02-26 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARINE
2018-02-23 14:17 - 2018-02-23 14:17 - 000003010 _____ C:\Windows\System32\Tasks\{84612333-A3A4-4980-B555-BE5E36DE09E1}
2018-02-23 14:01 - 2018-02-23 14:23 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer 1024x768.lnk
2018-02-23 14:01 - 2018-02-23 14:01 - 000001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) 1024x768.lnk
2018-02-23 14:01 - 2018-02-23 14:01 - 000001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) Current Settings.lnk
2018-02-23 14:01 - 2018-02-23 14:01 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer Current Settings.lnk
2018-02-23 14:01 - 2018-02-23 14:01 - 000000000 ____D C:\Program Files (x86)\12noon Display Changer
2018-02-23 12:05 - 2018-02-23 12:05 - 000000000 ____D C:\Users\gaming\Documents\
2018-02-23 12:05 - 2018-02-23 12:05 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
2018-02-23 05:44 - 2018-03-05 20:42 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anim
2018-02-23 05:44 - 2018-03-05 20:42 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Anim
2018-02-23 05:17 - 2018-02-23 05:17 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Žo•ê–º‚ŃCƒNƒbI
2018-02-22 00:07 - 2018-02-22 00:07 - 000000000 ____D C:\ProgramData\LockHunter
2018-02-21 17:17 - 2018-02-21 17:17 - 000000000 ____D C:\Users\gaming\AppData\Roaming\LockHunter
2018-02-21 17:17 - 2018-02-21 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-02-21 17:17 - 2018-02-21 17:17 - 000000000 ____D C:\ProgramData\LHService
2018-02-21 17:17 - 2018-02-21 17:17 - 000000000 ____D C:\Program Files\LockHunter
2018-02-20 03:44 - 2018-02-20 03:44 - 000001045 _____ C:\Users\gaming\Desktop\ユーザー特典ページについて.lnk
2018-02-20 03:44 - 2018-02-20 03:44 - 000001045 _____ C:\Users\Administrator\Desktop\ユーザー特典ページについて.lnk
2018-02-20 03:44 - 2018-02-20 03:44 - 000001017 _____ C:\Users\Administrator\Desktop\ヤンデレなお姉ちゃんに愛し尽される監禁性活.lnk
2018-02-20 03:44 - 2018-02-20 03:44 - 000001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ヤンデレなお姉ちゃんに愛し尽される監禁性活.lnk
2018-02-20 03:34 - 2018-02-20 03:34 - 000000149 _____ C:\Windows\apt105.ini
2018-02-20 03:34 - 2018-02-20 03:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アパタイト
2018-02-20 03:21 - 2018-02-20 03:21 - 000000000 ____D C:\Users\gaming\AppData\Roaming\自宅すたじお
2018-02-20 03:04 - 2018-02-20 03:04 - 000000000 ____D C:\Users\gaming\Documents\SAGAPLANETS
2018-02-20 02:51 - 2018-02-20 02:51 - 000000000 ____D C:\Users\gaming\Documents\自宅すたじお
2018-02-20 02:35 - 2018-02-20 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\自宅すたじお
2018-02-20 02:18 - 2018-03-08 07:04 - 000000000 ____D C:\Users\gaming\AppData\Local\PlayDRM
2018-02-20 01:41 - 2018-03-09 18:18 - 000000000 ____D C:\Users\gaming\AppData\Roaming\qBittorrent
2018-02-20 01:41 - 2018-02-20 01:41 - 000000000 ____D C:\Users\gaming\AppData\Local\qBittorrent
2018-02-20 01:41 - 2018-02-20 01:41 - 000000000 ____D C:\Program Files (x86)\qBittorrent
2018-02-20 01:11 - 2018-02-20 01:11 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-20 01:11 - 2018-02-20 01:11 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-20 01:11 - 2018-02-20 01:11 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-20 01:11 - 2018-02-20 01:11 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-02-20 01:11 - 2018-02-20 01:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2018-02-20 01:11 - 2018-02-20 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-02-20 01:10 - 2018-02-20 01:20 - 000000000 ____D C:\Users\Administrator\Documents\Vuze Downloads
2018-02-20 01:10 - 2018-02-20 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus
2018-02-20 01:10 - 2018-02-20 01:10 - 000000000 ____D C:\Users\Administrator\.swt
2018-02-20 01:09 - 2018-02-20 01:09 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-20 01:08 - 2018-02-20 01:08 - 007236456 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_online_a2b.exe
2018-02-20 01:03 - 2018-02-20 01:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-02-20 00:59 - 2018-02-20 01:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\dtsvhmn
2018-02-20 00:59 - 2018-02-20 00:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\sbdglav
2018-02-20 00:57 - 2018-02-20 00:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-02-20 00:51 - 2018-03-06 19:36 - 000000000 ____D C:\Users\Administrator
2018-02-20 00:51 - 2018-03-03 15:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2018-02-20 00:51 - 2018-03-03 15:18 - 000058888 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-20 00:51 - 2018-02-22 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-20 00:51 - 2018-02-20 01:15 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-20 00:51 - 2018-02-20 00:51 - 000001373 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-20 00:51 - 2018-02-20 00:51 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-02-20 00:51 - 2018-02-20 00:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-02-20 00:51 - 2018-02-20 00:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-02-20 00:51 - 2018-02-20 00:51 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Google
2018-02-20 00:51 - 2018-02-20 00:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-02-20 00:51 - 2018-02-20 00:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-02-20 00:51 - 2017-12-21 02:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2018-02-20 00:51 - 2011-04-12 03:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2018-02-20 00:25 - 2018-02-20 00:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-20 00:08 - 2018-02-20 00:08 - 000000000 ____D C:\firefox
2018-02-20 00:08 - 2018-02-20 00:08 - 000000000 ____D C:\chrome
2018-02-19 23:32 - 2018-02-19 23:32 - 000000000 __SHD C:\AI_RecycleBin
2018-02-19 23:31 - 2018-02-23 05:23 - 000058888 _____ C:\Users\gaming\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-19 23:01 - 2018-02-19 23:01 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcb5db114cd946a9f.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\asw40d7831a7bb72f2b.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc6b7e4b0d4e639af.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw10c3ec879f01483e.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27e21181f75ea3d4.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\asw d54e96d6bcf2645.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7aed0091fbdc1884.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw43282d271d57b448.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw  c9e9836ba6925e.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa9a577d3ebf412ff.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfc9acf03b1a06226.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2b5056b27506c60.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9b8dd1be2d588699.tmp
2018-02-19 23:01 - 2018-02-19 23:01 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw78c6fb79eb273db6.tmp
2018-02-19 22:34 - 2018-02-19 22:34 - 000000000 ___HD C:\$AV_ASW
2018-02-19 22:12 - 2018-02-21 23:21 - 000000000 ____D C:\Users\gaming\AppData\Local\dscwmxu
2018-02-19 22:09 - 2018-03-09 18:34 - 000000000 ____D C:\Users\gaming\AppData\Local\lsigpmv
2018-02-19 22:09 - 2018-02-19 22:11 - 000000000 ____D C:\Users\gaming\AppData\Local\raipeoc
2018-02-19 22:08 - 2018-03-09 18:19 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\vdhtouzsvc.exe
2018-02-19 22:08 - 2018-02-19 22:34 - 000000000 ____D C:\Users\gaming\AppData\Local\uavc
2018-02-19 22:08 - 2018-02-19 22:08 - 000041984 _____ C:\Windows\gravy.exe
2018-02-19 22:07 - 2018-03-09 15:24 - 000000000 ___HD C:\Program Files (x86)\drainage
2018-02-19 22:07 - 2018-02-19 23:51 - 000000000 ____D C:\Program Files (x86)\beachy
2018-02-19 22:07 - 2018-02-19 22:07 - 000021532 _____ C:\Windows\System32\Tasks\T1wZyAKOjbea
2018-02-19 22:07 - 2018-02-19 22:07 - 000003848 _____ C:\Windows\System32\Tasks\puka edney mothballed
2018-02-19 22:07 - 2018-02-19 22:07 - 000003848 _____ C:\Windows\System32\Tasks\inlets countermove
2018-02-19 22:07 - 2018-02-19 22:07 - 000003820 _____ C:\Windows\System32\Tasks\shuffle_cobble
2018-02-19 22:07 - 2018-02-19 22:07 - 000003794 _____ C:\Windows\System32\Tasks\tane
2018-02-19 22:07 - 2018-02-19 22:07 - 000003788 _____ C:\Windows\System32\Tasks\ethnical
2018-02-19 22:07 - 2018-02-19 22:07 - 000003692 _____ C:\Windows\System32\Tasks\tsinlets countermoveinlets countermove
2018-02-19 22:07 - 2018-02-19 22:07 - 000003688 _____ C:\Windows\System32\Tasks\tspuka edney mothballedpuka edney mothballed
2018-02-19 22:07 - 2018-02-19 22:07 - 000003660 _____ C:\Windows\System32\Tasks\tsshuffle_cobbleshuffle_cobble
2018-02-19 22:07 - 2018-02-19 22:07 - 000003632 _____ C:\Windows\System32\Tasks\tstanetane
2018-02-19 22:07 - 2018-02-19 22:07 - 000003632 _____ C:\Windows\System32\Tasks\tsethnicalethnical
2018-02-19 22:07 - 2018-02-19 22:07 - 000000012 _____ C:\Windows\b22784555
2018-02-19 22:07 - 2018-02-19 22:07 - 000000000 ____D C:\Windows\SysWOW64\excvwip
2018-02-19 22:07 - 2018-02-19 22:07 - 000000000 ____D C:\Windows\system32\excvwip
2018-02-19 22:07 - 2018-02-19 22:07 - 000000000 ____D C:\Users\gaming\AppData\Roaming\et
2018-02-19 22:05 - 2018-02-19 22:05 - 001286144 _____ C:\Windows\3e1d79112fe0dc4c1581e29b7c41ed06.dll
2018-02-19 10:51 - 2018-02-19 10:51 - 000041210 _____ C:\Windows\uninstaller.dat
2018-02-16 19:15 - 2018-02-16 19:15 - 000000000 ____D C:\Users\gaming\Documents\Nexus Mod Manager
2018-02-16 19:15 - 2018-02-16 19:15 - 000000000 ____D C:\Users\gaming\AppData\Local\Black_Tree_Gaming
2018-02-16 19:15 - 2018-02-16 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-02-16 19:03 - 2018-02-16 19:03 - 000001583 _____ C:\Users\gaming\Desktop\Play Fallout 4.lnk
2018-02-16 03:22 - 2018-02-16 03:22 - 000000000 ____D C:\Users\gaming\Documents\美少女万華鏡_罪と罰の少女
2018-02-16 01:37 - 2018-02-16 01:37 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美少女万華鏡 罪と罰の少女
2018-02-16 01:34 - 2018-02-16 01:34 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ƒ€[ƒ“ƒXƒg[ƒ“
2018-02-16 01:18 - 2018-02-16 19:03 - 000000814 _____ C:\Users\gaming\Desktop\visit www.nosteam.ro.lnk
2018-02-16 01:18 - 2018-02-16 01:18 - 000000839 _____ C:\Users\gaming\Desktop\Play Far Cry Primal.lnk
2018-02-16 01:15 - 2018-02-16 01:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-02-16 00:51 - 2018-02-16 00:51 - 000000000 ____D C:\Users\gaming\AppData\Local\KADOKAWA
2018-02-16 00:48 - 2018-02-16 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-02-15 20:36 - 2018-02-15 20:36 - 000000000 ____D C:\Users\gaming\AppData\Local\Skyrim Special Edition
2018-02-15 20:22 - 2018-02-15 20:22 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-02-15 20:22 - 2018-02-15 20:22 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-02-15 20:22 - 2018-02-15 20:22 - 000000000 ____D C:\Users\gaming\AppData\Local\Disc_Soft_Ltd
2018-02-15 20:21 - 2018-03-09 17:55 - 000000000 ____D C:\Users\gaming\AppData\Roaming\DAEMON Tools Lite
2018-02-15 20:21 - 2018-03-06 19:36 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-02-15 20:21 - 2018-02-15 20:21 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-02-15 20:21 - 2018-02-15 20:21 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-02-15 20:18 - 2018-02-15 20:42 - 000000000 ____D C:\Users\gaming\Documents\World Map
2018-02-15 20:15 - 2018-02-15 20:43 - 000000000 ____D C:\Users\gaming\Documents\Unofficial Skyrim Legendary Edition Patch
2018-02-15 20:10 - 2018-02-15 20:41 - 000000000 ____D C:\Users\gaming\Documents\SkyUI
2018-02-11 04:42 - 2018-02-11 04:42 - 000000000 ____D C:\Users\gaming\AppData\Local\NVIDIA
2018-02-07 01:44 - 2018-02-07 01:44 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-02-07 01:44 - 2018-02-07 01:44 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Sun
2018-02-07 01:44 - 2018-02-07 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-07 01:43 - 2018-02-07 01:43 - 000000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 18:37 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\HARDWARE
2018-03-09 18:25 - 2018-02-04 17:09 - 000000000 ____D C:\Users\gaming\AppData\LocalLow\Mozilla
2018-03-09 18:25 - 2009-07-14 00:13 - 000006166 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-09 16:51 - 2009-07-13 23:45 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-09 16:51 - 2009-07-13 23:45 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-09 16:43 - 2018-01-17 09:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 16:43 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-09 15:19 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-09 15:16 - 2018-01-09 22:47 - 000000000 ____D C:\Users\gaming\AppData\Local\CrashDumps
2018-03-09 15:16 - 2017-12-24 10:28 - 000000000 ____D C:\Windows\Minidump
2018-03-09 00:51 - 2017-12-15 17:19 - 000000000 ____D C:\Users\gaming\AppData\Roaming\vlc
2018-03-08 15:23 - 2017-12-31 19:55 - 000000000 ____D C:\Program Files (x86)\WinTV
2018-03-08 15:23 - 2017-12-25 04:25 - 000000000 ____D C:\ProgramData\Hauppauge
2018-03-08 15:23 - 2017-12-25 04:08 - 000000000 ____D C:\Users\Public\WinTV
2018-03-06 19:36 - 2017-12-29 15:56 - 000000000 ____D C:\ProgramData\FLEXnet
2018-03-06 19:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-03-06 16:43 - 2017-12-14 22:32 - 000000000 ____D C:\Users\gaming
2018-03-02 18:14 - 2017-12-16 09:34 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-02 18:14 - 2017-12-16 09:34 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-23 05:23 - 2009-07-13 23:45 - 002194832 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-22 17:00 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-02-21 00:58 - 2009-07-14 00:08 - 000032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-20 03:13 - 2018-01-24 21:28 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Azureus
2018-02-20 00:51 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-02-19 23:05 - 2017-12-15 17:11 - 000001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-18 19:12 - 2017-12-25 04:26 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-18 18:34 - 2017-12-25 04:26 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-18 18:34 - 2017-12-16 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-18 18:34 - 2017-12-16 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-18 18:34 - 2017-12-15 11:12 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{60778B08-7A8A-4D85-ABA3-3B9476679DA6}
2018-02-18 05:47 - 2018-01-31 19:23 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-02-17 23:34 - 2018-01-25 15:56 - 000000024 _____ C:\Users\gaming\random.dat
2018-02-17 23:00 - 2018-01-25 15:57 - 000000045 _____ C:\Users\gaming\jagex_cl_oldschool_LIVE.dat
2018-02-17 23:00 - 2018-01-25 15:57 - 000000000 ____D C:\Users\gaming\.jagex_cache_32
2018-02-17 23:00 - 2018-01-25 15:56 - 000000011 _____ C:\Users\gaming\jagexappletviewer.preferences
2018-02-17 22:59 - 2018-01-25 15:56 - 000000045 _____ C:\Users\gaming\jagex_cl_runescape_LIVE.dat
2018-02-17 22:59 - 2018-01-25 15:56 - 000000000 ____D C:\Users\gaming\AppData\Roaming\RSBot
2018-02-16 21:28 - 2018-02-01 18:35 - 000000000 ____D C:\Games
2018-02-16 19:16 - 2018-02-01 03:22 - 000000000 ____D C:\Users\gaming\AppData\Local\Fallout4
2018-02-16 18:32 - 2017-12-31 19:50 - 000000000 ____D C:\Program Files\7-Zip
2018-02-16 00:48 - 2018-01-25 01:25 - 000000000 ____D C:\ProgramData\WinZip
2018-02-15 20:36 - 2017-12-21 03:22 - 000000000 ____D C:\Users\gaming\Documents\My Games
2018-02-15 20:00 - 2017-12-25 04:26 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-13 14:50 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-02-13 14:49 - 2018-02-04 17:12 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-13 14:49 - 2018-01-25 15:56 - 000000000 ____D C:\Users\gaming\jagexcache
2018-02-09 19:24 - 2018-02-04 17:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-09 19:24 - 2018-02-04 17:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-07 01:44 - 2018-01-24 21:28 - 000000000 ____D C:\ProgramData\Oracle

Some files in TEMP:
====================
2018-03-08 15:22 - 2010-03-09 20:02 - 000186464 _____ (Symantec, Inc.) C:\Users\gaming\AppData\Local\Temp\GLB1A2B.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\vssptwzc.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-02-27 01:19

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 07:26 PM

Hi drbulbasaur :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 07:57 PM

So for starters I just want to say that the log in my original message actually displays the virus and its location under the processes section. You and I differ on our position on some things but I intend to follow your instructions as best as I can. Here is the log you asked for:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by gaming (09-03-2018 19:55:39) Run:1
Running from C:\Users\gaming\Downloads
Loaded Profiles: gaming (Available Profiles: gaming & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 19:55:39 ====



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 08:10 PM

Don't worry, we'll get rid of that infection (which is SmartService) pretty easily :)

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 08:51 PM

Sorry to post before I give you the logs but once the log file is saved to the flashdrive can I boot up normally or do I need to use the second computer for posting the logs?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 09:00 PM

You can boot up normally, and post the logs from your computer, yes.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 09:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by SYSTEM on MININT-TC41BVA (09-03-2018 21:07:59)
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [crusty] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKLM\...\Run: [FLxHCIm] => "C:\Windows\system32\FLxHCIm.exe" i********************************************************************************************************************************************************************* (the data entry has 59 more characters).
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-06] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [antimissile] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\gaming\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\gaming\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-02-12] (Disc Soft Ltd)
HKU\gaming\...\Run: [les] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\gaming\...\Run: [summarised] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\gaming\...\Run: [qualifies] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
Startup: C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fumbled.lnk [2018-02-19]
ShortcutTarget: fumbled.lnk -> C:\Program Files (x86)\Quadriplegic\copulate.exe (No File)
Startup: C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fumbledfumbled.lnk [2018-02-19]
ShortcutTarget: fumbledfumbled.lnk -> C:\Program Files (x86)\beachy\glycolic.exe (No File)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\illlpp" => removed successfully
"HKLM\System\ControlSet001\Services\zhdrg" => removed successfully
C:\Windows\System32\drivers\vssgknqt.sys => moved successfully
C:\Users\Administrator\AppData\Local\dtsvhmn\exnuztl.exe => moved successfully
S2 ASUSSwitchUSB; C:\ProgramData\ASUS Driver\USB-AC55 WLAN Card Utilities\U2U3Switch\ASUSSwitchUSB.exe [190704 2015-05-14] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-02-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2018-01-17] (EasyAntiCheat Ltd)
S2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-06] (Google Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-02-15] (Disc Soft Ltd)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
S1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-07] (COMODO)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-09] (Malwarebytes)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2238136 2015-07-20] (MediaTek Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 16:55 - 2018-03-09 16:55 - 000000785 _____ C:\Users\gaming\Downloads\Fixlog.txt
2018-03-09 15:37 - 2018-03-09 15:37 - 000042479 _____ C:\Users\gaming\Downloads\FRST.txt
2018-03-09 15:37 - 2018-03-09 15:37 - 000031161 _____ C:\Users\gaming\Downloads\Addition.txt
2018-03-09 15:36 - 2018-03-09 21:07 - 000000000 ____D C:\FRST
2018-03-09 15:35 - 2018-03-09 15:35 - 002403328 _____ (Farbar) C:\Users\gaming\Downloads\FRST64.exe
2018-03-09 15:19 - 2018-03-09 15:19 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer(1).exe
2018-03-09 15:19 - 2018-03-09 15:19 - 000116682 _____ C:\Windows\ntbtlog.txt
2018-03-09 14:08 - 2018-03-09 14:08 - 006968952 _____ (ESET spol. s r.o.) C:\Users\gaming\Downloads\esetonlinescanner_enu.exe
2018-03-09 13:45 - 2018-03-09 13:45 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer.exe
2018-03-09 12:27 - 2018-03-09 12:29 - 000000000 ____D C:\AdwCleaner
2018-03-09 12:27 - 2018-03-09 12:27 - 008222496 _____ (Malwarebytes) C:\Users\gaming\Downloads\AdwCleaner.exe
2018-03-09 12:26 - 2018-03-09 12:26 - 000003562 _____ C:\Users\gaming\Documents\MalwarebytesExportSummary.txt
2018-03-09 12:19 - 2018-03-09 15:19 - 000253664 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-03-09 12:19 - 2018-03-09 12:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-09 12:19 - 2018-01-18 05:03 - 000076200 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-09 12:15 - 2018-03-09 12:16 - 068724528 _____ (Malwarebytes ) C:\Users\gaming\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe
2018-03-08 20:14 - 2018-03-08 20:15 - 000023908 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.14.53_log.txt
2018-03-08 20:09 - 2018-03-08 20:09 - 000000468 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.09.06_log.txt
2018-03-08 19:09 - 2018-03-08 19:10 - 000000000 ____D C:\Users\gaming\Documents\faterealtanua_savedata
2018-03-08 14:25 - 2018-03-08 14:25 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2018-03-08 02:47 - 2018-03-08 02:47 - 000000867 _____ C:\Users\gaming\Desktop\田舎の無知なむちむち娘.lnk
2018-03-08 02:47 - 2018-03-08 02:47 - 000000867 _____ C:\Users\Administrator\Desktop\田舎の無知なむちむち娘.lnk
2018-03-08 02:47 - 2018-03-08 02:47 - 000000000 ____D C:\Users\gaming\Documents\クレージュ
2018-03-07 22:50 - 2018-03-08 22:43 - 000000000 ____D C:\Users\gaming\Documents\cattleya
2018-03-05 18:00 - 2018-03-05 18:00 - 000000000 ____D C:\Users\gaming\Documents\GIGA
2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\Users\gaming\Documents\SETTEC
2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\ProgramData\ASign
2018-03-05 17:45 - 2018-03-05 17:45 - 000000000 ____D C:\Users\gaming\Documents\WitchFlame
2018-03-05 17:36 - 2018-03-05 17:36 - 000000712 _____ C:\Users\gaming\Desktop\僕らの世界に祝福を.lnk
2018-03-05 16:35 - 2018-03-05 16:35 - 000000000 ____D C:\Users\gaming\Documents\overdose
2018-03-05 16:34 - 2017-10-22 18:52 - 001065984 ____N (nobukichi) C:\Windows\eiunin22.exe
2018-03-05 03:58 - 2018-03-05 03:58 - 000000000 ____D C:\Users\gaming\AppData\Roaming\とるてそふと
2018-03-03 12:19 - 2018-03-03 12:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\Disc_Soft_Ltd
2018-02-25 07:40 - 2018-02-25 07:40 - 000000000 ____D C:\Users\gaming\AppData\Roaming\すたじお緑茶
2018-02-23 11:17 - 2018-02-23 11:17 - 000003010 _____ C:\Windows\System32\Tasks\{84612333-A3A4-4980-B555-BE5E36DE09E1}
2018-02-23 11:01 - 2018-02-23 11:01 - 000000000 ____D C:\Program Files (x86)\12noon Display Changer
2018-02-23 09:05 - 2018-02-23 09:05 - 000000000 ____D C:\Users\gaming\Documents\D:drive.
2018-02-23 02:44 - 2018-03-05 17:42 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Anim
2018-02-21 21:07 - 2018-02-21 21:07 - 000000000 ____D C:\ProgramData\LockHunter
2018-02-21 14:17 - 2018-02-21 14:17 - 000000000 ____D C:\Users\gaming\AppData\Roaming\LockHunter
2018-02-21 14:17 - 2018-02-21 14:17 - 000000000 ____D C:\ProgramData\LHService
2018-02-21 14:17 - 2018-02-21 14:17 - 000000000 ____D C:\Program Files\LockHunter
2018-02-20 00:44 - 2018-02-20 00:44 - 000001045 _____ C:\Users\gaming\Desktop\ユーザー特典ページについて.lnk
2018-02-20 00:44 - 2018-02-20 00:44 - 000001045 _____ C:\Users\Administrator\Desktop\ユーザー特典ページについて.lnk
2018-02-20 00:44 - 2018-02-20 00:44 - 000001017 _____ C:\Users\Administrator\Desktop\ヤンデレなお姉ちゃんに愛し尽される監禁性活.lnk
2018-02-20 00:34 - 2018-02-20 00:34 - 000000149 _____ C:\Windows\apt105.ini
2018-02-20 00:21 - 2018-02-20 00:21 - 000000000 ____D C:\Users\gaming\AppData\Roaming\自宅すたじお
2018-02-20 00:04 - 2018-02-20 00:04 - 000000000 ____D C:\Users\gaming\Documents\SAGAPLANETS
2018-02-19 23:51 - 2018-02-19 23:51 - 000000000 ____D C:\Users\gaming\Documents\自宅すたじお
2018-02-19 22:41 - 2018-03-09 15:18 - 000000000 ____D C:\Users\gaming\AppData\Roaming\qBittorrent
2018-02-19 22:41 - 2018-02-19 22:41 - 000000000 ____D C:\Program Files (x86)\qBittorrent
2018-02-19 22:11 - 2018-02-19 22:11 - 001026696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000459952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000379448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000205464 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000192944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000190440 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000110328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000084368 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000046968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-02-19 22:11 - 2018-02-19 22:11 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-19 22:11 - 2018-02-19 22:11 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-19 22:11 - 2018-02-19 22:11 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-02-19 22:11 - 2018-02-19 22:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2018-02-19 22:10 - 2018-02-19 22:20 - 000000000 ____D C:\Users\Administrator\Documents\Vuze Downloads
2018-02-19 22:10 - 2018-02-19 22:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus
2018-02-19 22:10 - 2018-02-19 22:10 - 000000000 ____D C:\Users\Administrator\.swt
2018-02-19 22:09 - 2018-02-19 22:09 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-19 22:08 - 2018-02-19 22:08 - 007236456 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_online_a2b.exe
2018-02-19 22:03 - 2018-02-19 22:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-02-19 21:59 - 2018-03-09 21:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\dtsvhmn
2018-02-19 21:59 - 2018-02-19 21:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\sbdglav
2018-02-19 21:57 - 2018-02-19 21:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-02-19 21:51 - 2018-03-06 16:36 - 000000000 ____D C:\users\Administrator
2018-02-19 21:51 - 2018-03-03 12:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2018-02-19 21:51 - 2018-03-03 12:18 - 000058888 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-19 21:51 - 2018-02-22 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-19 21:51 - 2018-02-19 22:15 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-19 21:51 - 2018-02-19 21:51 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-02-19 21:51 - 2018-02-19 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-02-19 21:51 - 2018-02-19 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-02-19 21:51 - 2018-02-19 21:51 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Google
2018-02-19 21:51 - 2018-02-19 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-02-19 21:51 - 2018-02-19 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-02-19 21:51 - 2017-12-20 23:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2018-02-19 21:51 - 2011-04-12 00:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2018-02-19 21:25 - 2018-02-19 21:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-19 21:08 - 2018-02-19 21:08 - 000000000 ____D C:\firefox
2018-02-19 21:08 - 2018-02-19 21:08 - 000000000 ____D C:\chrome
2018-02-19 20:32 - 2018-02-19 20:32 - 000000000 __SHD C:\AI_RecycleBin
2018-02-19 20:01 - 2018-02-19 20:01 - 001026696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswcb5db114cd946a9f.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000459952 _____ (AVAST Software) C:\Windows\System32\Drivers\asw40d7831a7bb72f2b.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000379448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc6b7e4b0d4e639af.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\asw10c3ec879f01483e.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\asw27e21181f75ea3d4.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000205464 _____ (AVAST Software) C:\Windows\System32\Drivers\asw d54e96d6bcf2645.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\asw7aed0091fbdc1884.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000192944 _____ (AVAST Software) C:\Windows\System32\Drivers\asw43282d271d57b448.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000190440 _____ (AVAST Software) C:\Windows\System32\Drivers\asw  c9e9836ba6925e.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswa9a577d3ebf412ff.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000110328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswfc9acf03b1a06226.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000084368 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc2b5056b27506c60.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9b8dd1be2d588699.tmp
2018-02-19 20:01 - 2018-02-19 20:01 - 000046968 _____ (AVAST Software) C:\Windows\System32\Drivers\asw78c6fb79eb273db6.tmp
2018-02-19 19:34 - 2018-02-19 19:34 - 000000000 ___HD C:\$AV_ASW
2018-02-19 19:08 - 2018-03-09 17:41 - 002888704 _____ C:\Windows\System32\vdhtouzsvc.exe
2018-02-19 19:08 - 2018-02-19 19:08 - 000041984 _____ C:\Windows\gravy.exe
2018-02-19 19:07 - 2018-03-09 12:24 - 000000000 ___HD C:\Program Files (x86)\drainage
2018-02-19 19:07 - 2018-02-19 20:51 - 000000000 ____D C:\Program Files (x86)\beachy
2018-02-19 19:07 - 2018-02-19 19:07 - 000021532 _____ C:\Windows\System32\Tasks\T1wZyAKOjbea
2018-02-19 19:07 - 2018-02-19 19:07 - 000003848 _____ C:\Windows\System32\Tasks\puka edney mothballed
2018-02-19 19:07 - 2018-02-19 19:07 - 000003848 _____ C:\Windows\System32\Tasks\inlets countermove
2018-02-19 19:07 - 2018-02-19 19:07 - 000003820 _____ C:\Windows\System32\Tasks\shuffle_cobble
2018-02-19 19:07 - 2018-02-19 19:07 - 000003794 _____ C:\Windows\System32\Tasks\tane
2018-02-19 19:07 - 2018-02-19 19:07 - 000003788 _____ C:\Windows\System32\Tasks\ethnical
2018-02-19 19:07 - 2018-02-19 19:07 - 000003692 _____ C:\Windows\System32\Tasks\tsinlets countermoveinlets countermove
2018-02-19 19:07 - 2018-02-19 19:07 - 000003688 _____ C:\Windows\System32\Tasks\tspuka edney mothballedpuka edney mothballed
2018-02-19 19:07 - 2018-02-19 19:07 - 000003660 _____ C:\Windows\System32\Tasks\tsshuffle_cobbleshuffle_cobble
2018-02-19 19:07 - 2018-02-19 19:07 - 000003632 _____ C:\Windows\System32\Tasks\tstanetane
2018-02-19 19:07 - 2018-02-19 19:07 - 000003632 _____ C:\Windows\System32\Tasks\tsethnicalethnical
2018-02-19 19:07 - 2018-02-19 19:07 - 000000012 _____ C:\Windows\b22784555
2018-02-19 19:07 - 2018-02-19 19:07 - 000000000 ____D C:\Windows\SysWOW64\excvwip
2018-02-19 19:07 - 2018-02-19 19:07 - 000000000 ____D C:\Windows\System32\excvwip
2018-02-19 19:07 - 2018-02-19 19:07 - 000000000 ____D C:\Users\gaming\AppData\Roaming\et
2018-02-19 19:05 - 2018-02-19 19:05 - 001286144 _____ C:\Windows\3e1d79112fe0dc4c1581e29b7c41ed06.dll
2018-02-19 07:51 - 2018-02-19 07:51 - 000041210 _____ C:\Windows\uninstaller.dat
2018-02-16 16:15 - 2018-02-16 16:15 - 000000000 ____D C:\Users\gaming\Documents\Nexus Mod Manager
2018-02-16 16:03 - 2018-02-16 16:03 - 000001583 _____ C:\Users\gaming\Desktop\Play Fallout 4.lnk
2018-02-16 00:22 - 2018-02-16 00:22 - 000000000 ____D C:\Users\gaming\Documents\美少女万華鏡_罪と罰の少女
2018-02-15 22:18 - 2018-02-16 16:03 - 000000814 _____ C:\Users\gaming\Desktop\visit www.nosteam.ro.lnk
2018-02-15 22:18 - 2018-02-15 22:18 - 000000839 _____ C:\Users\gaming\Desktop\Play Far Cry Primal.lnk
2018-02-15 22:15 - 2018-02-15 22:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-02-15 17:22 - 2018-02-15 17:22 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-02-15 17:22 - 2018-02-15 17:22 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-02-15 17:21 - 2018-03-09 14:55 - 000000000 ____D C:\Users\gaming\AppData\Roaming\DAEMON Tools Lite
2018-02-15 17:21 - 2018-03-06 16:36 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-02-15 17:21 - 2018-02-15 17:21 - 000047672 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtliteusbbus.sys
2018-02-15 17:21 - 2018-02-15 17:21 - 000030264 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtlitescsibus.sys
2018-02-15 17:18 - 2018-02-15 17:42 - 000000000 ____D C:\Users\gaming\Documents\World Map
2018-02-15 17:15 - 2018-02-15 17:43 - 000000000 ____D C:\Users\gaming\Documents\Unofficial Skyrim Legendary Edition Patch
2018-02-15 17:10 - 2018-02-15 17:41 - 000000000 ____D C:\Users\gaming\Documents\SkyUI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 18:01 - 2009-07-13 18:34 - 020185088 _____ C:\Windows\System32\config\HARDWARE
2018-03-09 18:00 - 2018-02-04 14:09 - 000000000 ____D C:\Users\gaming\AppData\LocalLow\Mozilla
2018-03-09 17:49 - 2009-07-13 20:45 - 000021584 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-09 17:49 - 2009-07-13 20:45 - 000021584 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-09 17:48 - 2009-07-13 21:13 - 000006166 _____ C:\Windows\System32\PerfStringBackup.INI
2018-03-09 17:41 - 2018-01-17 06:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-09 17:41 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-09 12:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-03-09 12:16 - 2017-12-24 07:28 - 000000000 ____D C:\Windows\Minidump
2018-03-08 21:51 - 2017-12-15 14:19 - 000000000 ____D C:\Users\gaming\AppData\Roaming\vlc
2018-03-08 12:23 - 2017-12-31 16:55 - 000000000 ____D C:\Program Files (x86)\WinTV
2018-03-08 12:23 - 2017-12-25 01:25 - 000000000 ____D C:\ProgramData\Hauppauge
2018-03-08 12:23 - 2017-12-25 01:08 - 000000000 ____D C:\Users\Public\WinTV
2018-03-06 16:36 - 2017-12-29 12:56 - 000000000 ____D C:\ProgramData\FLEXnet
2018-03-06 16:36 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2018-03-06 13:43 - 2017-12-14 19:32 - 000000000 ____D C:\users\gaming
2018-03-02 15:14 - 2017-12-16 06:34 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-23 02:23 - 2009-07-13 20:45 - 002194832 _____ C:\Windows\System32\FNTCACHE.DAT
2018-02-22 14:00 - 2009-07-13 19:20 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-02-20 21:58 - 2009-07-13 21:08 - 000032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-20 00:13 - 2018-01-24 18:28 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Azureus
2018-02-19 20:05 - 2017-12-15 14:11 - 000001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-18 16:12 - 2017-12-25 01:26 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-18 15:34 - 2017-12-25 01:26 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-18 15:34 - 2017-12-16 06:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-18 15:34 - 2017-12-16 06:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-18 15:34 - 2017-12-15 08:12 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{60778B08-7A8A-4D85-ABA3-3B9476679DA6}
2018-02-18 02:47 - 2018-01-31 16:23 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-02-17 20:34 - 2018-01-25 12:56 - 000000024 _____ C:\Users\gaming\random.dat
2018-02-17 20:00 - 2018-01-25 12:57 - 000000045 _____ C:\Users\gaming\jagex_cl_oldschool_LIVE.dat
2018-02-17 20:00 - 2018-01-25 12:57 - 000000000 ____D C:\Users\gaming\.jagex_cache_32
2018-02-17 20:00 - 2018-01-25 12:56 - 000000011 _____ C:\Users\gaming\jagexappletviewer.preferences
2018-02-17 19:59 - 2018-01-25 12:56 - 000000045 _____ C:\Users\gaming\jagex_cl_runescape_LIVE.dat
2018-02-17 19:59 - 2018-01-25 12:56 - 000000000 ____D C:\Users\gaming\AppData\Roaming\RSBot
2018-02-16 18:28 - 2018-02-01 15:35 - 000000000 ____D C:\Games
2018-02-16 15:32 - 2017-12-31 16:50 - 000000000 ____D C:\Program Files\7-Zip
2018-02-15 21:48 - 2018-01-24 22:25 - 000000000 ____D C:\ProgramData\WinZip
2018-02-15 17:36 - 2017-12-21 00:22 - 000000000 ____D C:\Users\gaming\Documents\My Games
2018-02-15 17:00 - 2017-12-25 01:26 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-13 11:49 - 2018-02-04 14:12 - 000000000 ____D C:\Windows\System32\appmgmt
2018-02-13 11:49 - 2018-01-25 12:56 - 000000000 ____D C:\Users\gaming\jagexcache
2018-02-09 16:24 - 2018-02-04 14:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-09 16:24 - 2018-02-04 14:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16332.24 MB
Available physical RAM: 15176.7 MB
Total Virtual: 16330.44 MB
Available Virtual: 15156.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:6.45 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:930.57 GB) (Free:565.06 GB) NTFS
Drive g: () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
Drive h: () (Removable) (Total:0.99 GB) (Free:0.99 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 03C78DD1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F83DBA8F)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 MB) - (Type=27)

========================================================
Disk: 2 (Size: 1016.6 MB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

LastRegBack: 2018-03-09 16:07

==================== End of FRST.txt ============================



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 11:22 PM

Nice! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 09 March 2018 - 11:53 PM

Holy bleep! I don't know what magic trick you just used but the file is now accessible to me and it seems malwarebytes some programs within. Since the file (LSIGPMV, as listed below) is accessible now, should I go ahead and delete it? I'll wait for your call before doing anything but here is the log:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/9/18
Scan Time: 11:39 PM
Log File: 153c9161-241d-11e8-bdf2-94de80a42866.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4282
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gaming-PC\gaming

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267367
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 0 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Trojan.Yelloader, C:\USERS\GAMING\APPDATA\LOCAL\LSIGPMV\LSIGPMV.EXE, Quarantined, [1327], [472031],1.0.4282
Trojan.Yelloader, C:\USERS\GAMING\APPDATA\LOCAL\LSIGPMV\ZAHUNKG.EXE, Quarantined, [1327], [472030],1.0.4282

Physical Sector: 0
(No malicious items detected)


(end)



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 10 March 2018 - 10:25 AM

Don't delete anything yet. We'll delete all these files soon using FRST. Most of them are remnants and harmless now, as the infection was mostly removed by FRST in the Windows RE. Now, let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 10 March 2018 - 06:14 PM

Okay so let me just start by saying adwcleaner found nothing and displayed the pop-up stating it found zero items. Don't think I need to show you the scan but every category said no items found in the log. Roguekiller didn't work for me though. It got hung up in the middle of the scan. It wasn't frozen nor was my pc frozen, it just wasn't making any progress in the scan whatsoever. That's the gist of what happened. If you want some more detail you can read below but it might be a waste of time:

 

Here's where the problems start *sigh*. Roguekiller was pretty intensive on my system which is no problem cause I have great specs but for some reason it was doing a few things: a.) it would randomly go into "Roguekiller is not responding" and then come back, scan for a bit, and repeat. b.) at around 55% finished it just hung there on a random program I know for a fact isn't malicious (for the record it's an offline dictionary) and so I gave it some time to correct itself but after 1 hour it didn't move still so I had no choice but to force end the process. When I did I also restarted my computer. When it came back up, my internet wasn't working. I think (not sure) interrupting the scan messed with my internet drivers. What I ended up doing is disabling some internet related things in control panel and when I re-enabled them it finally let me get online again. So here I am now first time online today.

 

One possibility I thought of is the virus is interfering with the scan. This may not be true but the reason I think so is the scan detected a file I know to be malicious and while it was a completely different (and once again, not malicious) program that it got hung up on, I still think it's possible that when the scan detected the infected file (glycolic.exe) the virus interfered with the scan.

I tried running Roguekiller a second time and it did the exact same thing and got hung up at a very similar point in its progress (around 55%) but this time it got hung up on a different program.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 10 March 2018 - 11:24 PM

In that case, let's manually remove what's left of the infection. Run a new scan with FRST and provide me a fresh set of logs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 drbulbasaur

drbulbasaur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 11 March 2018 - 05:12 PM

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\ProgramData\ASUS Driver\USB-AC55 WLAN Card Utilities\U2U3Switch\ASUSSwitchUSB.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [antimissile] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-02-12] (Disc Soft Ltd)
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [les] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [summarised] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\Run: [qualifies] => "C:\Program Files (x86)\Quadriplegic\copulate.exe"
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {16fda12a-235c-11e8-9134-94de80a42866} - L:\SETUP.EXE
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {747608f0-129f-11e8-85f4-94de80a42866} - H:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {dacb508a-12d8-11e8-aba4-94de80a42866} - G:\setup.exe
HKU\S-1-5-21-3596115833-2875699167-2178896526-1000\...\MountPoints2: {dacb50b0-12d8-11e8-aba4-94de80a42866} - H:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{475F4FA4-8B11-4CE8-9FD9-AEFFED5C0E0E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{475F4FA4-8B11-4CE8-9FD9-AEFFED5C0E0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{708E22C6-C5C3-488C-8828-55FE59DC93EB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{708E22C6-C5C3-488C-8828-55FE59DC93EB}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: ebr1mdd8.default
FF ProfilePath: C:\Users\gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ebr1mdd8.default [2018-03-11]
FF Session Restore: Mozilla\Firefox\Profiles\ebr1mdd8.default -> is enabled.
FF Extension: (Avast Online Security) - C:\Users\gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ebr1mdd8.default\Extensions\wrc@avast.com.xpi [2018-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{20F5333B-4F30-482f-9A53-E5E963B5D9C5}] - C:\Program Files (x86)\YTD\YTD\YTDE_FF.xpi
FF Extension: (YTD Extension) - C:\Program Files (x86)\YTD\YTD\YTDE_FF.xpi [2016-07-09] [Legacy]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-02-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_55.0.2883.59_u_hp_sp","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_57.0.2987.92_u_hp_sp","hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_33090001006_57.0.2987.93_u_hp_sp"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default [2018-03-11]
CHR Extension: (Slides) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-16]
CHR Extension: (Docs) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-16]
CHR Extension: (Google Drive) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-16]
CHR Extension: (AdGuard AdBlocker) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-03-08]
CHR Extension: (YouTube) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-16]
CHR Extension: (uBlock Origin) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-12]
CHR Extension: (Video Downloader professional) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-12-17]
CHR Extension: (Sheets) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-16]
CHR Extension: (Popup Blocker Pro) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-16]
CHR Extension: (Gmail) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-08]
CHR Profile: C:\Users\gaming\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-03-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUSSwitchUSB; C:\ProgramData\ASUS Driver\USB-AC55 WLAN Card Utilities\U2U3Switch\ASUSSwitchUSB.exe [190704 2015-05-14] ()
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-02-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2018-01-17] (EasyAntiCheat Ltd)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-12-29] (Macrovision Europe Ltd.) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2017-09-01] (Advanced Micro Devices) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-02-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-02-15] (Disc Soft Ltd)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-07] (COMODO)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-11] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2238136 2015-07-20] (MediaTek Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-10] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 18:08 - 2018-03-11 18:08 - 000000000 ____D C:\Users\gaming\Downloads\FRST-OlderVersion
2018-03-11 16:11 - 2018-03-11 18:05 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-10 21:28 - 2018-03-10 21:28 - 000000000 ____D C:\Windows\pss
2018-03-10 18:56 - 2018-03-10 18:56 - 000000000 ____D C:\Users\gaming\AppData\Local\ElevatedDiagnostics
2018-03-10 13:59 - 2018-03-10 17:24 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-10 13:57 - 2018-03-10 13:57 - 026963528 _____ (Adlice Software) C:\Users\gaming\Desktop\RogueKiller_portable64.exe
2018-03-10 13:57 - 2018-03-10 13:57 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-10 04:55 - 2018-03-10 04:55 - 000000775 _____ C:\Users\Administrator\Desktop\お姉さまは保健医.lnk
2018-03-10 04:55 - 2018-03-10 04:55 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ARMADILLO
2018-03-10 04:55 - 2018-03-10 04:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMADILLO
2018-03-10 04:52 - 2018-03-10 04:52 - 000000063 _____ C:\Windows\IngokuJyogakuen.ini
2018-03-10 04:52 - 2018-03-10 04:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アンダームーン
2018-03-10 04:50 - 2018-03-10 04:50 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LUNETB
2018-03-10 04:50 - 2018-03-10 04:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LUNETB
2018-03-10 04:49 - 2018-03-10 04:49 - 000000000 ____D C:\Users\gaming\AppData\Roaming\dvdcss
2018-03-10 01:32 - 2018-03-10 01:32 - 000000000 ____D C:\Users\gaming\.ebcashe
2018-03-10 01:16 - 2018-03-11 02:55 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Anki2
2018-03-10 01:15 - 2018-03-10 01:15 - 029639961 _____ C:\Users\gaming\Downloads\anki-2.0.50.exe
2018-03-10 01:15 - 2018-03-10 01:15 - 000000429 _____ C:\Users\Public\Desktop\Anki.lnk
2018-03-10 01:15 - 2018-03-10 01:15 - 000000429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2018-03-09 20:55 - 2018-03-09 20:55 - 000000785 _____ C:\Users\gaming\Downloads\Fixlog.txt
2018-03-09 19:37 - 2018-03-11 18:08 - 000015577 _____ C:\Users\gaming\Downloads\FRST.txt
2018-03-09 19:37 - 2018-03-09 19:37 - 000031161 _____ C:\Users\gaming\Downloads\Addition.txt
2018-03-09 19:36 - 2018-03-11 18:08 - 000000000 ____D C:\FRST
2018-03-09 19:35 - 2018-03-11 18:08 - 002402816 _____ (Farbar) C:\Users\gaming\Downloads\FRST64.exe
2018-03-09 19:19 - 2018-03-09 19:19 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer(1).exe
2018-03-09 19:19 - 2018-03-09 19:19 - 000116682 _____ C:\Windows\ntbtlog.txt
2018-03-09 19:14 - 2018-03-10 02:57 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
2018-03-09 18:08 - 2018-03-09 18:08 - 006968952 _____ (ESET spol. s r.o.) C:\Users\gaming\Downloads\esetonlinescanner_enu.exe
2018-03-09 17:45 - 2018-03-09 17:45 - 004260984 _____ (ESET) C:\Users\gaming\Downloads\eset_smart_security_premium_live_installer.exe
2018-03-09 16:27 - 2018-03-10 18:44 - 000000000 ____D C:\AdwCleaner
2018-03-09 16:27 - 2018-03-09 16:27 - 008222496 _____ (Malwarebytes) C:\Users\gaming\Desktop\AdwCleaner.exe
2018-03-09 16:26 - 2018-03-09 16:26 - 000003562 _____ C:\Users\gaming\Documents\MalwarebytesExportSummary.txt
2018-03-09 16:19 - 2018-03-09 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 16:19 - 2018-03-09 16:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-09 16:19 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-09 16:15 - 2018-03-09 16:16 - 068724528 _____ (Malwarebytes ) C:\Users\gaming\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe
2018-03-09 00:14 - 2018-03-09 00:15 - 000023908 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.14.53_log.txt
2018-03-09 00:09 - 2018-03-09 00:09 - 000000468 _____ C:\TDSSKiller.3.1.0.16_08.03.2018_23.09.06_log.txt
2018-03-08 23:09 - 2018-03-08 23:10 - 000000000 ____D C:\Users\gaming\Documents\faterealtanua_savedata
2018-03-08 18:25 - 2018-03-08 18:25 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2018-03-08 06:47 - 2018-03-08 06:47 - 000000867 _____ C:\Users\Administrator\Desktop\田舎の無知なむちむち娘.lnk
2018-03-08 06:47 - 2018-03-08 06:47 - 000000000 ____D C:\Users\gaming\Documents\クレージュ
2018-03-08 06:47 - 2018-03-08 06:47 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\クレージュ
2018-03-08 06:47 - 2018-03-08 06:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\クレージュ
2018-03-08 02:50 - 2018-03-09 02:43 - 000000000 ____D C:\Users\gaming\Documents\cattleya
2018-03-08 02:49 - 2018-03-08 02:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATTLEYA
2018-03-05 22:00 - 2018-03-05 22:00 - 000000000 ____D C:\Users\gaming\Documents\GIGA
2018-03-05 21:57 - 2018-03-05 21:57 - 000000000 ____D C:\Users\gaming\Documents\SETTEC
2018-03-05 21:57 - 2018-03-05 21:57 - 000000000 ____D C:\ProgramData\ASign
2018-03-05 21:56 - 2018-03-05 21:56 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGA
2018-03-05 21:45 - 2018-03-05 21:45 - 000000000 ____D C:\Users\gaming\Documents\WitchFlame
2018-03-05 21:45 - 2018-03-05 21:45 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WitchFlame
2018-03-05 21:36 - 2018-03-05 21:36 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\かわうそソフト
2018-03-05 20:35 - 2018-03-05 20:35 - 000000000 ____D C:\Users\gaming\Documents\overdose
2018-03-05 20:35 - 2018-03-05 20:35 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\オーバードーズ
2018-03-05 20:34 - 2017-10-22 22:52 - 001065984 ____N (nobukichi) C:\Windows\eiunin22.exe
2018-03-05 07:58 - 2018-03-05 07:58 - 000000000 ____D C:\Users\gaming\AppData\Roaming\とるてそふと
2018-03-05 07:58 - 2018-03-05 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\とるてそふと
2018-03-03 16:19 - 2018-03-03 16:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\Disc_Soft_Ltd
2018-02-25 11:40 - 2018-02-25 11:40 - 000000000 ____D C:\Users\gaming\AppData\Roaming\すたじお緑茶
2018-02-25 11:40 - 2018-02-25 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\すたじお緑茶 夏彩恋唄
2018-02-24 01:49 - 2018-02-26 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARINE
2018-02-23 15:17 - 2018-02-23 15:17 - 000003010 _____ C:\Windows\System32\Tasks\{84612333-A3A4-4980-B555-BE5E36DE09E1}
2018-02-23 15:01 - 2018-02-23 15:23 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer 1024x768.lnk
2018-02-23 15:01 - 2018-02-23 15:01 - 000001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) 1024x768.lnk
2018-02-23 15:01 - 2018-02-23 15:01 - 000001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) Current Settings.lnk
2018-02-23 15:01 - 2018-02-23 15:01 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer Current Settings.lnk
2018-02-23 15:01 - 2018-02-23 15:01 - 000000000 ____D C:\Program Files (x86)\12noon Display Changer
2018-02-23 13:05 - 2018-02-23 13:05 - 000000000 ____D C:\Users\gaming\Documents\
2018-02-23 13:05 - 2018-02-23 13:05 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
2018-02-23 06:44 - 2018-03-10 04:44 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anim
2018-02-23 06:44 - 2018-03-10 04:44 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Anim
2018-02-23 06:17 - 2018-02-23 06:17 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Žo•ê–º‚ŃCƒNƒbI
2018-02-22 01:07 - 2018-02-22 01:07 - 000000000 ____D C:\ProgramData\LockHunter
2018-02-21 18:17 - 2018-02-21 18:17 - 000000000 ____D C:\Users\gaming\AppData\Roaming\LockHunter
2018-02-21 18:17 - 2018-02-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-02-21 18:17 - 2018-02-21 18:17 - 000000000 ____D C:\ProgramData\LHService
2018-02-21 18:17 - 2018-02-21 18:17 - 000000000 ____D C:\Program Files\LockHunter
2018-02-20 04:44 - 2018-02-20 04:44 - 000001045 _____ C:\Users\Administrator\Desktop\ユーザー特典ページについて.lnk
2018-02-20 04:44 - 2018-02-20 04:44 - 000001017 _____ C:\Users\Administrator\Desktop\ヤンデレなお姉ちゃんに愛し尽される監禁性活.lnk
2018-02-20 04:44 - 2018-02-20 04:44 - 000001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ヤンデレなお姉ちゃんに愛し尽される監禁性活.lnk
2018-02-20 04:34 - 2018-02-20 04:34 - 000000149 _____ C:\Windows\apt105.ini
2018-02-20 04:34 - 2018-02-20 04:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\アパタイト
2018-02-20 04:21 - 2018-02-20 04:21 - 000000000 ____D C:\Users\gaming\AppData\Roaming\自宅すたじお
2018-02-20 04:04 - 2018-02-20 04:04 - 000000000 ____D C:\Users\gaming\Documents\SAGAPLANETS
2018-02-20 03:51 - 2018-02-20 03:51 - 000000000 ____D C:\Users\gaming\Documents\自宅すたじお
2018-02-20 03:35 - 2018-02-20 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\自宅すたじお
2018-02-20 03:18 - 2018-03-10 04:45 - 000000000 ____D C:\Users\gaming\AppData\Local\PlayDRM
2018-02-20 02:41 - 2018-03-11 00:32 - 000000000 ____D C:\Users\gaming\AppData\Roaming\qBittorrent
2018-02-20 02:41 - 2018-02-20 02:41 - 000000000 ____D C:\Users\gaming\AppData\Local\qBittorrent
2018-02-20 02:41 - 2018-02-20 02:41 - 000000000 ____D C:\Program Files (x86)\qBittorrent
2018-02-20 02:11 - 2018-02-20 02:11 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-20 02:11 - 2018-02-20 02:11 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-20 02:11 - 2018-02-20 02:11 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-02-20 02:11 - 2018-02-20 02:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2018-02-20 02:11 - 2018-02-20 02:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-02-20 02:10 - 2018-02-20 02:20 - 000000000 ____D C:\Users\Administrator\Documents\Vuze Downloads
2018-02-20 02:10 - 2018-02-20 02:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus
2018-02-20 02:10 - 2018-02-20 02:10 - 000000000 ____D C:\Users\Administrator\.swt
2018-02-20 02:09 - 2018-02-20 02:09 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-20 02:08 - 2018-02-20 02:08 - 007236456 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_online_a2b.exe
2018-02-20 02:03 - 2018-02-20 02:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-02-20 01:59 - 2018-03-10 01:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\dtsvhmn
2018-02-20 01:59 - 2018-02-20 01:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\sbdglav
2018-02-20 01:57 - 2018-02-20 01:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-02-20 01:51 - 2018-03-06 20:36 - 000000000 ____D C:\Users\Administrator
2018-02-20 01:51 - 2018-03-03 16:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2018-02-20 01:51 - 2018-03-03 16:18 - 000058888 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-20 01:51 - 2018-02-22 17:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-20 01:51 - 2018-02-20 02:15 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-20 01:51 - 2018-02-20 01:51 - 000001373 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-20 01:51 - 2018-02-20 01:51 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-02-20 01:51 - 2018-02-20 01:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-02-20 01:51 - 2018-02-20 01:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-02-20 01:51 - 2018-02-20 01:51 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Google
2018-02-20 01:51 - 2018-02-20 01:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-02-20 01:51 - 2018-02-20 01:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-02-20 01:51 - 2017-12-21 03:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2018-02-20 01:51 - 2011-04-12 04:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2018-02-20 01:25 - 2018-02-20 01:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-20 01:08 - 2018-02-20 01:08 - 000000000 ____D C:\firefox
2018-02-20 01:08 - 2018-02-20 01:08 - 000000000 ____D C:\chrome
2018-02-20 00:32 - 2018-02-20 00:32 - 000000000 __SHD C:\AI_RecycleBin
2018-02-20 00:31 - 2018-02-23 06:23 - 000058888 _____ C:\Users\gaming\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-20 00:01 - 2018-02-20 00:01 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcb5db114cd946a9f.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\asw40d7831a7bb72f2b.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc6b7e4b0d4e639af.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw10c3ec879f01483e.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw27e21181f75ea3d4.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\asw d54e96d6bcf2645.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7aed0091fbdc1884.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw43282d271d57b448.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw  c9e9836ba6925e.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa9a577d3ebf412ff.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfc9acf03b1a06226.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2b5056b27506c60.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9b8dd1be2d588699.tmp
2018-02-20 00:01 - 2018-02-20 00:01 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw78c6fb79eb273db6.tmp
2018-02-19 23:34 - 2018-02-19 23:34 - 000000000 ___HD C:\$AV_ASW
2018-02-19 23:12 - 2018-02-22 00:21 - 000000000 ____D C:\Users\gaming\AppData\Local\dscwmxu
2018-02-19 23:09 - 2018-03-10 00:40 - 000000000 ____D C:\Users\gaming\AppData\Local\lsigpmv
2018-02-19 23:09 - 2018-02-19 23:11 - 000000000 ____D C:\Users\gaming\AppData\Local\raipeoc
2018-02-19 23:08 - 2018-03-09 21:41 - 002888704 _____ C:\Windows\system32\vdhtouzsvc.exe
2018-02-19 23:08 - 2018-02-19 23:34 - 000000000 ____D C:\Users\gaming\AppData\Local\uavc
2018-02-19 23:08 - 2018-02-19 23:08 - 000041984 _____ C:\Windows\gravy.exe
2018-02-19 23:07 - 2018-03-09 16:24 - 000000000 ___HD C:\Program Files (x86)\drainage
2018-02-19 23:07 - 2018-02-20 00:51 - 000000000 ____D C:\Program Files (x86)\beachy
2018-02-19 23:07 - 2018-02-19 23:07 - 000021532 _____ C:\Windows\System32\Tasks\T1wZyAKOjbea
2018-02-19 23:07 - 2018-02-19 23:07 - 000003848 _____ C:\Windows\System32\Tasks\puka edney mothballed
2018-02-19 23:07 - 2018-02-19 23:07 - 000003848 _____ C:\Windows\System32\Tasks\inlets countermove
2018-02-19 23:07 - 2018-02-19 23:07 - 000003820 _____ C:\Windows\System32\Tasks\shuffle_cobble
2018-02-19 23:07 - 2018-02-19 23:07 - 000003794 _____ C:\Windows\System32\Tasks\tane
2018-02-19 23:07 - 2018-02-19 23:07 - 000003788 _____ C:\Windows\System32\Tasks\ethnical
2018-02-19 23:07 - 2018-02-19 23:07 - 000003692 _____ C:\Windows\System32\Tasks\tsinlets countermoveinlets countermove
2018-02-19 23:07 - 2018-02-19 23:07 - 000003688 _____ C:\Windows\System32\Tasks\tspuka edney mothballedpuka edney mothballed
2018-02-19 23:07 - 2018-02-19 23:07 - 000003660 _____ C:\Windows\System32\Tasks\tsshuffle_cobbleshuffle_cobble
2018-02-19 23:07 - 2018-02-19 23:07 - 000003632 _____ C:\Windows\System32\Tasks\tstanetane
2018-02-19 23:07 - 2018-02-19 23:07 - 000003632 _____ C:\Windows\System32\Tasks\tsethnicalethnical
2018-02-19 23:07 - 2018-02-19 23:07 - 000000012 _____ C:\Windows\b22784555
2018-02-19 23:07 - 2018-02-19 23:07 - 000000000 ____D C:\Windows\SysWOW64\excvwip
2018-02-19 23:07 - 2018-02-19 23:07 - 000000000 ____D C:\Windows\system32\excvwip
2018-02-19 23:07 - 2018-02-19 23:07 - 000000000 ____D C:\Users\gaming\AppData\Roaming\et
2018-02-19 23:05 - 2018-02-19 23:05 - 001286144 _____ C:\Windows\3e1d79112fe0dc4c1581e29b7c41ed06.dll
2018-02-19 11:51 - 2018-02-19 11:51 - 000041210 _____ C:\Windows\uninstaller.dat
2018-02-16 20:15 - 2018-03-09 22:58 - 000000000 ____D C:\Users\gaming\AppData\Local\Black_Tree_Gaming
2018-02-16 20:15 - 2018-03-09 22:55 - 000000000 ____D C:\Users\gaming\Documents\Nexus Mod Manager
2018-02-16 20:15 - 2018-02-16 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-02-16 04:22 - 2018-02-16 04:22 - 000000000 ____D C:\Users\gaming\Documents\美少女万華鏡_罪と罰の少女
2018-02-16 02:37 - 2018-02-16 02:37 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美少女万華鏡 罪と罰の少女
2018-02-16 02:34 - 2018-02-16 02:34 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ƒ€[ƒ“ƒXƒg[ƒ“
2018-02-16 02:15 - 2018-02-16 02:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-02-16 01:51 - 2018-02-16 01:51 - 000000000 ____D C:\Users\gaming\AppData\Local\KADOKAWA
2018-02-16 01:48 - 2018-02-16 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-02-15 21:36 - 2018-02-15 21:36 - 000000000 ____D C:\Users\gaming\AppData\Local\Skyrim Special Edition
2018-02-15 21:22 - 2018-02-15 21:22 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-02-15 21:22 - 2018-02-15 21:22 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-02-15 21:22 - 2018-02-15 21:22 - 000000000 ____D C:\Users\gaming\AppData\Local\Disc_Soft_Ltd
2018-02-15 21:21 - 2018-03-09 18:55 - 000000000 ____D C:\Users\gaming\AppData\Roaming\DAEMON Tools Lite
2018-02-15 21:21 - 2018-03-06 20:36 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-02-15 21:21 - 2018-02-15 21:21 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-02-15 21:21 - 2018-02-15 21:21 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-02-15 21:18 - 2018-02-15 21:42 - 000000000 ____D C:\Users\gaming\Documents\World Map
2018-02-15 21:15 - 2018-02-15 21:43 - 000000000 ____D C:\Users\gaming\Documents\Unofficial Skyrim Legendary Edition Patch
2018-02-15 21:10 - 2018-02-15 21:41 - 000000000 ____D C:\Users\gaming\Documents\SkyUI
2018-02-11 05:42 - 2018-02-11 05:42 - 000000000 ____D C:\Users\gaming\AppData\Local\NVIDIA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 18:07 - 2018-02-04 18:09 - 000000000 ____D C:\Users\gaming\AppData\LocalLow\Mozilla
2018-03-11 18:07 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-11 18:05 - 2018-01-17 10:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-11 18:05 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-11 16:14 - 2009-07-14 00:45 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-11 16:14 - 2009-07-14 00:45 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-11 04:51 - 2009-07-14 01:13 - 000006166 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 01:24 - 2017-12-15 18:19 - 000000000 ____D C:\Users\gaming\AppData\Roaming\vlc
2018-03-10 02:02 - 2018-01-09 23:47 - 000000000 ____D C:\Users\gaming\AppData\Local\CrashDumps
2018-03-10 01:32 - 2017-12-14 23:32 - 000000000 ____D C:\Users\gaming
2018-03-09 22:58 - 2018-02-01 19:35 - 000000000 ____D C:\Games
2018-03-09 22:58 - 2018-01-31 21:40 - 000000000 ____D C:\Users\gaming\AppData\Local\Skyrim
2018-03-09 22:11 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-09 22:01 - 2009-07-13 22:34 - 020185088 _____ C:\Windows\system32\config\HARDWARE
2018-03-09 16:16 - 2017-12-24 11:28 - 000000000 ____D C:\Windows\Minidump
2018-03-08 16:23 - 2017-12-31 20:55 - 000000000 ____D C:\Program Files (x86)\WinTV
2018-03-08 16:23 - 2017-12-25 05:25 - 000000000 ____D C:\ProgramData\Hauppauge
2018-03-08 16:23 - 2017-12-25 05:08 - 000000000 ____D C:\Users\Public\WinTV
2018-03-06 20:36 - 2017-12-29 16:56 - 000000000 ____D C:\ProgramData\FLEXnet
2018-03-06 20:36 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2018-03-02 19:14 - 2017-12-16 10:34 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-23 06:23 - 2009-07-14 00:45 - 002194832 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-22 18:00 - 2009-07-13 23:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-02-21 01:58 - 2009-07-14 01:08 - 000032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-20 04:13 - 2018-01-24 22:28 - 000000000 ____D C:\Users\gaming\AppData\Roaming\Azureus
2018-02-20 01:51 - 2009-07-14 00:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-02-20 00:05 - 2017-12-15 18:11 - 000001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-18 20:12 - 2017-12-25 05:26 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-18 19:34 - 2017-12-25 05:26 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-18 19:34 - 2017-12-16 10:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-18 19:34 - 2017-12-16 10:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-18 19:34 - 2017-12-15 12:12 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{60778B08-7A8A-4D85-ABA3-3B9476679DA6}
2018-02-18 06:47 - 2018-01-31 20:23 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-02-18 00:34 - 2018-01-25 16:56 - 000000024 _____ C:\Users\gaming\random.dat
2018-02-18 00:00 - 2018-01-25 16:57 - 000000045 _____ C:\Users\gaming\jagex_cl_oldschool_LIVE.dat
2018-02-18 00:00 - 2018-01-25 16:57 - 000000000 ____D C:\Users\gaming\.jagex_cache_32
2018-02-18 00:00 - 2018-01-25 16:56 - 000000011 _____ C:\Users\gaming\jagexappletviewer.preferences
2018-02-17 23:59 - 2018-01-25 16:56 - 000000045 _____ C:\Users\gaming\jagex_cl_runescape_LIVE.dat
2018-02-17 23:59 - 2018-01-25 16:56 - 000000000 ____D C:\Users\gaming\AppData\Roaming\RSBot
2018-02-16 20:16 - 2018-02-01 04:22 - 000000000 ____D C:\Users\gaming\AppData\Local\Fallout4
2018-02-16 19:32 - 2017-12-31 20:50 - 000000000 ____D C:\Program Files\7-Zip
2018-02-16 01:48 - 2018-01-25 02:25 - 000000000 ____D C:\ProgramData\WinZip
2018-02-15 21:36 - 2017-12-21 04:22 - 000000000 ____D C:\Users\gaming\Documents\My Games
2018-02-13 15:50 - 2009-07-14 01:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-02-13 15:49 - 2018-02-04 18:12 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-13 15:49 - 2018-01-25 16:56 - 000000000 ____D C:\Users\gaming\jagexcache
2018-02-09 20:24 - 2018-02-04 18:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-09 20:24 - 2018-02-04 18:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some files in TEMP:
====================
2018-03-10 13:57 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Users\gaming\AppData\Local\Temp\dllnt_dump.dll
2018-03-08 16:22 - 2010-03-09 21:02 - 000186464 _____ (Symantec, Inc.) C:\Users\gaming\AppData\Local\Temp\GLB1A2B.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-09 20:07

==================== End of FRST.txt ============================



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 12 March 2018 - 11:49 AM

I'm missing the Addition.txt file.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 15 March 2018 - 07:16 AM

Hi drbulbasaur,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users