Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager and Regedit (i think there's more) disabling virus?


  • This topic is locked This topic is locked
5 replies to this topic

#1 KingChronoz

KingChronoz

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 22 May 2018 - 12:54 AM

Recently I can't press Task Manager, I tried pressing CTRL+ALT+DELETE but there's no Task Manager over there.
I surfed the net and saw that Task Manager can be opened again with Regedit, but then Regedit is also disabled.

I tried to FULL SCAN my PC with Smadav antivirus and it keeps detecting 2 registry error and 2/4 virus.
I keep fixing it, I keep deleting the virus but seconds later, it comes back again and Task Manager and Regedit is disabled, AGAIN.

 

This is getting annoying since I don't know how to fight this virus, I've tried alot of antiviruses but it doesn't seem to fix my problem, I went to this forums thinking that you guys can maybe help me solve my problem?

 

About the "( i think there's more ) on the title? Please disregard it.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01

Ran by mariss (administrator) on MARISS-PC (22-05-2018 14:10:50)
Running from C:\Users\mariss\Downloads\Programs
Loaded Profiles: mariss & UpdatusUser (Available Profiles: mariss & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
() C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\mariss\AppData\Local\Temp\owclh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\mariss\Downloads\Compressed\Copy of GTA-SanAndreas [ produnia.com ]\GTA-SanAndreas\samp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1736704 2017-01-24] (Smadsoft)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [340480 2015-12-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-17] (Microsoft Corporation)
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-03-31] (Tonec Inc.)
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Run: [GoogleChromeAutoLaunch_6709F82A1B9CE0C87D38B120E14A02E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-05-15] (Google Inc.)
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
Startup: C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 2130 series.lnk [2018-05-22]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
AlternateShell: 
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BB25FDE-E75D-40B6-9E4C-B900E213CB36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8D04E6-3A33-45D0-8F42-D6A7FA1983D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-858333344-3013912580-3231274367-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-14] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5kv0k9b2.default
FF ProfilePath: C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default [2018-05-21]
FF Extension: (Советник Яндекс.Маркета) - C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default\Extensions\sovetnik-yandex@yandex.ru.xpi [2018-03-25]
FF Extension: (Visual Bookmarks) - C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default\Extensions\vb@yandex.ru.xpi [2018-03-25] [Legacy]
FF Extension: (Советник Яндекс.Маркета) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\sovetnik-yandex@yandex.ru.xpi [2017-06-06]
FF Extension: (Visual Bookmarks) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\vb@yandex.ru.xpi [2017-06-06] [Legacy]
FF HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-03-01]
FF HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mariss\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\mariss\AppData\Roaming\IDM\idmmzcc5 [2018-04-27] [Legacy] [not signed]
FF HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default [2018-05-22]
CHR Extension: (Docs) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-14]
CHR Extension: (YouTube) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Adblock Plus) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-14]
CHR Extension: (Roblox Enhancer) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmnpgjlgjedlhfnphihaimmimdmmgiim [2018-05-19]
CHR Extension: (IDM Integration Module) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-31]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2619096 2016-08-19] (Blue Coat Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [125144 2016-08-19] (Blue Coat Systems, Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-27] (Bluestack System Inc. )
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3445592 2016-08-13] (MediaTek Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va066; \??\C:\Windows\SysWOW64\Drivers\X6va066 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-22 14:09 - 2018-05-22 14:10 - 000000000 ____D C:\FRST
2018-05-22 07:06 - 2018-05-22 07:06 - 000001243 _____ C:\Users\mariss\Desktop\samp - Shortcut.lnk
2018-05-21 20:14 - 2018-05-21 20:14 - 000103140 _____ C:\qtjnux.pif
2018-05-21 19:46 - 2018-05-22 09:50 - 000000000 ____D C:\Users\mariss\AppData\Roaming\SA-MP Audio Plugin
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\Documents\GTA San Andreas User Files
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-05-21 18:56 - 2018-05-21 18:56 - 000000000 ____D C:\Users\mariss\Documents\TotalAV
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Windows\XSxS
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Users\mariss\AppData\Local\Xenocode
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Program Files (x86)\Xenocode
2018-05-21 16:04 - 2018-05-21 16:04 - 000876555 _____ C:\Users\mariss\Downloads\$kisploit V3 - xShark.rar
2018-05-21 11:52 - 2018-05-21 12:01 - 000000000 ____D C:\Program Files\Sandboxie
2018-05-20 17:44 - 2018-05-21 18:03 - 000000008 __RSH C:\Users\mariss\ntuser.pol
2018-05-20 17:33 - 2018-05-20 17:33 - 000002166 _____ C:\Users\mariss\Desktop\Discord.lnk
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-20 17:32 - 2018-05-20 17:37 - 000000000 ____D C:\Users\mariss\AppData\Roaming\discord
2018-05-20 17:32 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Local\SquirrelTemp
2018-05-20 17:32 - 2018-05-20 17:32 - 000000000 ____D C:\Users\mariss\AppData\Local\Discord
2018-05-20 17:29 - 2018-05-20 17:31 - 060074328 _____ (Discord Inc.) C:\Users\mariss\Downloads\DiscordSetup.exe
2018-05-20 13:55 - 2010-03-19 00:36 - 000827728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2018-05-20 13:55 - 2010-03-19 00:36 - 000607568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2018-05-20 10:31 - 2018-05-20 10:31 - 000066721 _____ C:\Users\mariss\Downloads\5D-DIY-Diamond-embroidery-Tokyo-Ghoul-Kaneki-Ken-Pictures-Full-Resin-round-rhinestone-mosaic-kit-Diamond.jpeg_640x640.jpeg
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Users\mariss\AppData\Roaming\OBS
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files\OBS
2018-05-17 20:16 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files (x86)\OBS
2018-05-15 18:10 - 2018-05-15 18:10 - 000001169 _____ C:\Users\Public\Desktop\Counter-Strike Source.lnk
2018-05-15 18:10 - 2018-05-15 18:10 - 000001119 _____ C:\Users\Public\Desktop\Updating Counter-Strike Source.lnk
2018-05-15 18:10 - 2018-05-15 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2018-05-15 18:03 - 2018-05-15 18:03 - 000000000 ____D C:\Program Files\Strogino CS Portal
2018-05-15 13:43 - 2018-05-15 13:45 - 2087138038 _____ C:\Users\mariss\Downloads\CounteStrikSourcev3398447.7z
2018-05-15 11:55 - 2018-05-15 12:45 - 000000155 _____ C:\Users\mariss\Desktop\bhop.ahk
2018-05-15 11:54 - 2018-05-20 17:45 - 000000000 ____D C:\Program Files\AutoHotkey
2018-05-15 11:54 - 2018-05-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-05-15 07:55 - 2018-05-15 07:55 - 000002225 _____ C:\Users\mariss\Desktop\Free Fire.lnk
2018-05-14 18:20 - 2018-05-14 18:20 - 000002245 _____ C:\Users\mariss\Desktop\Card Wars 2.lnk
2018-05-14 16:26 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-05-14 16:25 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-05-14 16:24 - 2018-05-14 16:24 - 000000000 ____D C:\Program Files\Java
2018-05-13 13:52 - 2018-05-13 13:52 - 000031302 _____ C:\Users\mariss\Downloads\CSS Warzone.torrent
2018-05-12 21:19 - 2018-05-12 21:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\BluestacksCN
2018-05-12 21:08 - 2018-05-12 21:08 - 000002321 _____ C:\Users\mariss\Desktop\Mobile Legends  Bang Bang.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-05-12 20:34 - 2018-05-12 20:37 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\ProgramData\BlueStacks
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-05-12 20:33 - 2018-05-12 20:36 - 000000000 ____D C:\Users\mariss\AppData\Local\Bluestacks
2018-05-11 17:44 - 2018-05-12 17:32 - 000608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2018-05-11 17:44 - 2018-05-12 17:32 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2018-05-11 17:44 - 2018-05-11 17:44 - 000000000 ___HD C:\$AV_ASW
2018-05-09 13:53 - 2014-10-10 17:50 - 000000000 ____D C:\Users\mariss\Desktop\Guru3D.com
2018-05-08 15:50 - 2018-05-08 15:50 - 000000173 _____ C:\Users\mariss\Desktop\Gameclub Philippines.url
2018-05-08 15:50 - 2018-05-08 15:50 - 000000000 ____D C:\Program Files (x86)\GameClub Launcher
2018-05-08 15:06 - 2018-05-08 15:06 - 000001176 _____ C:\Users\Public\Desktop\Crossfire PH.lnk
2018-05-08 14:53 - 2018-05-08 15:57 - 013256093 _____ C:\Users\mariss\Desktop\RB001.REZ
2018-05-08 14:53 - 2018-05-08 14:53 - 000000000 ____D C:\Program Files (x86)\Gameclub
2018-05-08 14:53 - 2017-12-05 22:57 - 015342094 _____ C:\Users\mariss\Desktop\RF002.REZ
2018-05-08 12:15 - 2018-05-08 12:15 - 000000000 ____D C:\CFLog
2018-05-08 12:01 - 2018-05-08 12:01 - 000007597 _____ C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
2018-05-08 11:59 - 2018-05-08 13:09 - 000000000 __SHD C:\ProgramData\YSWOWC
2018-05-08 11:59 - 2018-05-08 12:14 - 000000000 ____D C:\ProgramData\TXR
2018-05-07 16:50 - 2018-05-08 19:47 - 000000000 _____ C:\Users\mariss\AppData\Roaming\rbx_hook
2018-05-07 16:50 - 2018-05-08 19:26 - 004037120 _____ C:\Users\mariss\AppData\Roaming\SLX.vmp.dll
2018-05-07 16:50 - 2018-05-08 19:26 - 000000024 _____ C:\Users\mariss\AppData\Roaming\version
2018-05-07 16:49 - 2018-05-07 16:49 - 000000000 ____D C:\Users\mariss\Downloads\SLX
2018-05-07 09:08 - 2015-07-18 21:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-07 09:08 - 2015-07-18 21:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-07 09:06 - 2018-05-17 20:16 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-05 13:45 - 2018-05-07 12:33 - 000000000 ____D C:\Users\mariss\Documents\My Cheat Tables
2018-05-05 13:45 - 2018-05-05 13:45 - 000001085 _____ C:\Users\mariss\Desktop\Cheat Engine.lnk
2018-05-05 13:45 - 2018-05-05 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2018-05-05 13:45 - 2018-05-05 13:45 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-05-03 20:52 - 2018-05-03 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
2018-05-03 19:54 - 2018-05-03 19:54 - 001199825 _____ C:\Windows\unins000.exe
2018-05-03 19:23 - 2018-05-03 19:54 - 000013278 _____ C:\Windows\unins000.dat
2018-05-03 18:15 - 2018-05-03 18:15 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Sobeit Blue Eclipse V7
2018-05-03 18:15 - 2018-05-03 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mod Sobeit Blue Eclipse V7
2018-05-03 18:15 - 2018-05-03 18:15 - 000000000 ____D C:\Arquivos De Programas
2018-05-02 16:46 - 2018-05-02 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-05-02 16:26 - 2005-06-08 10:59 - 014383616 _____ C:\Users\mariss\Documents\gta_sa.exe
2018-05-02 14:29 - 2018-05-02 14:29 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-02 14:29 - 2018-05-02 14:29 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-02 14:26 - 2018-05-02 14:26 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-02 10:11 - 2018-05-05 10:45 - 000000000 ____D C:\Users\mariss\Documents\Cross Fire
2018-05-02 00:10 - 2018-05-08 15:06 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk
2018-05-01 23:31 - 2018-05-01 23:39 - 000000000 ____D C:\Program Files\Blue Coat K9 Web Protection
2018-05-01 23:31 - 2018-05-01 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
2018-04-30 18:34 - 2018-04-30 18:34 - 000000000 ____D C:\Users\mariss\Documents\AutomaticSolution Software
2018-04-30 15:40 - 2018-04-30 00:12 - 000012800 _____ () C:\Users\mariss\Documents\Skidma.exe
2018-04-30 15:40 - 2018-04-29 16:49 - 000182272 _____ C:\Users\mariss\Documents\skidma.dll
2018-04-29 18:23 - 2018-05-18 11:00 - 000000000 ____D C:\Users\mariss\AppData\Local\Growtopia
2018-04-29 18:23 - 2018-05-02 11:10 - 000001068 _____ C:\Users\mariss\Desktop\Growtopia.lnk
2018-04-29 18:23 - 2018-04-29 18:23 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2018-04-29 04:01 - 2018-04-29 04:01 - 000000000 ____D C:\Users\mariss\Documents\RanOnline
2018-04-29 03:55 - 2018-04-29 17:16 - 000000000 ____D C:\Program Files (x86)\NSRAN
2018-04-28 18:09 - 2010-06-02 19:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2018-04-28 18:09 - 2010-06-02 19:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2018-04-28 18:09 - 2010-06-02 19:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-04-28 18:09 - 2010-06-02 19:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-04-28 18:09 - 2010-06-02 19:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2018-04-28 18:09 - 2010-06-02 19:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-04-28 18:09 - 2010-05-27 02:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-04-28 18:09 - 2010-02-05 01:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-04-28 18:09 - 2009-09-05 08:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-04-28 18:09 - 2009-09-05 08:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-04-28 18:09 - 2009-03-17 05:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-04-28 18:09 - 2009-03-10 06:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-04-28 18:09 - 2008-10-28 01:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-04-28 18:09 - 2008-10-15 21:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-04-28 18:09 - 2008-08-01 01:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-04-28 18:09 - 2008-08-01 01:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-04-28 18:09 - 2008-08-01 01:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-04-28 18:09 - 2008-08-01 01:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-04-28 18:09 - 2008-08-01 01:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-04-28 18:09 - 2008-08-01 01:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-04-28 18:09 - 2008-07-11 02:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-04-28 18:09 - 2008-07-11 02:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-04-28 18:09 - 2008-07-11 02:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-04-28 18:09 - 2008-07-11 02:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-04-28 18:09 - 2008-07-11 02:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-04-28 18:09 - 2008-07-11 02:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-04-28 18:09 - 2008-05-31 05:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-04-28 18:09 - 2008-05-31 05:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-04-28 18:09 - 2008-05-31 05:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-04-28 18:09 - 2008-05-31 05:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-04-28 18:09 - 2008-05-31 05:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-04-28 18:09 - 2008-05-31 05:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-04-28 18:09 - 2008-05-31 05:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-04-28 18:09 - 2008-05-31 05:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-04-28 18:09 - 2008-05-31 05:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-04-28 18:09 - 2008-03-06 07:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-04-28 18:09 - 2008-03-06 07:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-04-28 18:09 - 2008-03-06 07:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-04-28 18:09 - 2008-03-06 07:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-04-28 18:09 - 2008-03-06 07:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-04-28 18:09 - 2008-03-06 07:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-04-28 18:09 - 2008-03-06 06:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-04-28 18:09 - 2008-03-06 06:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-04-28 18:09 - 2008-03-06 06:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-04-28 18:09 - 2008-03-06 06:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-04-28 18:09 - 2008-02-06 14:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-04-28 18:09 - 2008-02-06 14:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-04-28 18:09 - 2007-10-22 18:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-04-28 18:09 - 2007-10-22 18:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-04-28 18:09 - 2007-10-22 18:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-04-28 18:09 - 2007-10-22 18:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-04-28 18:09 - 2007-10-13 06:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-04-28 18:09 - 2007-10-13 06:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-04-28 18:09 - 2007-10-13 06:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-04-28 18:09 - 2007-10-13 06:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-04-28 18:09 - 2007-10-03 00:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-04-28 18:09 - 2007-10-03 00:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-04-28 18:09 - 2007-07-20 15:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-04-28 18:09 - 2007-07-20 15:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-04-28 18:09 - 2007-07-20 09:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-04-28 18:09 - 2007-06-21 11:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-04-28 18:09 - 2007-06-21 11:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-04-28 18:09 - 2007-05-17 07:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-04-28 18:09 - 2007-04-05 09:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-04-28 18:09 - 2007-04-05 09:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-04-28 18:09 - 2007-04-05 09:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-04-28 18:09 - 2007-03-16 07:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-04-28 18:09 - 2007-03-16 07:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-04-28 18:09 - 2007-03-13 07:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-04-28 18:09 - 2007-03-13 07:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-04-28 18:09 - 2007-03-13 07:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-04-28 18:09 - 2007-03-13 07:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-04-28 18:09 - 2007-03-06 03:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-04-28 18:09 - 2007-03-06 03:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-04-28 18:09 - 2007-01-25 06:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-04-28 18:09 - 2007-01-25 06:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-04-28 18:09 - 2006-12-09 03:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-04-28 18:09 - 2006-12-09 03:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-04-28 18:09 - 2006-11-30 04:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-04-28 18:09 - 2006-11-30 04:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-04-28 18:09 - 2006-11-30 04:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-04-28 18:09 - 2006-11-30 04:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-04-28 18:09 - 2006-09-29 07:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-04-28 18:09 - 2006-09-29 07:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-04-28 18:09 - 2006-09-29 07:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-04-28 18:09 - 2006-09-29 07:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-04-28 18:09 - 2006-07-29 00:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-04-28 18:09 - 2006-07-29 00:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-04-28 18:09 - 2006-07-29 00:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-04-28 18:09 - 2006-07-29 00:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-04-28 18:09 - 2006-05-31 22:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-04-28 18:09 - 2006-05-31 22:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-04-28 18:09 - 2006-04-01 03:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-04-28 18:09 - 2006-04-01 03:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-04-28 18:09 - 2006-04-01 03:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-04-28 18:09 - 2006-04-01 03:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-04-28 18:09 - 2006-04-01 03:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-04-28 18:09 - 2006-04-01 03:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-04-28 18:09 - 2006-02-03 23:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-04-28 18:09 - 2006-02-03 23:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-04-28 18:09 - 2006-02-03 23:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-04-28 18:09 - 2006-02-03 23:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-04-28 18:09 - 2006-02-03 23:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-04-28 18:09 - 2006-02-03 23:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-04-28 18:08 - 2005-12-06 09:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-04-28 18:08 - 2005-12-06 09:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-04-28 18:08 - 2005-07-23 10:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-04-28 18:08 - 2005-07-23 10:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-04-28 18:08 - 2005-05-27 06:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-04-28 18:08 - 2005-05-27 06:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-04-28 18:08 - 2005-03-19 08:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-04-28 18:08 - 2005-02-06 10:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-04-28 18:08 - 2005-02-06 10:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-04-28 15:30 - 2018-04-28 15:31 - 000000000 ____D C:\Users\mariss\AppData\Roaming\steam.transformice.com
2018-04-28 15:29 - 2018-04-28 15:29 - 000000222 _____ C:\Users\mariss\Desktop\Transformice.url
2018-04-28 13:02 - 2018-04-28 15:29 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-28 13:02 - 2018-04-28 13:02 - 000000219 _____ C:\Users\mariss\Desktop\Counter-Strike Global Offensive.url
2018-04-28 11:42 - 2018-04-28 11:44 - 000000000 ____D C:\Users\mariss\AppData\Local\Steam
2018-04-28 11:32 - 2018-05-09 21:24 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-28 11:32 - 2018-04-28 11:32 - 000000963 _____ C:\Users\Public\Desktop\Steam.lnk
2018-04-28 11:32 - 2018-04-28 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-28 10:41 - 2018-04-28 10:42 - 000029184 ___SH C:\Users\mariss\Documents\Thumbs.db
2018-04-28 10:40 - 2018-04-28 10:40 - 000000000 ____D C:\Users\mariss\AppData\Roaming\WinRAR
2018-04-28 10:40 - 2018-04-28 10:40 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-28 10:40 - 2018-04-28 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-28 10:40 - 2018-04-28 10:40 - 000000000 ____D C:\Program Files\WinRAR
2018-04-28 10:40 - 2018-04-28 09:21 - 000002388 _____ C:\Users\mariss\Documents\ReamMePlease!.txt
2018-04-27 19:31 - 2018-05-01 22:14 - 000000000 ____D C:\Users\mariss\Documents\RanOnlineLogs
2018-04-27 18:42 - 2018-04-27 19:31 - 000000000 ____D C:\Users\mariss\AppData\Local\Roblox
2018-04-27 18:41 - 2018-05-18 10:29 - 000001315 _____ C:\Users\mariss\Desktop\Roblox Player.lnk
2018-04-27 18:38 - 2018-05-18 10:29 - 000001134 _____ C:\Users\mariss\Desktop\Roblox Studio.lnk
2018-04-27 18:38 - 2018-05-18 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2018-04-27 18:38 - 2018-04-27 18:48 - 000000252 _____ C:\Users\mariss\AppData\LocalLow\rbxcsettings.rbx
2018-04-27 18:38 - 2018-04-27 18:38 - 000000000 ____D C:\ProgramData\Roblox
2018-04-27 18:33 - 2018-04-27 18:33 - 000001901 _____ C:\Users\Public\Desktop\RanWorldPH Launcher.lnk
2018-04-27 18:33 - 2018-04-27 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RanWorldPH
2018-04-27 18:33 - 2018-04-27 18:33 - 000000000 ____D C:\Program Files (x86)\Roblox
2018-04-27 18:30 - 2018-05-01 18:40 - 000000000 ____D C:\Program Files (x86)\RanWorldPH
2018-04-27 18:07 - 2018-05-14 09:56 - 000000000 ____D C:\Users\mariss\AppData\Roaming\CC
2018-04-27 17:54 - 2018-04-27 17:54 - 000000016 _____ C:\ProgramData\mntemp
2018-04-27 17:54 - 2018-04-27 17:54 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Netease
2018-04-27 17:45 - 2018-04-27 17:45 - 000001372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rules of Survival.lnk
2018-04-27 17:45 - 2018-04-27 17:45 - 000001360 _____ C:\Users\Public\Desktop\Rules of Survival.lnk
2018-04-27 17:41 - 2018-05-12 08:50 - 000000000 ____D C:\ros
2018-04-27 16:39 - 2018-05-21 21:31 - 000000000 ____D C:\Users\mariss\AppData\Roaming\DMCache
2018-04-27 16:39 - 2018-05-21 19:42 - 000000000 ____D C:\Users\mariss\Downloads\Compressed
2018-04-27 16:39 - 2018-05-01 15:02 - 000000000 ____D C:\Users\mariss\AppData\Roaming\IDM
2018-04-27 16:39 - 2018-04-28 21:33 - 000000000 ____D C:\Users\mariss\Downloads\Video
2018-04-27 16:39 - 2018-04-27 16:39 - 000001009 _____ C:\Users\mariss\Desktop\Internet Download Manager.lnk
2018-04-27 16:39 - 2018-04-27 16:39 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-04-27 16:39 - 2018-04-27 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-04-27 16:39 - 2018-04-27 16:39 - 000000000 ____D C:\ProgramData\IDM
2018-04-27 16:39 - 2018-04-27 16:39 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-04-27 16:28 - 2018-04-27 16:28 - 000000010 _____ C:\Users\mariss\Documents\pass homegroup.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-22 11:41 - 2018-03-17 20:57 - 000000000 ____D C:\Users\mariss\AppData\Roaming\.minecraft
2018-05-22 05:53 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-22 05:53 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-22 05:45 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-21 20:14 - 2018-03-11 17:41 - 000000000 __SHD C:\[Smad-Cage]
2018-05-21 20:14 - 2018-03-11 17:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-05-21 20:14 - 2018-03-11 17:37 - 000000000 ____D C:\Program Files (x86)\Tumblebugs
2018-05-21 20:14 - 2018-03-11 17:35 - 000000000 ____D C:\Program Files (x86)\Zuma's Revenge
2018-05-21 20:14 - 2018-03-11 17:21 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2018-05-21 18:03 - 2018-03-11 17:18 - 000000000 ____D C:\Users\mariss
2018-05-20 17:42 - 2009-07-14 11:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-05-20 15:31 - 2009-07-14 10:34 - 000000256 _____ C:\Windows\system.ini
2018-05-17 21:22 - 2018-03-11 19:35 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 21:22 - 2018-03-11 19:35 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 05:23 - 2018-03-11 19:36 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 05:23 - 2018-03-11 19:36 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 11:54 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2018-05-14 16:26 - 2018-03-17 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-12 20:52 - 2018-03-14 17:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 17:32 - 2018-03-14 17:05 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2018-05-12 10:52 - 2009-12-20 04:28 - 001077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2018-05-11 21:47 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-11 21:47 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-05-09 14:09 - 2018-03-14 17:00 - 000003452 _____ C:\Windows\System32\Tasks\DriverPack Notifier
2018-05-09 14:09 - 2018-03-14 16:59 - 000003274 _____ C:\Windows\System32\Tasks\DRPNPS
2018-05-09 14:09 - 2018-03-11 19:43 - 000002946 _____ C:\Windows\System32\Tasks\HPCustPartic.exe_{34092B56-4D6F-40C4-96CC-74679CD02423}
2018-05-09 14:09 - 2018-03-11 19:33 - 000003594 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 2130 series
2018-05-09 14:09 - 2018-03-11 17:41 - 000003154 _____ C:\Windows\System32\Tasks\smadav
2018-05-08 09:05 - 2009-07-14 13:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-07 09:12 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-02 16:32 - 2018-03-24 01:12 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-04-29 13:52 - 2009-07-14 13:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-04-28 15:30 - 2018-03-11 19:15 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Adobe
2018-04-27 16:43 - 2018-03-11 17:40 - 000000000 ____D C:\Users\mariss\AppData\Local\Google
2018-04-27 16:28 - 2009-07-14 11:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-04-24 17:53 - 2018-03-11 17:36 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Wildfire
2018-04-24 17:37 - 2009-07-14 10:34 - 000000451 _____ C:\Windows\win.ini
 
==================== Files in the root of some directories =======
 
2018-05-07 16:50 - 2018-05-08 19:47 - 000000000 _____ () C:\Users\mariss\AppData\Roaming\rbx_hook
2018-05-07 16:50 - 2018-05-08 19:26 - 004037120 _____ () C:\Users\mariss\AppData\Roaming\SLX.vmp.dll
2018-05-07 16:50 - 2018-05-08 19:26 - 000000024 _____ () C:\Users\mariss\AppData\Roaming\version
2018-05-08 12:01 - 2018-05-08 12:01 - 000007597 _____ () C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-05-22 13:28 - 2018-05-22 13:28 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\owclh.exe
2018-05-22 05:49 - 2018-05-22 05:49 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
2018-05-22 05:49 - 2018-05-22 05:49 - 000012970 _____ () C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 08:23
 
==================== End of FRST.txt ============================

Edited by KingChronoz, 22 May 2018 - 01:14 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 23 May 2018 - 06:26 AM

Hi,

I need to see the Addition.txt log that was created by the Farbar program.

Please post or attach it to your next reply,

Wait for further instructions.

#3 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 27 May 2018 - 09:04 PM

Hi,

I need to see the Addition.txt log that was created by the Farbar program.

Please post or attach it to your next reply,

Wait for further instructions.

Here's the "Addition.txt" log that you asked me for, I hope you can still help me since I forgot to check my thread.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by mariss (22-05-2018 14:12:01)
Running from C:\Users\mariss\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2018-03-11 09:18:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-858333344-3013912580-3231274367-500 - Administrator - Disabled)
Guest (S-1-5-21-858333344-3013912580-3231274367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-858333344-3013912580-3231274367-1003 - Limited - Enabled)
mariss (S-1-5-21-858333344-3013912580-3231274367-1000 - Administrator - Enabled) => C:\Users\mariss
UpdatusUser (S-1-5-21-858333344-3013912580-3231274367-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AutoHotkey 1.1.28.02 (HKLM\...\AutoHotkey) (Version: 1.1.28.02 - Lexikos)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.14.1460 - BlueStack Systems, Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossfire PH version 1283 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1283 - Gameclub)
Discord (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 17.7.52+patch.11 - DriverPack Solution)
GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Growtopia) (Version:  - )
GTA San Andreas SA-MP Addon version 2.3 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 2.3 - Absolute Play www.gta-samp.ru)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mod Sobeit Blue Eclipse V7 (HKLM-x32\...\Mod Sobeit Blue Eclipse V7) (Version:  - )
Mozilla Firefox 54.0 (x86 ru) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 ru)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
RanWorldPH (HKLM-x32\...\RanWorldPH) (Version:  - )
Roblox Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Rules of Survival version 1.146371.158037 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.146371.158037 - Hong Kong Netease Interactive Entertainment Limited)
SMADAV version 11.2 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.2 - Smadsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-03-31] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {148828A2-26A3-4D64-9D1E-D8DBEE6E937B} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_mariss => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2017-03-10] (H.D.S. Hungary)
Task: {490F815B-AB50-4923-8D6B-59E7159E2B17} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-01-24] (Smadsoft)
Task: {7C505BB2-12F6-434D-B841-A8492AD9C8A6} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
Task: {8F59E994-D292-4BEA-8FB9-58BF3672886C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {BB8C0119-F470-41C1-8903-96BDAD7F8A75} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {D9B57E68-2FDF-4CE9-8F17-90BBC68B3649} - System32\Tasks\DRPNPS => Command(1): mshta.exe -> "http://update.drp.su/nps/online/bin/tools/run.hta" "17.7.90 Online" "1521019090729" "fd9ba2b1-3480-4d25-a215-8fe063fef1a4"
Task: {D9B57E68-2FDF-4CE9-8F17-90BBC68B3649} - System32\Tasks\DRPNPS => Command(2): SCHTASKS -> /Delete /TN DRPNPS /F
Task: {EA3A92B6-03EB-44F6-841F-267762F97CA5} - System32\Tasks\HPCustPartic.exe_{34092B56-4D6F-40C4-96CC-74679CD02423} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {F1BDD180-2C27-465A-8880-878A8708AD02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-14 17:36 - 2015-01-31 08:57 - 000086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-10 11:17 - 2010-01-10 11:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 16:40 - 2010-01-21 16:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-22 05:49 - 2018-05-22 05:49 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
2018-05-22 05:49 - 2018-05-22 05:49 - 000012970 _____ () C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
2018-05-22 13:28 - 2018-05-22 13:28 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\owclh.exe
2015-04-27 10:50 - 2017-09-21 07:01 - 001516032 _____ () C:\Users\mariss\Downloads\Compressed\Copy of GTA-SanAndreas [ produnia.com ]\GTA-SanAndreas\samp.exe
2010-01-10 11:18 - 2010-01-10 11:18 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 16:34 - 2010-01-21 16:34 - 008793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-20 17:33 - 2018-05-20 17:34 - 009659736 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-20 17:33 - 2018-05-20 17:33 - 001530712 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-20 17:33 - 2018-05-20 17:33 - 000512856 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-20 17:33 - 2018-05-20 17:33 - 001578840 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-05-20 17:33 - 2018-05-20 17:34 - 001728344 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-05-20 17:33 - 2018-05-20 17:33 - 002722648 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-05-20 17:36 - 2018-05-20 17:36 - 002760536 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-20 17:36 - 2018-05-20 17:36 - 001249112 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
2018-05-20 17:33 - 2018-05-20 17:33 - 001636696 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_hook\discord_hook.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2018-05-12 17:32 - 000005896 ____N C:\Windows\system32\Drivers\etc\hosts
 
182.253.238.102 localhost
182.253.238.102 www.puasaciter.com
182.253.238.102 puasaciter.com
182.253.238.102 citpekalongan.net
182.253.238.102 www.citpekalongan.net
182.253.238.102 www.pekalongan-kommuniti.net
182.253.238.102 wawcheatvip.blogspot.co.id
182.253.238.102 wawcheatvip.blogspot.com
182.253.238.102 waw-jakarta-cheater.blogspot.co.id
182.253.238.102 waw-jakarta-cheater.blogspot.com
182.253.238.102 pekalongan-kommuniti-cheat.blogspot.com
182.253.238.102 pekalongan-kommuniti-cheat.blogspot.co.id
182.253.238.102 www.pekalongankomuniti.com
182.253.238.102 pekalongan-kommunitiy.blogspot.com
182.253.238.102 pointblankidhack.xyz
182.253.238.102 pekalongan-kommuniti.net
182.253.238.102 rhm-files.blogspot.co.id
182.253.238.102 www.rhm-files.blogspot.co.id
182.253.238.102 rhm-files.blogspot.com
182.253.238.102 sites.google.com
182.253.238.102 www.rhm-files.blogspot.com
182.253.238.102 rhm-files.blogspot.sg
182.253.238.102 www.rhm-files.blogspot.sg
182.253.238.102 mrcheat.us
182.253.238.102 www.mrcheat.us
182.253.238.102 www.mrcheat.net
182.253.238.102 mrcheat.net
182.253.238.102 rhm-files.blogspot.co.uk
182.253.238.102 www.rhm-files.blogspot.co.uk
182.253.238.102 rhm-files.blogspot.de
 
There are 128 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9E3760CC-F0FF-4199-8476-3203F2DD92D1}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{9A92241B-320B-4D97-A959-833C2420EBEB}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B220DBFC-DC79-4D29-AF47-0EEC175D7761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A726B77-00F9-4084-B8FA-A8D2C756FF64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C25B1715-93BB-4C24-9513-CE6C71AA8292}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0BF3EFCF-071F-4760-8FDB-A0828CBD378D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{DB196F82-DBE7-4D98-A0F8-8E63FB8E55FE}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E2BD46D4-56A9-4B96-BE2A-12EF3487A2FC}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{88BD3FDE-6003-44B4-9B1D-5BD349DA811F}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{3A215F9A-2CD6-4543-AEBA-41778D97383C}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{02A42062-E588-4759-B3C1-7920FBFA74F2}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [UDP Query User{1220244F-9B02-4DB3-9065-38F52471BC29}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [TCP Query User{F5CEFDB7-0FD5-4C47-BAE0-5D3831CE6C7F}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [UDP Query User{EE10BF86-A3F1-4D15-97B7-6EE70D2BDC3E}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [TCP Query User{7FDDDC42-5778-4A10-BA12-A7A3D19D7463}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [UDP Query User{3B48257E-11C9-4481-88F5-8DB7B6BE2F8D}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [TCP Query User{80475074-7246-44E6-B3F4-87D74CEB9ED7}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [UDP Query User{2CCF440F-206C-4CB6-B319-5967C12ABB6D}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [TCP Query User{1B822792-47B5-4506-8187-707A7BFCC284}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [UDP Query User{133F43EA-EEE6-4421-9522-37A6B5D42EEE}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [TCP Query User{7EEAD1DF-371F-4793-AA03-CA28E677EB5C}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [UDP Query User{B301103E-0770-4287-8873-5FAC6819AA95}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [TCP Query User{1982E6E5-94A5-4F3D-9B4E-A9C1ADD74FFF}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [UDP Query User{BD306A83-1413-4C50-9887-3CB7F66D0CA3}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [TCP Query User{2D25B192-8DCB-4BE8-82BB-B7257BEE45FC}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [UDP Query User{8F687C15-37DD-4EF2-B190-B0B76B2953FB}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [TCP Query User{58986047-00D8-46CE-905E-0BA16AC11AC9}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [UDP Query User{4CEE546E-161C-4606-A27B-CF4842592F95}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [TCP Query User{B8C32F8B-21AD-4986-AC2E-016D6D1217E3}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [UDP Query User{DE31E58F-BF2D-48CC-83CC-51D20C843532}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [TCP Query User{0872287D-CBD6-4BB7-B4A6-BCF985860AF3}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{D13D301B-B1FA-47B3-8839-CD49ADAFC832}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{0F78E02C-68BB-43FB-8C9A-2B5CC12D367B}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{E361D463-6AE1-49E2-8EE6-324C330D4ED0}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{8DAAD7BA-DAA6-4C3A-9F2F-ED01B156806D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{684201D4-C29B-4747-AEF4-178CBFE59380}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A445F43-2213-49B0-A38C-6428200715DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA201736-1E6F-4436-A5ED-C804AFC05BA2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26C171FD-33BB-4FCC-A87C-547B46D83BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{BE301A21-C3A8-4CA0-B460-F59E102A4286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [TCP Query User{856F79D7-D494-4251-8EBD-9DD2E03E6201}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [UDP Query User{382F74A4-4F4B-4E11-89A7-F20AD56613DF}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [{56FB4997-64E6-4880-97AC-208A189D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{747F3A83-2CD1-4C47-9978-A8E301837E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F8A58785-0795-4B9B-9E1E-94FB96D1EFB1}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [UDP Query User{8ECE4216-436F-408C-97EB-0381C6E80423}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [{19C0385C-20E2-455E-8896-AFF272FECA13}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94BB3560-2400-4187-B7C4-05795B528ACE}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F2B7B35-D005-4629-BFB9-13C5205452F1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{C0497A5B-019C-46D2-BA99-78130220886B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [UDP Query User{36FA0094-8A4E-402C-B51B-191C501D707B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [TCP Query User{7024A8B8-624C-4F7A-8ED2-25EBE29AABA4}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{E0BF5817-88A0-4744-86F7-4D9C0AB5E079}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{6BFB7C4B-2F26-41F1-AD33-E5FCA2500D59}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{E9755C6B-41B5-4139-B60F-292848EFC694}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{782DC83B-438C-4741-A876-6B9BAA5D8B0C}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4B48498C-AA58-464E-B225-B9D911BAA1E5}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{922D3BE2-CEED-4847-A816-742D5F1F00DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8B5B85FF-F040-40EE-BB06-B45A24785895}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{54E6624F-3C9B-41FA-A766-DD7B9C89EFAB}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{F7AF7FE0-D983-4F8D-B0F7-8683F5691645}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [UDP Query User{2BB59613-F600-4CD1-875B-C4ADB7BDD186}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [TCP Query User{C7AA4660-D358-4991-8F2D-2E60EBF96F9A}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [UDP Query User{7E967D3A-2DFB-4FCB-9463-585E07BAD3FA}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [TCP Query User{590F3325-3F51-457A-B962-25C305A7E14F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [UDP Query User{D1D44385-946B-48E2-889F-BFFC9DB8C78F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [TCP Query User{8C0C3BB5-FB9D-4A00-8CEA-1FC3F7832834}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block) C:\users\mariss\appdata\local\temp\winwxwcyu.exe
FirewallRules: [UDP Query User{1FF0EFC3-F93D-436E-B2A6-47774C34C401}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block) C:\users\mariss\appdata\local\temp\winwxwcyu.exe
FirewallRules: [TCP Query User{6E164671-11F6-4967-AD20-D0C19B389B68}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [UDP Query User{FCAE8CE3-E7A7-433E-A041-6EA0EF2C779C}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
 
==================== Restore Points =========================
 
11-05-2018 18:48:09 Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020
17-05-2018 20:14:37 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
17-05-2018 20:15:59 Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020
17-05-2018 20:16:30 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
21-05-2018 18:48:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/22/2018 05:47:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2018 06:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2018 06:12:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\mariss\Downloads\Programs\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/21/2018 04:34:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\mariss\Downloads\Programs\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/21/2018 05:43:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/20/2018 05:41:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/20/2018 07:57:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/19/2018 05:52:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (05/21/2018 07:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PC Security Management Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/21/2018 07:02:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PC Security Management Service service to connect.
 
Error: (05/21/2018 07:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PC Security Management Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/21/2018 07:02:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PC Security Management Service service to connect.
 
Error: (05/21/2018 07:01:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PC Security Management Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/21/2018 07:01:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PC Security Management Service service to connect.
 
Error: (05/21/2018 07:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PC Security Management Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/21/2018 07:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PC Security Management Service service to connect.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-21 19:24:23.138
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 19:24:23.118
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 19:21:32.358
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RHAP9EE\CE FIXED\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 19:21:32.347
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RHAP9EE\CE FIXED\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 19:21:29.708
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RBGM5HM\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 19:21:29.696
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RBGM5HM\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 18:08:43.075
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RHAP9EE\CE FIXED\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-21 18:08:43.064
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-858333344-3013912580-3231274367-1000\$RHAP9EE\CE FIXED\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 67%
Total physical RAM: 4094.49 MB
Available physical RAM: 1326.82 MB
Total Virtual: 8187.18 MB
Available Virtual: 4857.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.48 GB) (Free:54.79 GB) NTFS
Drive d: () (Fixed) (Total:151.51 GB) (Free:117.78 GB) NTFS
 
\\?\Volume{33b07ec0-250c-11e8-ad00-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2F172F16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 28 May 2018 - 08:24 AM

Hi,

Windows Firewall is disabled.

Turn ON your Firewall Windows.
https://support.microsoft.com/en-us/instantanswers/c9955ad9-1239-4cb2-988c-982f851617ed/turn-windows-firewall-on-or-off
---

Remove this program in bold via the Control Panel > Programs > Programs and Features.
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 17.7.52+patch.11 - DriverPack Solution)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
() C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [340480 2015-12-18] ()
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Run: [GoogleChromeAutoLaunch_6709F82A1B9CE0C87D38B120E14A02E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-05-15] (Google Inc.)
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va066; \??\C:\Windows\SysWOW64\Drivers\X6va066 [X]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {7C505BB2-12F6-434D-B841-A8492AD9C8A6} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
FirewallRules: [TCP Query User{8C0C3BB5-FB9D-4A00-8CEA-1FC3F7832834}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block) C:\users\mariss\appdata\local\temp\winwxwcyu.exe
FirewallRules: [UDP Query User{1FF0EFC3-F93D-436E-B2A6-47774C34C401}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block)

C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\Wndows\System32\Tasks\DriverPack Notifier
C:\Program Files (x86)\DriverPack Notifier
C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\Users\mariss\AppData\Local\Temp\owclh.exe
C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
C:\Users\mariss\AppData\Local\Temp\winjuovth.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
--

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists with this computer.

#5 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 30 May 2018 - 12:04 AM

Okay first of all, Here's the "fixlog".txt you asked for, 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by mariss (30-05-2018 10:33:46) Run:1
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss & UpdatusUser (Available Profiles: mariss & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
() C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [340480 2015-12-18] ()
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Run: [GoogleChromeAutoLaunch_6709F82A1B9CE0C87D38B120E14A02E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-05-15] (Google Inc.)
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va066; \??\C:\Windows\SysWOW64\Drivers\X6va066 [X]
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {7C505BB2-12F6-434D-B841-A8492AD9C8A6} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
FirewallRules: [TCP Query User{8C0C3BB5-FB9D-4A00-8CEA-1FC3F7832834}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block) C:\users\mariss\appdata\local\temp\winwxwcyu.exe
FirewallRules: [UDP Query User{1FF0EFC3-F93D-436E-B2A6-47774C34C401}C:\users\mariss\appdata\local\temp\winwxwcyu.exe] => (Block)
 
C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\Wndows\System32\Tasks\DriverPack Notifier
C:\Program Files (x86)\DriverPack Notifier
C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\users\mariss\appdata\local\temp\winwxwcyu.exe
C:\Users\mariss\AppData\Local\Temp\owclh.exe
C:\Users\mariss\AppData\Local\Temp\wineswwv.exe
C:\Users\mariss\AppData\Local\Temp\winjuovth.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\mariss\AppData\Local\Temp\wineswwv.exe => Could not close process
C:\Users\mariss\AppData\Local\Temp\winjuovth.exe => Could not close process
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DriverPack Notifier" => not found
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6709F82A1B9CE0C87D38B120E14A02E4" => not found
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va066" => removed successfully
X6va066 => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C505BB2-12F6-434D-B841-A8492AD9C8A6} => not found
"C:\Windows\System32\Tasks\DriverPack Notifier" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverPack Notifier => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8C0C3BB5-FB9D-4A00-8CEA-1FC3F7832834}C:\users\mariss\appdata\local\temp\winwxwcyu.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1FF0EFC3-F93D-436E-B2A6-47774C34C401}C:\users\mariss\appdata\local\temp\winwxwcyu.exe" => not found
"C:\users\mariss\appdata\local\temp\winwxwcyu.exe" => not found
"C:\Wndows\System32\Tasks\DriverPack Notifier" => not found
C:\Program Files (x86)\DriverPack Notifier => moved successfully
"C:\users\mariss\appdata\local\temp\winwxwcyu.exe" => not found
"C:\users\mariss\appdata\local\temp\winwxwcyu.exe" => not found
"C:\Users\mariss\AppData\Local\Temp\owclh.exe" => not found
"C:\Users\mariss\AppData\Local\Temp\wineswwv.exe" => not found
"C:\Users\mariss\AppData\Local\Temp\winjuovth.exe" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31791403 B
Java, Flash, Steam htmlcache => 65080299 B
Windows/system/drivers => 5720189 B
Edge => 0 B
Chrome => 787355230 B
Firefox => 35974173 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
mariss => 3392976747 B
UpdatusUser => 0 B
 
RecycleBin => 5104269486 B
EmptyTemp: => 8.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:37:06 ====

After I fixed it with Farbar, I can now access my Task Manager and my Regedit, but I didn't stop there. I wanted to be sure and followed everything you just said, here's the Malware Bytes Log file.

 

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 5/30/18
Scan Time: 11:53 AM
Log File: ff4c2a20-63bc-11e8-abc6-00241db2f5a7.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5300
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mariss-PC\mariss
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Cancelled
Objects Scanned: 236744
Threats Detected: 176
Threats Quarantined: 176
Time Elapsed: 47 min, 36 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 11
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DRPNPS, Quarantined, [885], [411166],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D9B57E68-2FDF-4CE9-8F17-90BBC68B3649}, Quarantined, [885], [411166],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{D9B57E68-2FDF-4CE9-8F17-90BBC68B3649}, Quarantined, [885], [411166],1.0.5300
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1001\SOFTWARE\DRPSU, Quarantined, [885], [472301],1.0.5300
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\DRPSU, Quarantined, [885], [472301],1.0.5300
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\drp.su, Quarantined, [885], [472298],1.0.5300
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, Quarantined, [885], [472299],1.0.5300
Adware.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Starter_RASAPI32, Quarantined, [6227], [474059],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\DRPSU, Quarantined, [885], [472300],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU, Quarantined, [885], [472300],1.0.5300
Adware.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Starter_RASMANCS, Quarantined, [6227], [474059],1.0.5300
 
Registry Value: 5
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1001\SOFTWARE\DRPSU|CLIENTID, Quarantined, [885], [472301],1.0.5300
PUP.Optional.DriverPack, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\DRPSU|CLIENTID, Quarantined, [885], [472301],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\DRPSU|CLIENTID, Quarantined, [885], [472300],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID, Quarantined, [885], [472300],1.0.5300
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D9B57E68-2FDF-4CE9-8F17-90BBC68B3649}|PATH, Quarantined, [885], [411164],1.0.5300
 
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [13142], [293294],1.0.5300
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, [13142], [293295],1.0.5300
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, [13142], [293296],1.0.5300
 
Data Stream: 0
(No malicious items detected)
 
Folder: 19
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\triage, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\winext, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\snapshots, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Internet, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\PROGRAMS, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\DRIVERS, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\events, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Logs, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\USERS\MARISS\APPDATA\ROAMING\DRPSU, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\notifier, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\data, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\USERS\MARISS\APPDATA\ROAMING\DRIVERPACK NOTIFIER, Quarantined, [885], [358059],1.0.5300
 
File: 138
PUP.Optional.DriverPack, C:\USERS\MARISS\APPDATA\ROAMING\DRPSU\DIAGNOSTICS\HARDWARE.JSON, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics\drivers.json, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics\newsoft.json, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics\soft.json, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\diagnostics\softchanges.json, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\triage\pooltag.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\triage\triage.ini, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\winext\ext.dll, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\dbgeng.dll, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\dbghelp.dll, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\dumpchk.exe, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\dumpchk\dumpchk.zip, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Internet\WifiInterface.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Internet\Wireless Network Connection-PLDTHOMEFIBRbc160.xml, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Logs\log___2018-03-14-01-47-24.html, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Logs\log___2018-03-14-02-17-27.html, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\Logs\log___2018-03-14-02-39-39.html, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20180314_014749.zip, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20180314_022529.zip, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20180314_024130.zip, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_56544.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\devcon_27511.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\devcon_57600.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\devcon_71934.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\devcon_90282.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\installing_20007.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\installing_44175.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\installing_56544.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\installing_59456.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\installing_77263.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\log_zip_file_27511.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\log_zip_file_57600.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\log_zip_file_71934.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\log_zip_file_90282.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_57600.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_59456.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_61658.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_71934.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_77263.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_89310.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_90282.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_20007.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_27511.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_44175.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_48100.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_5017.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_55286.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_56544.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_57600.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_59456.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_61658.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_71934.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_77263.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_89310.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_log_90282.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_20007.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_27511.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_44175.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_48100.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\wget_finished_55286.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeque8l4.gku5b.ps1, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeque8l4.p6bjz.cmd.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeque8l4.p6bjz.stderr.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeque8l4.p6bjz.stdout.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqvguaz.tpwev.ps1, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqvgub0.6avbi.cmd.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqvgub0.6avbi.stderr.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqvgub0.6avbi.stdout.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqw9f6l.j2vdh.ps1, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqw9f6m.vnbnp.cmd.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqw9f6m.vnbnp.stderr.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqw9f6m.vnbnp.stdout.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqwa97k.8r11n.cmd.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqwa97k.8r11n.stderr.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\ps.jeqwa97k.8r11n.stdout.log, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\run_command_45892.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\run_command_66787.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\taskkill_35331.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\taskkill_43989.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\unzipping_27511.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\unzipping_57600.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\unzipping_71934.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DRPSu\temp\unzipping_90282.txt, Quarantined, [885], [358060],1.0.5300
PUP.Optional.DriverPack, C:\WINDOWS\SYSTEM32\TASKS\DRPNPS, Quarantined, [885], [411166],1.0.5300
Backdoor.Agent.E, C:\PROGRAM FILES (X86)\MICROSOFT\DESKTOPLAYER.EXE, Quarantined, [1566], [363833],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-battery.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\blank.gif, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\close.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\drp.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\file-icon.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-battery-failure.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-celcium.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-chipset.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-cooler.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-danger.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-fire.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-harddrive.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-phone.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-ram.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-security.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-success.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-tip.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-tool.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\gliph-usb.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\icons\loading.gif, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\notifier\64.png, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\notifier\notification.js, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\notifier\notifier.hta, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\main.js, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\run.hta, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\update.js, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\bin\Tools\wget.exe, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\data\driverpack-new-program-useful.json, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\data\fileassociation.json, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\log_monitoring_detect_running_steam_file_1.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\log_monitoring_temp_steam_file.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jequw3ct.uwl5f.cmd.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jequw3ct.uwl5f.stderr.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jequw3ct.uwl5f.stdout.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgj5pvi9.el6o9.cmd.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgj5pvi9.el6o9.stderr.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgj5pvi9.el6o9.stdout.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgovhwgl.4osrn.cmd.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgovhwgl.4osrn.stderr.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgovhwgl.4osrn.stdout.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgqax2jr.t0ly5.cmd.txt, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgqax2jr.t0ly5.stderr.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\temp\ps.jgqax2jr.t0ly5.stdout.log, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\DriverPackNotifier.exe, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\Icon.ico, Quarantined, [885], [358059],1.0.5300
PUP.Optional.DriverPack, C:\Users\mariss\AppData\Roaming\DriverPack Notifier\Uninstall.exe, Quarantined, [885], [358059],1.0.5300
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Quarantined, [14629], [514914],0.0.0
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14629], [514914],1.0.5300
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14629], [514914],1.0.5300
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14629], [514914],1.0.5300
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14629], [514914],1.0.5300
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

And here's AdwCleaner[C00]

 

# -------------------------------

# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-29.2
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-30-2018
# Duration: 00:00:03
# OS:       Windows 7 Ultimate
# Cleaned:  9
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\mariss\Documents\TotalAV
Deleted       C:\Program Files (x86)\GameClub Launcher
Deleted       C:\ProgramData\iWin
 
***** [ Files ] *****
 
Deleted       C:\Users\mariss\Desktop\Gameclub Philippines.url
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\Software\Wow6432Node\MYGAME
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBD9FAD7-F782-4548-B00F-E612322950F6}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
Deleted       ?????????? ????????
 
***** [ Firefox URLs ] *****
 
Not Deleted   suggests.go.mail.ru
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

And here's the AdwCleaner[S00]

 

# -------------------------------

# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-29.2
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-30-2018
# Duration: 00:00:33
# OS:       Windows 7 Ultimate
# Scanned:  40921
# Detected: 10
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\Users\mariss\Documents\TotalAV
PUP.Optional.Legacy             C:\Program Files (x86)\GameClub Launcher
PUP.Optional.Legacy             C:\ProgramData\iWin
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\Users\mariss\Desktop\Gameclub Philippines.url
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\MYGAME
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBD9FAD7-F782-4548-B00F-E612322950F6}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.Legacy             ?????????? ????????
 
***** [ Firefox URLs ] *****
 
PUP.Optional.Legacy             suggests.go.mail.ru
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

 

I think my computer is doing fine now after all what I did since my PC is twice faster than before.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 30 May 2018 - 06:38 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users