Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwafe pop up then shouting down my surface pro 3


  • Please log in to reply
50 replies to this topic

#1 zaya14

zaya14

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 05 July 2018 - 07:11 PM

Hey there recently my surface pro 3 has been showing a malwarc pop up then shuting down my surface pro 3. I've quarantined the malware and deleted it multiple times but keeps on piping back up using malwarebytes. Every time I use windows defender it never finishes cleaning up the malware. The malware is called Trojan:Win32/Detrahere!reg. Items: regkeyvalue:HKLM/SYSTEM/CurentControlSet/Network//set_pt

Plz help would really would appreciate it.

Edited by zaya14, 05 July 2018 - 07:22 PM.


BC AdBot (Login to Remove)

 


#2 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 05 July 2018 - 07:18 PM

The people who is runing the malware blocked me from going to this site(I think) anytime I try to go on here it says internet diconected or something else but any other site works??!! Guess whoever's using the malware set it up so I can't go on here after the last shutdown when I tried to post this the 1st time... Using phone to post it now.
So might have to use email for logs,etc

#3 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 05 July 2018 - 08:04 PM

Just tried to go on any other sites to download any anti malware and mostly all blocked saying internet diconected, but can still go on regular sites

Edited by zaya14, 05 July 2018 - 08:05 PM.


#4 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 05 July 2018 - 08:08 PM

Would probably need to go download any applications I would need next time go to the libary(no other computers available)

#5 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:12 AM

I found where the malware are located at computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Network\set_pt in registry editor on my PC and currently in safe mode. Wondering if I can delete them or try to fix them? And when I did a scan with windows defender it showed anouther malware report
Trojan:Win64/Detrahere.S
Items: file:C\WINDOWS\system32\drivers\svcehkor.sys
Which I already found in file explorer so just waiting on what to do now(don't know if their important files, corrupted, or just can del them. Also didn't see them in taskmanger so I can stop from spreading(i think) if I do happen to just need to del both of them.

Edited by zaya14, 06 July 2018 - 01:32 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 PM

Posted 06 July 2018 - 09:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


These files etc... may not be required but what we have to find out what are we dealing with.

If you can Boot to Safe Mode with Networking and download this Farbar program?

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.
===

Make sure you post/attach both files for my review.

#7 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 11:49 AM

Hey there I'm currently in safemode with networking already since yesterday and for some reason whenever I try to go to any sites related to anti malware,etc it shows Internet diconected(including here) like I mentioned before but any other sites not related works fine currently using phone to reply here do to that. so I can't go to the link to download the files needed unless I go to the library sometime to download them. or is it possible to send me the downloaded file directly so I can run the setup via email,etc?

Edited by zaya14, 06 July 2018 - 11:53 AM.


#8 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 12:04 PM

I just went to find Trojan:Win64/Detrahere.S
Items: file:C\WINDOWS\system32\drivers\svcehkor.sys again but its gone???

But Trojan:Win32/Detrahere!reg.
Items: regkeyvalue:HKLM/SYSTEM/CurentControlSet/Network//set_pt is still there.
Was looking for it after I turned back on the computer after leaving my device alone for sec to do something

Edited by zaya14, 06 July 2018 - 12:10 PM.


#9 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 12:17 PM

Gina try to see if I can download the frst thing on my phone then send setup to my PC via USB cable or something. If not gone go to library to get it

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:07 PM

Posted 06 July 2018 - 01:17 PM

Hi,

If you can download the Farbar program to your phone you can also try to mail the FRST program as an Attachment to your Email address.

Save the file on the Control panel or the compromised computer and run it.
Post the logs if you can.

#11 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:21 PM

I tried to send it but it never includes the attachment for the download

#12 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:30 PM

Tried gmail, and onedrive searched how to videos gona try to upload to Google drive then try gmail again

Edited by zaya14, 06 July 2018 - 01:30 PM.


#13 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:37 PM

K got it now downloading

#14 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:48 PM

Shesh im going to keep on sending logs,etc from PC to phone to here. Oh well got nothing else to do

#15 zaya14

zaya14
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 July 2018 - 01:52 PM

Here's frst text

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Surface Pro (administrator) on SURFACE (06-07-2018 14:41:50)
Running from C:\Users\Surface Pro\Downloads
Loaded Profiles: Surface Pro (Available Profiles: Surface Pro & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\sedzoaisvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Surface Pro\Downloads\FRST64(log for system antimalware).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cozyingburj] => "C:\Program Files (x86)\$pfolder2$\$filename2$.exe"
HKLM-x32\...\Run: [shadystepladder] => "C:\Program Files (x86)\$pfolder2$\$filename2$.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3018228859-2850777655-743542002-1001\...\Run: [stepladdershady] => "C:\Program Files (x86)\$pfolder2$\$filename2$.exe"
HKU\S-1-5-21-3018228859-2850777655-743542002-1001\...\Run: [burjcozying] => "C:\Program Files (x86)\$pfolder2$\$filename2$.exe"
HKU\S-1-5-21-3018228859-2850777655-743542002-1001\...\Run: [ewe] => C:\Program Files (x86)\millwall\ewe.exe [75369 2018-01-19] ()
HKU\S-1-5-21-3018228859-2850777655-743542002-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-3018228859-2850777655-743542002-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32930704 2018-06-26] (Epic Games, Inc.)
Startup: C:\Users\Surface Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alternation.lnk [2018-01-19]
ShortcutTarget: alternation.lnk -> C:\Program Files (x86)\Otte\pleasurable.exe (No File)
Startup: C:\Users\Surface Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-01-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Surface Pro\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0E2F6B09-EBC9-4706-AFD4-5555CECCB370}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0E2F6B09-EBC9-4706-AFD4-5555CECCB370}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{707C3BBC-E6DC-4ADF-81A3-C352BA491952}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{71CB9DC4-939E-4402-B4A0-1D85F89E5E47}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
IE Session Restore: HKU\S-1-5-21-3018228859-2850777655-743542002-1001 -> is enabled.

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default [2018-07-06]
CHR Extension: (Google Translate) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-01-23]
CHR Extension: (Slides) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-22]
CHR Extension: (Docs) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]
CHR Extension: (Google Drive) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-22]
CHR Extension: (YouTube) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-22]
CHR Extension: (uBlock Origin) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-03]
CHR Extension: (Block Site - Website Blocker for Chromeâ¢) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-06-14]
CHR Extension: (Full Page Screen Capture) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-07-01]
CHR Extension: (Sheets) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
CHR Extension: (Emoji for Google Chromeâ¢) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2018-05-26]
CHR Extension: (Extensity) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg [2018-06-04]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2018-07-05]
CHR Extension: (Google Mail Checker) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-02-07]
CHR Extension: (Facebook Screen Sharing) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2018-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (FoxClocks) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\obcbigljfpgappaaofailjjoabiikckk [2018-06-04]
CHR Extension: (Gmail) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-30]
CHR Extension: (GeoProxy) - C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooljnboifbodgifngpppfklhifechoe [2018-05-26]
CHR Profile: C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-05]
CHR Profile: C:\Users\Surface Pro\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-05]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\hzcxk <==== ATTENTION (Rootkit!)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-13] (Microsoft Corporation)
S2 WinZip Compression Smart Monitor Service; "C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-19] (Bluestack System Inc. )
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-06] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-07-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
S3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [227840 2014-08-13] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\WINDOWS\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 TrueColor; C:\WINDOWS\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-08-13] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-08-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-08-13] (Microsoft Corporation)
R3 WiFiClass; C:\WINDOWS\system32\DRIVERS\wificlass.sys [420360 2015-11-24] (Microsoft Corporation)
S1 16a59472747c3f9fe35b8bee82ba3baa; \??\C:\WINDOWS\system32\drivers\16a59472747c3f9fe35b8bee82ba3baa.sys [X]
S1 248f1a38b0eb01917a4a5f2079dd5e1f; \??\C:\WINDOWS\system32\drivers\248f1a38b0eb01917a4a5f2079dd5e1f.sys [X]
S1 2c76e6c33982c1dc09b9b9f1219ff94d; \??\C:\WINDOWS\system32\drivers\2c76e6c33982c1dc09b9b9f1219ff94d.sys [X]
S1 3fa694464a0ef7db164b4bc597d5f598; \??\C:\WINDOWS\system32\drivers\3fa694464a0ef7db164b4bc597d5f598.sys [X]
S1 a7fdbbd210f9dccb4c298efb3eb789bf; \??\C:\WINDOWS\system32\drivers\a7fdbbd210f9dccb4c298efb3eb789bf.sys [X]
S1 b42da7dcf5f81abf6480acb402523769; \??\C:\WINDOWS\system32\drivers\b42da7dcf5f81abf6480acb402523769.sys [X]
S1 f367f2548b0a93c598cb246c5b709424; \??\C:\WINDOWS\system32\drivers\f367f2548b0a93c598cb246c5b709424.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 koruyb; system32\drivers\ruxbeh.sys [X]
S1 qzvuhqtv; \??\C:\WINDOWS\system32\drivers\qzvuhqtv.sys [X]
S1 rbskyhbi; \??\C:\WINDOWS\system32\drivers\rbskyhbi.sys [X]
S3 svybfi; system32\drivers\eilloo.sys [X]
S1 zzxohjjs; \??\C:\WINDOWS\system32\drivers\zzxohjjs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-06 14:41 - 2018-07-06 14:42 - 000013684 _____ C:\Users\Surface Pro\Downloads\FRST.txt
2018-07-06 14:41 - 2018-07-06 14:41 - 000000000 ____D C:\FRST
2018-07-06 14:38 - 2018-07-06 14:38 - 002412544 _____ (Farbar) C:\Users\Surface Pro\Downloads\FRST64(log for system antimalware).exe
2018-07-06 14:37 - 2018-07-06 14:37 - 000142672 ____N C:\WINDOWS\system32\Drivers\svcruxae.sys
2018-07-06 13:40 - 2018-07-06 13:46 - 003169948 _____ C:\Users\Surface Pro\Desktop\BlueStacks-Support.zip
2018-07-06 11:12 - 2018-07-06 11:36 - 000000000 _____ C:\Users\Surface Pro\ping
2018-07-06 00:32 - 2018-07-06 00:32 - 000007605 _____ C:\Users\Surface Pro\AppData\Local\Resmon.ResmonCfg
2018-07-05 23:38 - 2018-07-05 23:38 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bbebivid.sys
2018-07-05 23:11 - 2018-07-05 23:11 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ehtauzaq.sys
2018-07-05 14:21 - 2018-07-06 14:04 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-05 13:49 - 2018-07-06 14:37 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-05 13:49 - 2018-07-06 14:37 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-05 13:49 - 2018-07-06 14:37 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-05 13:49 - 2018-07-06 14:04 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-05 13:37 - 2018-07-05 13:48 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-05 13:37 - 2018-07-05 13:37 - 000001850 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-05 13:37 - 2018-07-05 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-05 13:37 - 2018-07-05 13:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-04 21:24 - 2018-07-04 21:24 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Adobe
2018-07-04 21:24 - 2018-07-04 21:24 - 000000000 ____D C:\Users\Surface Pro\AppData\LocalLow\Adobe
2018-07-04 21:24 - 2018-07-04 21:24 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\Adobe
2018-07-04 21:24 - 2018-07-04 21:24 - 000000000 ____D C:\ProgramData\Adobe
2018-06-29 21:20 - 2018-06-29 21:20 - 001130840 _____ (Google Inc.) C:\Users\Surface Pro\Downloads\Chrome_Setup.exe
2018-06-27 23:31 - 2018-06-27 23:31 - 000000000 ____D C:\a3f7d9cb1e967986730b066a
2018-06-27 11:52 - 2018-06-27 11:52 - 000019164 _____ C:\Users\Surface Pro\Downloads\please-wait-file-will-start-automatically.html
2018-06-27 03:05 - 2018-06-27 03:05 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Poser Pro
2018-06-27 02:29 - 2018-06-27 02:29 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Poser
2018-06-27 02:14 - 2018-06-27 02:14 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Queue Manager
2018-06-27 02:14 - 2018-06-27 02:14 - 000000000 ____D C:\ProgramData\Queue Manager
2018-06-27 02:13 - 2018-06-27 02:13 - 000001865 _____ C:\Users\Public\Desktop\Queue Manager 11.lnk
2018-06-27 02:13 - 2018-06-27 02:13 - 000001812 _____ C:\Users\Public\Desktop\Poser 11.lnk
2018-06-27 02:13 - 2018-06-27 02:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2018-06-27 02:11 - 2018-06-27 02:11 - 000000000 ____D C:\Users\Public\Documents\Poser 11 Content
2018-06-27 02:11 - 2018-06-27 02:11 - 000000000 ____D C:\ProgramData\Poser
2018-06-26 23:36 - 2018-06-27 23:28 - 000000000 ____D C:\Users\Surface Pro\Downloads\Compressed
2018-06-26 23:36 - 2018-06-26 23:36 - 000000000 ____D C:\Users\Surface Pro\Downloads\Video
2018-06-26 19:02 - 2018-06-26 19:02 - 000000000 _____ C:\Users\Surface Pro\AppData\Local\{19484A78-7080-4885-8472-DF5623760085}
2018-06-26 12:32 - 2018-06-26 12:32 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-06-26 12:32 - 2018-06-26 12:32 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-06-26 12:32 - 2018-06-26 12:32 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\EpicGamesLauncher
2018-06-26 12:31 - 2018-06-26 13:05 - 000000000 ____D C:\ProgramData\Epic
2018-06-26 12:31 - 2018-06-26 12:31 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-06-20 11:01 - 2018-06-20 11:12 - 434370648 _____ (BlueStack Systems Inc.) C:\Users\Surface Pro\Downloads\BlueStacks-Installer_BS3_native_553786f0493830e2677281c1c2db7ad4.exe
2018-06-20 08:41 - 2018-06-20 08:41 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-06-19 19:29 - 2018-06-19 19:29 - 000000062 _____ C:\Users\Surface Pro\Desktop\wifi passwords.txt
2018-06-19 19:25 - 2018-06-19 19:25 - 000000000 _____ C:\Users\Surface Pro\AppData\Local\{BDB53D8B-C630-4E33-88C4-B7AD7D5AF6CE}
2018-06-16 17:38 - 2018-06-17 07:50 - 000000000 ____D C:\ESD
2018-06-16 17:34 - 2018-06-16 17:34 - 000000000 ___HD C:\$Windows.~WS
2018-06-16 17:34 - 2018-06-16 17:34 - 000000000 ____D C:\$WINDOWS.~BT
2018-06-16 17:12 - 2018-06-16 17:18 - 019119064 _____ (Microsoft Corporation) C:\Users\Surface Pro\Downloads\MediaCreationTool1803.exe
2018-06-14 21:04 - 2018-06-14 21:19 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Citra
2018-06-14 20:55 - 2018-06-14 20:55 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra
2018-06-14 20:45 - 2018-06-14 21:00 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\Citra
2018-06-14 20:41 - 2018-06-14 20:42 - 019701636 _____ C:\Users\Surface Pro\Downloads\citra-setup-windows.exe
2018-06-13 12:49 - 2018-06-13 12:49 - 000000002 _____ C:\Users\Surface Pro\Downloads\89091ddd-cb5e-4098-985f-60d62840c5f8.tmp
2018-06-12 17:17 - 2018-06-12 17:18 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-06-12 17:17 - 2018-06-12 17:17 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\EasyAntiCheat
2018-06-12 11:52 - 2018-06-12 11:52 - 000000000 ____D C:\Users\Surface Pro\Documents\My Games
2018-06-12 11:49 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-06-12 11:49 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-06-12 11:49 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-06-12 11:49 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-06-12 11:49 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-06-12 11:49 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-06-12 11:49 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-06-12 11:49 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-06-12 11:49 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-06-12 11:49 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-06-12 11:49 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-06-12 11:49 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-06-12 11:49 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-06-12 11:49 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-06-12 11:49 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-06-12 11:49 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-06-12 11:49 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-06-12 11:49 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-06-12 11:49 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-06-12 11:49 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-06-12 11:49 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-06-12 11:49 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-06-12 11:49 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-06-12 11:49 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-06-12 11:49 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-06-12 11:49 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-06-12 11:49 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-06-12 11:49 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-06-12 11:49 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-06-12 11:49 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-06-12 11:49 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-06-12 11:49 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-06-12 11:49 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-06-12 11:49 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-06-12 11:49 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-06-12 11:49 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-06-12 11:49 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-06-12 11:49 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-06-12 11:49 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-06-12 11:49 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-06-12 11:49 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-06-12 11:49 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-06-12 11:49 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-06-12 11:49 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-06-12 11:49 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-06-12 11:49 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-06-12 11:49 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-06-12 11:49 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-06-12 11:49 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-06-12 11:49 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-06-12 11:49 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-06-12 11:49 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-06-12 11:49 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-06-12 11:49 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-06-12 11:49 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-06-12 11:49 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-06-12 11:49 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-06-12 11:49 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-06-12 11:49 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-06-12 11:49 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-06-12 11:49 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-06-12 11:49 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-06-12 11:49 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-06-12 11:49 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-06-12 11:49 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-06-12 11:49 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-06-12 11:49 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-06-12 11:49 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-06-12 11:49 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-06-12 11:49 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-06-12 11:49 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-06-12 11:49 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-06-12 11:49 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-06-12 11:49 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-06-12 11:49 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-06-12 11:49 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-06-12 11:49 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-06-12 11:49 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-06-12 11:49 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-06-12 11:49 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-06-12 11:49 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-06-12 11:49 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-06-12 11:49 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-06-12 11:49 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-06-12 11:49 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-06-12 11:49 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-06-12 11:49 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-06-12 11:49 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-06-12 11:49 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-06-12 11:49 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-06-12 11:48 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-06-12 11:48 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-06-12 11:48 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-06-12 11:48 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-06-12 11:48 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-06-12 11:48 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-06-12 11:48 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-06-12 11:48 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-06-12 11:48 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-06-12 11:48 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-06-12 11:48 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-06-12 11:48 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-06-12 11:48 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-06-12 11:48 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-06-12 11:48 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-06-12 11:48 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-06-12 11:48 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-06-12 11:48 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-06-11 21:31 - 2018-06-26 23:51 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-06-11 21:23 - 2018-06-11 21:23 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\Steam
2018-06-11 21:08 - 2018-07-06 14:05 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-11 21:08 - 2018-06-11 21:08 - 000000982 _____ C:\Users\Public\Desktop\Steam.lnk
2018-06-11 21:08 - 2018-06-11 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-06-11 21:05 - 2018-06-11 21:05 - 001573568 _____ C:\Users\Surface Pro\Downloads\SteamSetup.exe
2018-06-10 20:42 - 2018-06-14 15:05 - 000003524 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2018-06-09 20:49 - 2018-06-09 20:49 - 000000852 _____ C:\Users\Surface Pro\AppData\Local\recently-used.xbel
2018-06-09 20:44 - 2018-06-09 20:49 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\gtk-2.0
2018-06-09 20:42 - 2018-06-16 16:19 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\babl-0.1
2018-06-09 20:42 - 2018-06-09 20:42 - 000000000 ____D C:\Users\Surface Pro\AppData\Roaming\GIMP
2018-06-09 20:42 - 2018-06-09 20:42 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\GIMP
2018-06-09 20:42 - 2018-06-09 20:42 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\gegl-0.4
2018-06-09 20:42 - 2018-06-09 20:42 - 000000000 ____D C:\Users\Surface Pro\.cache
2018-06-09 20:40 - 2018-06-09 20:40 - 000002340 _____ C:\Users\Surface Pro\Desktop\Mobile Legends Bang Bang.lnk
2018-06-09 20:16 - 2018-06-09 20:21 - 156710592 _____ (The GIMP Team ) C:\Users\Surface Pro\Downloads\gimp-2.10.2-setup.exe
2018-06-09 19:32 - 2018-06-20 08:43 - 000001563 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-06-09 19:32 - 2018-06-20 08:43 - 000001563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-06-09 19:30 - 2018-06-20 08:43 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-06-09 19:30 - 2018-06-20 08:43 - 000000000 ____D C:\ProgramData\BlueStacks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-06 14:41 - 2014-08-13 21:14 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-06 14:41 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-07-06 14:37 - 2018-01-19 15:39 - 002888192 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sedzoaisvc.exe
2018-07-06 14:37 - 2013-08-22 09:25 - 013369344 _____ C:\WINDOWS\system32\config\HARDWARE
2018-07-06 14:37 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-07-06 14:36 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-06 14:22 - 2018-01-16 14:18 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3018228859-2850777655-743542002-1001
2018-07-06 14:04 - 2018-01-19 15:44 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\CrashDumps
2018-07-06 14:04 - 2018-01-16 11:45 - 000000000 __RDO C:\Users\Surface Pro\OneDrive
2018-07-06 13:33 - 2018-01-16 14:09 - 000000000 ____D C:\Users\Surface Pro
2018-07-06 12:25 - 2018-06-01 09:46 - 000000000 ____D C:\Users\Surface Pro\.android
2018-07-06 10:35 - 2018-01-19 13:23 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\ElevatedDiagnostics
2018-07-06 01:07 - 2018-02-09 19:22 - 000000000 ____D C:\Users\Surface Pro\Desktop\my drawings
2018-07-05 21:47 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-05 21:01 - 2013-08-22 11:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-04 21:27 - 2018-01-21 23:52 - 000000132 _____ C:\Users\Surface Pro\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-07-03 18:11 - 2018-01-19 15:39 - 000000000 ____D C:\Program Files (x86)\fabris
2018-07-01 18:19 - 2018-01-22 20:54 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-01 18:19 - 2018-01-22 20:54 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-01 11:35 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-28 04:42 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-27 03:04 - 2018-01-16 14:12 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\VirtualStore
2018-06-27 02:15 - 2014-08-13 21:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-27 02:11 - 2018-01-16 23:28 - 000000000 ____D C:\Program Files\Smith Micro
2018-06-26 23:59 - 2018-01-22 21:42 - 000000000 ____D C:\Program Files\Epic Games
2018-06-20 11:30 - 2018-04-20 15:52 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\Bluestacks
2018-06-17 05:55 - 2018-01-16 14:09 - 000031802 _____ C:\WINDOWS\diagwrn.xml
2018-06-17 05:55 - 2018-01-16 14:09 - 000026673 _____ C:\WINDOWS\diagerr.xml
2018-06-17 05:55 - 2014-08-13 22:04 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-09 11:34 - 2018-06-02 17:40 - 000001854 _____ C:\Users\Surface
2018-06-09 11:34 - 2018-06-01 09:43 - 000000000 ____D C:\Users\Surface Pro\AppData\Local\Nox
2018-06-09 11:34 - 2018-06-01 09:43 - 000000000 ____D C:\Program Files (x86)\Nox
2018-06-09 11:33 - 2018-06-01 09:44 - 000000000 ____D C:\Users\Surface Pro\vmlogs
2018-06-06 12:28 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\Registration

==================== Files in the root of some directories =======

2018-01-21 23:52 - 2018-07-04 21:27 - 000000132 _____ () C:\Users\Surface Pro\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-06-09 20:49 - 2018-06-09 20:49 - 000000852 _____ () C:\Users\Surface Pro\AppData\Local\recently-used.xbel
2018-07-06 00:32 - 2018-07-06 00:32 - 000007605 _____ () C:\Users\Surface Pro\AppData\Local\Resmon.ResmonCfg
2018-06-26 19:02 - 2018-06-26 19:02 - 000000000 _____ () C:\Users\Surface Pro\AppData\Local\{19484A78-7080-4885-8472-DF5623760085}
2018-04-10 02:39 - 2018-04-10 02:39 - 000000000 _____ () C:\Users\Surface Pro\AppData\Local\{3A2FC71F-D22C-49AE-889A-8EE9FA23C6AF}
2018-04-11 05:42 - 2018-04-11 05:42 - 000000000 _____ () C:\Users\Surface Pro\AppData\Local\{8297613A-8F6B-4288-8002-894D4C7F42BD}
2018-06-19 19:25 - 2018-06-19 19:25 - 000000000 _____ () C:\Users\Surface Pro\AppData\Local\{BDB53D8B-C630-4E33-88C4-B7AD7D5AF6CE}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\svcruxae.sys -> Access Denied <======= ATTENTION


safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION

LastRegBack: 2018-07-03 05:19

==================== End of FRST.txt ============================

Edited by zaya14, 06 July 2018 - 01:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users