Jump to content

nadnal

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

 Content Type 

Everything posted by nadnal

  1. nadnal
    FRST.txt Fixlog.txt
  2. nadnal
    ^+1
  3. nadnal
    "yet" Don't be impatient and don't be self-concerned. Be grateful that someone cares to help. This is what late stage capitalism gets you, by the way, all powerful corporations that don't do stuff until it may affect their bottom dollar, leaving consumers like you and me out to dry because we don't matter today or tomorrow or until the problem gets big enough that it can't be ignored.
  4. nadnal
  5. nadnal
    I'm having trouble understanding. But I should be able to access WinRE now because of that first FRST fix?
  6. nadnal
    Boot in the Recovery Environment Plug your USB Flash Drive in the infected computer To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below: Restart the computer Should this be in a different order? as well as I'm not able to get into WinRE But Ill email the fixlist to myself and put it on my clean flash when I get to my work computer. Thank you
  7. nadnal
    Fixlog 2.txt
  8. nadnal
    It doesn't seem like it, and I don't want to risk getting the flashdrive dirty. Shift and restarts were a no, F12 is busted, F9 brought me into systems as normal so I can change my fan speed if that helps. I've never had to deal with cutting edge malware like this and it's terrible to be up against an information wall and not be able to figure it out myself.
  9. nadnal
    I can't figure out how to edit it. Is it lemke or golly? FRST.txt
  10. nadnal
    :[ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018 Ran by nadnal (administrator) on DESKTOP-HC54M1G (09-01-2018 18:09:06) Running from C:\Users\nadnal\Downloads Loaded Profiles: nadnal (Available Profiles: nadnal & kd6-3.7) Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\System32\tincouksvc.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\KMS-R@1n.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\dsdtrgn.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe () C:\Users\nadnal\AppData\Local\dtkpmrl\iakhzgo.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe () C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17652344 2017-06-26] (Logitech Inc.) HKLM\...\Run: [iTunesHelper] => "B:\iTunesHelper.exe" HKLM\...\Run: [finks] => "C:\Program Files (x86)\Patentable\lemke.exe" HKLM\...\Run: [finkspoor] => "C:\Program Files (x86)\anschutz\golly.exe" HKLM\...\Run: [finksfinks] => "C:\Program Files (x86)\Stine\lemke.exe" HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [finances] => "C:\Program Files (x86)\Patentable\lemke.exe" HKLM-x32\...\Run: [financesdendron] => "C:\Program Files (x86)\anschutz\golly.exe" HKLM-x32\...\Run: [financesfinances] => "C:\Program Files (x86)\Stine\lemke.exe" HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-19] (Intel) HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [1061680 2018-01-07] (Webroot) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Spotify] => C:\Users\nadnal\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-30] (Spotify Ltd) HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Steam] => "B:\steam\steam.exe" -silent HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-03-18] (Microsoft Corporation) HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [uTorrent] => C:\Users\nadnal\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.) HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste Esports Accelerator\Haste.exe [3228968 2017-12-06] (Thalonet, Inc. dba Haste) HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Spotify Web Helper] => C:\Users\nadnal\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-30] (Spotify Ltd) HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendron] => "C:\Program Files (x86)\Patentable\lemke.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendronfinances] => "C:\Program Files (x86)\anschutz\golly.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendrondendron] => "C:\Program Files (x86)\Stine\lemke.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poor] => "C:\Program Files (x86)\Patentable\lemke.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poorfinks] => "C:\Program Files (x86)\anschutz\golly.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poorpoor] => "C:\Program Files (x86)\Stine\lemke.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [lebrun] => "C:\Program Files (x86)\davydov\lebrun.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [perjure] => "C:\Program Files (x86)\Patentable\lemke.exe" HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2017-07-17] ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File) Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anatomic.lnk [2018-01-04] ShortcutTarget: anatomic.lnk -> C:\Program Files (x86)\Patentable\lemke.exe (No File) Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anatomicanatomic.lnk [2018-01-04] ShortcutTarget: anatomicanatomic.lnk -> C:\Program Files (x86)\anschutz\golly.exe (No File) Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-09-22] ShortcutTarget: Twitch.lnk -> C:\Users\nadnal\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.200.1 Tcpip\..\Interfaces\{5af61b51-75dc-4543-864b-c4339a3afe95}: [NameServer] 82.163.143.174,82.163.142.176 Tcpip\..\Interfaces\{5af61b51-75dc-4543-864b-c4339a3afe95}: [DhcpNameServer] 192.168.200.1 Tcpip\..\Interfaces\{fed54187-62e6-11e7-bb79-806e6f6e6963}: [NameServer] 8.8.8.8 Internet Explorer: ================== BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-01-07] (Webroot) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-09] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-01-07] (Webroot) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-09] (Oracle Corporation) FireFox: ======== FF DefaultProfile: zsbvht08.default FF ProfilePath: C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default [2018-01-09] FF Homepage: Mozilla\Firefox\Profiles\zsbvht08.default -> hxxps://www.google.com/ FF NewTabOverride: Mozilla\Firefox\Profiles\zsbvht08.default -> Enabled: "id":"{3c53fae8-7f6e-4c86-b595-43f97766b977 FF NewTabOverride: Mozilla\Firefox\Profiles\zsbvht08.default -> Disabled: newtaboverride@agenedia.com FF Extension: (Dark Background and Light Text) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\jid1-QoFqdK4qzUfGWQ@jetpack.xpi [2017-11-15] FF Extension: (Reddit Enhancement Suite) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-11-14] FF Extension: (New Tab Override) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\newtaboverride@agenedia.com.xpi [2017-12-12] FF Extension: (Pioneer Enrollment) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2017-12-09] [Legacy] FF Extension: (uBlock Origin) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15] FF Extension: (Dark Mode) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{174b2d58-b983-4501-ab4b-07e71203cb43}.xpi [2017-12-14] FF Extension: (Black New Tab) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{3c53fae8-7f6e-4c86-b595-43f97766b977}.xpi [2017-12-12] FF Extension: (Stylish - Custom themes for any website) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-12-12] FF Extension: (Disable JavaScript Shared Memory) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\features\{7bf64db7-be77-49c4-b6cb-573d6ee3730e}\disable-js-shared-memory@mozilla.org.xpi [2018-01-05] [Legacy] FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2018-01-07] FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: (Webroot Filtering Extension - XUL/XPCOM) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2018-01-07] [Legacy] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-07] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default [2018-01-08] CHR Extension: (Slides) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-07] CHR Extension: (Docs) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07] CHR Extension: (Google Drive) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-07] CHR Extension: (YouTube) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-07] CHR Extension: (Sheets) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07] CHR Extension: (Google Docs Offline) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-07] CHR Extension: (Webroot Filtering Extension) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-01-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-07] CHR Extension: (Gmail) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-07] CHR Extension: (Chrome Media Router) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-07] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxp://reddit.com/" OPR Extension: (Reddit Enhancement Suite) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfdcmdcpehpkengmkhkbpifajmbhfgae [2017-09-22] OPR Extension: (Dark Skin for Youtube™) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmbefbhbhjgnjbegmnhmakmmldnfogcd [2017-08-29] OPR Extension: (uBlock Origin) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-01-04] OPR Extension: (Adblock Plus) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\csrmxh <==== ATTENTION (Rootkit!) S2 ab5d988e61f63d05b2ae52dff2836335; C:\Windows\ab5d988e61f63d05b2ae52dff2836335.dll [972288 2018-01-04] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 HasteUEService; C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe [1787688 2017-12-06] (Thalonet, Inc. (dba Haste)) R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-07-07] () [File not signed] R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-26] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-10-13] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002720 2017-10-13] (Electronic Arts) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [1061680 2018-01-07] (Webroot) S2 gXuhN3YdrMJa Updater; C:\Program Files (x86)\gXuhN3YdrMJa Updater\gXuhN3YdrMJa Updater.exe [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [X] <==== ATTENTION S3 wpscloudsvr; "B:\nadnal\Kingsoft Office\wpscloudsvr.exe" LocalService [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices, Inc) R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33120 2017-05-12] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices) R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. ) U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-06-26] (Logitech Inc.) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-07] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-09] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-09] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-09] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-08] (Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek ) R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation) R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2018-01-04] (Basil) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [127760 2018-01-07] (Webroot) R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67024 2018-01-07] (Webroot) S1 24c6e3dc6d6c7c7d1de0ff24f8051b3e; \??\C:\Windows\system32\drivers\24c6e3dc6d6c7c7d1de0ff24f8051b3e.sys [X] R3 jmpswz; system32\drivers\pswzcf.sys [X] S0 oWGJkjeP; System32\drivers\oWGJkjeP.sys [X] S3 RivaTuner64; \??\C:\Users\nadnal\Desktop\zeldazelda\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X] U0 SR; no ImagePath U2 srservice; no ImagePath S0 UtvoBAwh; System32\drivers\UtvoBAwh.sys [X] S3 wzcfjm; system32\drivers\cfimps.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 18:09 - 2018-01-09 18:09 - 000021530 _____ C:\Users\nadnal\Downloads\FRST.txt 2018-01-09 18:09 - 2018-01-09 18:09 - 000000000 ____D C:\FRST 2018-01-09 18:07 - 2018-01-09 18:07 - 002393088 _____ (Farbar) C:\Users\nadnal\Downloads\FRST64.exe 2018-01-09 17:03 - 2018-01-09 17:03 - 000142672 ____N C:\Windows\system32\Drivers\svrknqux.sys 2018-01-09 09:32 - 2018-01-09 09:33 - 000839996 _____ C:\Windows\Minidump\010918-455125-01.dmp 2018-01-09 09:32 - 2018-01-09 09:32 - 3639161408 _____ C:\Windows\MEMORY.DMP 2018-01-08 19:54 - 2018-01-08 20:30 - 000000000 ____D C:\Windows\system32\Drivers\wd 2018-01-07 18:47 - 2018-01-07 18:47 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\kFChCVAd.sys 2018-01-07 17:51 - 2018-01-07 17:51 - 000000202 _____ C:\Users\nadnal\Desktop\Deceit.url 2018-01-07 14:03 - 2018-01-07 14:03 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Google 2018-01-07 12:48 - 2018-01-07 12:48 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-01-07 12:48 - 2018-01-07 12:48 - 000002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-01-07 12:48 - 2018-01-07 12:48 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-07 12:48 - 2018-01-07 12:48 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-07 12:48 - 2018-01-07 12:48 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-01-07 12:48 - 2018-01-07 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-01-07 12:48 - 2018-01-07 12:48 - 000000000 ____D C:\Program Files\CCleaner 2018-01-07 12:46 - 2018-01-07 13:22 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-01-07 12:46 - 2018-01-07 13:22 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-01-07 12:45 - 2018-01-07 12:56 - 000000000 ____D C:\Users\nadnal\AppData\Local\Google 2018-01-07 12:45 - 2018-01-07 12:48 - 000000000 ____D C:\Program Files (x86)\Google 2018-01-07 12:43 - 2018-01-07 12:43 - 011203696 _____ (Piriform Ltd) C:\Users\kd6-3.7\Desktop\ccsetup538pro.exe 2018-01-07 12:35 - 2018-01-07 13:20 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\CrashDumps 2018-01-07 12:35 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\DBG 2018-01-07 11:48 - 2018-01-09 09:32 - 000000000 ____D C:\Windows\Minidump 2018-01-07 10:42 - 2018-01-07 10:42 - 000000000 ____D C:\Users\kd6-3.7\Documents\League of Legends 2018-01-07 10:42 - 2018-01-07 10:42 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\CEF 2018-01-07 10:35 - 2018-01-07 10:35 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\KKxlMcMc.sys 2018-01-07 10:24 - 2018-01-07 10:24 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Comms 2018-01-07 10:21 - 2018-01-07 10:21 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2196192277-3204217356-2237211829-1002 2018-01-07 10:20 - 2018-01-07 10:21 - 000002380 _____ C:\Users\kd6-3.7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-01-07 10:20 - 2018-01-07 10:21 - 000000000 ___RD C:\Users\kd6-3.7\OneDrive 2018-01-07 10:16 - 2018-01-09 17:11 - 000182192 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2018-01-07 10:16 - 2018-01-09 17:11 - 000114672 _____ (Webroot) C:\Windows\system32\WRusr.dll 2018-01-07 10:16 - 2018-01-08 15:54 - 000000000 ____D C:\ProgramData\WRData 2018-01-07 10:16 - 2018-01-07 10:16 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2018-01-07 10:16 - 2018-01-07 10:16 - 000067024 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys 2018-01-07 10:16 - 2018-01-07 10:16 - 000000000 ____D C:\Program Files\Common Files\Webroot 2018-01-07 10:16 - 2018-01-07 10:16 - 000000000 ____D C:\Program Files (x86)\Webroot 2018-01-07 10:15 - 2018-01-07 10:15 - 001061680 _____ (Webroot) C:\Users\kd6-3.7\Desktop\0cabcntme538f43b4315.exe 2018-01-07 10:13 - 2018-01-07 10:13 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\MicrosoftEdge 2018-01-07 10:08 - 2018-01-07 10:08 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Logitech 2018-01-07 10:06 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Publishers 2018-01-07 10:05 - 2018-01-07 10:08 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\zargmvx 2018-01-07 10:05 - 2018-01-07 10:05 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\VirtualStore 2018-01-07 10:05 - 2018-01-07 10:05 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\cwhptdk 2018-01-07 10:04 - 2018-01-07 13:28 - 000000000 ____D C:\Users\kd6-3.7 2018-01-07 10:04 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Packages 2018-01-07 10:04 - 2018-01-07 10:04 - 000000020 ___SH C:\Users\kd6-3.7\ntuser.ini 2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Roaming\Adobe 2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\TileDataLayer 2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\ConnectedDevicesPlatform 2018-01-07 08:06 - 2018-01-07 08:06 - 000039816 _____ C:\Windows\uninstaller.dat 2018-01-07 01:08 - 2018-01-09 17:12 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-01-07 01:08 - 2018-01-07 01:08 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-01-07 01:08 - 2018-01-07 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-01-07 01:08 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-01-07 01:07 - 2018-01-07 01:07 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2018-01-07 00:54 - 2018-01-07 00:55 - 042151072 _____ (Microsoft Corporation) C:\Users\nadnal\Downloads\Windows-KB890830-x64-V5.55.exe 2018-01-06 23:37 - 2018-01-06 23:38 - 004468000 _____ (Microsoft Corporation) C:\Users\nadnal\Downloads\Setup.X86.en-us_O365ProPlusRetail_02711010-e0c1-49ad-882a-39a871f40fe2_TX_PR_b_64_.exe 2018-01-06 23:28 - 2018-01-06 23:40 - 000000000 ____D C:\AdwCleaner 2018-01-06 23:24 - 2018-01-06 23:24 - 008198432 _____ (Malwarebytes) C:\Users\nadnal\Downloads\adwcleaner_7.0.6.0.exe 2018-01-06 23:17 - 2018-01-09 17:12 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-01-06 23:17 - 2018-01-09 17:12 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-01-06 23:17 - 2018-01-08 19:56 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-01-06 23:17 - 2018-01-07 01:08 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-01-06 23:17 - 2018-01-07 01:08 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-01-06 23:17 - 2018-01-06 23:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-01-06 23:14 - 2018-01-06 23:16 - 083316440 _____ (Malwarebytes ) C:\Users\nadnal\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2018-01-06 23:07 - 2018-01-06 23:07 - 000000000 ____D C:\Windows\pss 2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\Users\nadnal\AppData\Local\RadeonInstaller 2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\Program Files\AMD 2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\AMD 2018-01-06 22:59 - 2018-01-06 23:00 - 041035960 _____ (AMD Inc.) C:\Users\nadnal\Downloads\radeon-software-adrenalin-17.12.2-minimalsetup-171219_web.exe 2018-01-06 22:59 - 2018-01-06 23:00 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant 2018-01-06 22:59 - 2018-01-06 22:59 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 2018-01-06 22:59 - 2018-01-06 22:59 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon 2018-01-06 22:59 - 2018-01-06 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant 2018-01-06 22:58 - 2018-01-06 22:59 - 000002690 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK 2018-01-06 22:58 - 2018-01-06 22:59 - 000000000 ____D C:\ProgramData\Intel 2018-01-06 22:58 - 2018-01-06 22:58 - 000000000 ____D C:\Program Files\Intel 2018-01-06 22:58 - 2017-12-07 23:29 - 000041512 _____ C:\Windows\system32\Drivers\semav6msr64.sys 2018-01-06 22:55 - 2018-01-06 22:57 - 013840800 _____ (Intel) C:\Users\nadnal\Downloads\Intel Driver and Support Assistant Installer.exe 2018-01-06 21:06 - 2018-01-09 17:03 - 085983232 _____ C:\Windows\system32\config\SOFTWARE 2018-01-06 13:01 - 2018-01-06 13:01 - 000625776 _____ C:\Users\nadnal\Downloads\JOI Alert Message.wav 2018-01-05 18:06 - 2018-01-06 23:57 - 000005554 _____ C:\Windows\system32\PerfStringBackup.TMP 2018-01-05 17:59 - 2018-01-05 17:59 - 000255904 _____ C:\Windows\system32\FNTCACHE.DAT 2018-01-05 04:10 - 2018-01-06 21:04 - 000000000 ____D C:\Windows\Microsoft Antimalware 2018-01-05 01:08 - 2018-01-05 01:08 - 000000000 ___SD C:\Windows\UpdateAssistantV2 2018-01-04 21:44 - 2018-01-08 08:35 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\uTorrent 2018-01-04 20:20 - 2018-01-04 20:20 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\AVAST Software 2018-01-04 20:18 - 2018-01-04 20:18 - 000003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-01-04 20:18 - 2018-01-04 20:18 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\ProgramData\SWCUTemp 2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2018-01-04 20:17 - 2018-01-04 20:17 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-01-04 20:17 - 2018-01-04 20:17 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-01-04 20:17 - 2018-01-04 20:17 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-01-04 20:12 - 2018-01-08 09:18 - 000000000 ____D C:\Users\nadnal\AppData\Local\vdowsue 2018-01-04 20:08 - 2018-01-04 20:08 - 000000000 ____D C:\Program Files\AVAST Software 2018-01-04 20:07 - 2018-01-04 20:07 - 001611944 _____ (Secure Download Ltd. ) C:\Users\nadnal\Downloads\KMSpico_patch 2018-01-04 20:06 - 2018-01-04 20:06 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys 2018-01-04 20:05 - 2018-01-09 18:07 - 000000000 ____D C:\Users\nadnal\AppData\Local\dsdtrgn 2018-01-04 20:05 - 2018-01-04 20:08 - 000000000 ____D C:\Users\nadnal\AppData\Local\dtkpmrl 2018-01-04 20:04 - 2018-01-09 17:11 - 002888192 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tincouksvc.exe 2018-01-04 20:04 - 2018-01-04 20:04 - 000021604 _____ C:\Windows\System32\Tasks\gXuhN3YdrMJa 2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Windows\SysWOW64\msiwzex 2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Windows\system32\msiwzex 2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\et 2018-01-04 20:03 - 2018-01-04 20:03 - 000000020 _____ C:\Windows\b46026946 2018-01-04 20:02 - 2018-01-04 20:02 - 000972288 _____ C:\Windows\ab5d988e61f63d05b2ae52dff2836335.dll 2018-01-04 19:53 - 2018-01-04 19:53 - 000003396 _____ C:\Windows\System32\Tasks\AutoKMSCustom 2018-01-04 19:41 - 2018-01-04 21:58 - 000000000 ____D C:\Windows\KMSServerService 2018-01-04 19:30 - 2018-01-07 19:53 - 000000000 ____D C:\Windows\AutoKMS 2018-01-04 19:15 - 2018-01-04 19:15 - 000000000 ____D C:\ProgramData\Microsoft Toolkit 2018-01-01 20:22 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2018-01-01 20:22 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2018-01-01 20:22 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2018-01-01 20:22 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2018-01-01 20:22 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2018-01-01 20:22 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2018-01-01 20:22 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2018-01-01 20:22 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2018-01-01 20:22 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2018-01-01 18:54 - 2018-01-01 18:54 - 000001443 _____ C:\Users\nadnal\Desktop\TheyAreBillions - Shortcut.lnk 2017-12-28 22:08 - 2017-12-28 22:08 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\League of Geeks 2017-12-28 16:31 - 2017-12-28 16:31 - 000000202 _____ C:\Users\nadnal\Desktop\Armello.url 2017-12-22 14:43 - 2017-12-22 15:18 - 1350501064 _____ C:\Users\nadnal\Downloads\【癒しBGM・作業用BGM】 ジブリオーケストラ メドレー Studio Ghibli Concert.mp4 2017-12-22 14:27 - 2017-12-22 14:34 - 277894037 _____ C:\Users\nadnal\Downloads\Studio Ghibli [Tributes Mix].mp4 2017-12-18 21:05 - 2017-12-18 21:09 - 073809754 _____ C:\Users\nadnal\Downloads\Vanilla - Origin (Full Album).mp4 2017-12-16 10:30 - 2017-12-16 10:40 - 270127857 _____ C:\Users\nadnal\Downloads\Lost in the future (Vaporwave - beats - electronic mix).mp4 2017-12-12 23:02 - 2017-12-12 23:02 - 000000000 ____D C:\Windows.old 2017-12-12 22:37 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-12-12 22:37 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-12-12 22:37 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe 2017-12-12 22:37 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-12-12 22:37 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-12-12 22:37 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2017-12-12 22:37 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2017-12-12 22:37 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2017-12-12 22:37 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-12-12 22:37 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-12-12 22:37 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-12-12 22:37 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2017-12-12 22:37 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2017-12-12 22:37 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-12-12 22:37 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-12-12 22:37 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-12-12 22:37 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-12-12 22:37 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2017-12-12 22:37 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2017-12-12 22:37 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2017-12-12 22:37 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-12-12 22:37 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2017-12-12 22:37 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-12-12 22:37 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-12-12 22:37 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-12-12 22:37 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2017-12-12 22:37 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll 2017-12-12 22:37 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2017-12-12 22:37 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll 2017-12-12 22:37 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx 2017-12-12 22:37 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-12-12 22:37 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-12-12 22:37 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll 2017-12-12 22:37 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-12-12 22:37 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2017-12-12 22:37 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2017-12-12 22:37 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-12-12 22:37 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-12-12 22:37 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2017-12-12 22:37 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2017-12-12 22:37 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2017-12-12 22:37 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-12-12 22:37 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-12-12 22:37 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-12-12 22:37 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll 2017-12-12 22:37 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-12-12 22:37 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-12-12 22:37 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-12-12 22:37 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2017-12-12 22:37 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-12-12 22:37 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-12-12 22:37 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-12-12 22:37 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-12-12 22:37 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-12-12 22:37 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-12-12 22:37 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-12-12 22:37 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2017-12-12 22:37 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe 2017-12-12 22:37 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-12-12 22:37 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll 2017-12-12 22:37 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-12-12 22:37 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2017-12-12 22:37 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll 2017-12-12 22:37 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-12-12 22:37 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-12-12 22:37 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2017-12-12 22:37 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-12-12 22:37 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-12-12 22:37 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-12-12 22:37 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 18:06 - 2017-11-14 16:12 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\Mozilla 2018-01-09 18:05 - 2017-07-07 01:36 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-01-09 17:37 - 2017-03-18 15:51 - 000000000 ____D C:\Windows\CbsTemp 2018-01-09 17:11 - 2017-07-07 11:30 - 000000000 ____D C:\ProgramData\NVIDIA 2018-01-09 17:11 - 2017-07-07 01:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-09 17:03 - 2017-03-18 06:40 - 067371008 _____ C:\Windows\system32\config\HARDWARE 2018-01-09 16:54 - 2017-03-18 06:40 - 001572864 _____ C:\Windows\system32\config\BBI 2018-01-09 09:20 - 2017-07-07 11:44 - 000000000 ____D C:\Users\nadnal\AppData\Local\Battle.net 2018-01-09 06:24 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-09 06:24 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\AppReadiness 2018-01-08 21:33 - 2017-07-07 11:59 - 000000000 ____D C:\Program Files (x86)\Blizzard App 2018-01-08 19:55 - 2017-03-18 06:40 - 000032768 _____ C:\Windows\system32\config\ELAM 2018-01-08 19:53 - 2017-07-07 02:01 - 000000000 ____D C:\Users\nadnal 2018-01-08 19:17 - 2017-07-07 20:36 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\uTorrent 2018-01-07 22:50 - 2017-07-31 22:07 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\vlc 2018-01-07 21:12 - 2017-08-31 17:53 - 000000000 ____D C:\Users\nadnal\Desktop\August=September 2018-01-07 13:21 - 2017-07-08 23:45 - 000000000 ____D C:\Users\nadnal\AppData\Local\CrashDumps 2018-01-07 13:21 - 2017-07-07 02:36 - 000000000 ____D C:\Windows\Panther 2018-01-07 13:21 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\LiveKernelReports 2018-01-07 13:21 - 2017-03-18 16:01 - 000000000 ____D C:\Windows\INF 2018-01-07 10:05 - 2017-07-07 02:02 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-01-07 00:56 - 2017-10-10 19:00 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-01-07 00:55 - 2017-07-07 13:11 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-01-06 22:58 - 2017-07-10 18:45 - 000000000 ____D C:\ProgramData\Package Cache 2018-01-05 18:29 - 2017-09-22 18:19 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Twitch 2018-01-05 01:08 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\system32\oobe 2018-01-04 21:49 - 2017-07-28 23:27 - 000000410 __RSH C:\ProgramData\ntuser.pol 2018-01-04 21:00 - 2017-11-14 16:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-01-04 20:18 - 2017-07-08 11:11 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys 2018-01-04 20:17 - 2017-07-08 10:59 - 000000000 ____D C:\ProgramData\AVAST Software 2018-01-04 20:06 - 2017-11-14 16:12 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2018-01-04 20:06 - 2017-11-14 16:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-01-03 00:50 - 2017-07-10 19:41 - 000000000 ____D C:\Users\nadnal\AppData\Local\Spotify 2018-01-02 19:54 - 2017-07-10 19:39 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Spotify 2018-01-01 17:36 - 2017-07-10 19:20 - 000000000 ____D C:\Users\nadnal\Documents\My Games 2017-12-26 16:28 - 2017-07-07 11:22 - 000004214 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1499444529 2017-12-26 16:28 - 2017-07-07 11:22 - 000001384 _____ C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2017-12-20 23:35 - 2017-09-14 01:20 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-12-20 23:35 - 2017-09-14 01:20 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-17 19:37 - 2017-08-17 17:26 - 000000000 ____D C:\Users\nadnal\AppData\Local\HearthstoneDeckTracker 2017-12-17 19:37 - 2017-08-17 17:18 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim 2017-12-17 19:37 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Local\SquirrelTemp 2017-12-16 10:43 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\discord 2017-12-14 06:27 - 2017-07-07 02:01 - 000000000 ____D C:\Users\nadnal\AppData\Local\Packages 2017-12-13 10:03 - 2017-07-07 13:11 - 000000000 ____D C:\Windows\system32\MRT 2017-12-13 09:48 - 2017-11-15 21:32 - 000034293 _____ C:\Windows\diagwrn.xml 2017-12-13 09:48 - 2017-11-15 21:32 - 000034293 _____ C:\Windows\diagerr.xml 2017-12-13 08:51 - 2017-09-29 10:05 - 000000000 ___HD C:\$WINDOWS.~BT 2017-12-13 08:51 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\registration 2017-12-11 18:23 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Local\Discord 2017-12-10 12:18 - 2017-08-17 17:18 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\HearthstoneDeckTracker ==================== Files in the root of some directories ======= 2017-09-28 15:11 - 2017-09-28 15:11 - 001065984 _____ () C:\Users\nadnal\AppData\Local\file__0.localstorage 2017-09-22 16:40 - 2017-09-22 16:40 - 000007595 _____ () C:\Users\nadnal\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\svrknqux.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION LastRegBack: 2018-01-03 02:52 ==================== End of FRST.txt ============================
  11. nadnal
    Thank you kindly! Hopefully you don't hear from me again in this thread ;]
  12. nadnal
    Gotcha, I'm totally in the dark as to how SmartService operates. I'll see what I can do when I get home [around 5pm EST] and I will promptly report back here. Thank you! ps. Out of curiosity: FRST is run on the infected pc, the logs are reviewed, and then FRST is run again on the infected pc in order to grant access to WinRE - where FRST is run a third and final time?
  13. nadnal
    Hey, I have a laptop I can use when I get home as a clean spare pc, so everything should work out. I seem hasty because the spring semester started yesterday and having a home pc is critical. Take your time and get back to me when you can, I follow directions well. And I'm sorry if I seem impatient.
  14. nadnal
    Great. Well, I have FRST on my flash drive, as well as a new windows boot from windows media creation tool. I'm aware of getting into WinRE as well as opening my flash drive [:I] and running the FRST.exe. Would the next concurrent step be to post the log file here in order to get my fixlist? and can I do that, and the following steps, from my infected pc?
  15. nadnal
    Which is to say; help me create my own fixlist so I don't have to wait to come back here tomorrow.
  16. nadnal
    Hey there, I think I have the SmartSerive malware. Is there any way I can skip the steps and get to the fixlist by replacing the folders to be fixed with the names of the specific folders in my App data? I'm speaking of the folders names 'dsntgb' and the like that I do not have permission to access [despite being admin.] and are the file location for the Windows Process Managers that are eating up my CPU? I only ask because my spare PC is at work, and my home PC is infected. Waiting a day to post logs would be an inconvenience when I think I'm tech literate enough to compensate. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.