nadnal
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by nadnal
-
-
-
"yet"
Don't be impatient and don't be self-concerned. Be grateful that someone cares to help.
This is what late stage capitalism gets you, by the way, all powerful corporations that don't do stuff until it may affect their bottom dollar, leaving consumers like you and me out to dry because we don't matter today or tomorrow or until the problem gets big enough that it can't be ignored. -
-
I'm having trouble understanding.
But I should be able to access WinRE now because of that first FRST fix? -
Boot in the Recovery Environment
- Plug your USB Flash Drive in the infected computer
-
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
- Restart the computer
Should this be in a different order?
as well as I'm not able to get into WinRE
But Ill email the fixlist to myself and put it on my clean flash when I get to my work computer.
Thank you -
-
It doesn't seem like it, and I don't want to risk getting the flashdrive dirty.
Shift and restarts were a no, F12 is busted, F9 brought me into systems as normal so I can change my fan speed if that helps.
I've never had to deal with cutting edge malware like this and it's terrible to be up against an information wall and not be able to figure it out myself.
-
I can't figure out how to edit it.
Is it lemke or golly? -
:[
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by nadnal (administrator) on DESKTOP-HC54M1G (09-01-2018 18:09:06)
Running from C:\Users\nadnal\Downloads
Loaded Profiles: nadnal (Available Profiles: nadnal & kd6-3.7)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\System32\tincouksvc.exe
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\KMS-R@1n.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\dsdtrgn.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
() C:\Users\nadnal\AppData\Local\dtkpmrl\iakhzgo.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
() C:\Users\nadnal\AppData\Local\dsdtrgn\scehzap.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17652344 2017-06-26] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => "B:\iTunesHelper.exe"
HKLM\...\Run: [finks] => "C:\Program Files (x86)\Patentable\lemke.exe"
HKLM\...\Run: [finkspoor] => "C:\Program Files (x86)\anschutz\golly.exe"
HKLM\...\Run: [finksfinks] => "C:\Program Files (x86)\Stine\lemke.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [finances] => "C:\Program Files (x86)\Patentable\lemke.exe"
HKLM-x32\...\Run: [financesdendron] => "C:\Program Files (x86)\anschutz\golly.exe"
HKLM-x32\...\Run: [financesfinances] => "C:\Program Files (x86)\Stine\lemke.exe"
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-19] (Intel)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [1061680 2018-01-07] (Webroot)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Spotify] => C:\Users\nadnal\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-30] (Spotify Ltd)
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Steam] => "B:\steam\steam.exe" -silent
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [uTorrent] => C:\Users\nadnal\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste Esports Accelerator\Haste.exe [3228968 2017-12-06] (Thalonet, Inc. dba Haste)
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [Spotify Web Helper] => C:\Users\nadnal\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-30] (Spotify Ltd)
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendron] => "C:\Program Files (x86)\Patentable\lemke.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendronfinances] => "C:\Program Files (x86)\anschutz\golly.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [dendrondendron] => "C:\Program Files (x86)\Stine\lemke.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poor] => "C:\Program Files (x86)\Patentable\lemke.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poorfinks] => "C:\Program Files (x86)\anschutz\golly.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [poorpoor] => "C:\Program Files (x86)\Stine\lemke.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [lebrun] => "C:\Program Files (x86)\davydov\lebrun.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [perjure] => "C:\Program Files (x86)\Patentable\lemke.exe"
HKU\S-1-5-21-2196192277-3204217356-2237211829-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2017-07-17]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File)
Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anatomic.lnk [2018-01-04]
ShortcutTarget: anatomic.lnk -> C:\Program Files (x86)\Patentable\lemke.exe (No File)
Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anatomicanatomic.lnk [2018-01-04]
ShortcutTarget: anatomicanatomic.lnk -> C:\Program Files (x86)\anschutz\golly.exe (No File)
Startup: C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-09-22]
ShortcutTarget: Twitch.lnk -> C:\Users\nadnal\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{5af61b51-75dc-4543-864b-c4339a3afe95}: [NameServer] 82.163.143.174,82.163.142.176
Tcpip\..\Interfaces\{5af61b51-75dc-4543-864b-c4339a3afe95}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{fed54187-62e6-11e7-bb79-806e6f6e6963}: [NameServer] 8.8.8.8Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-01-07] (Webroot)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-01-07] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-09] (Oracle Corporation)FireFox:
========
FF DefaultProfile: zsbvht08.default
FF ProfilePath: C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default [2018-01-09]
FF Homepage: Mozilla\Firefox\Profiles\zsbvht08.default -> hxxps://www.google.com/
FF NewTabOverride: Mozilla\Firefox\Profiles\zsbvht08.default -> Enabled: "id":"{3c53fae8-7f6e-4c86-b595-43f97766b977
FF NewTabOverride: Mozilla\Firefox\Profiles\zsbvht08.default -> Disabled: newtaboverride@agenedia.com
FF Extension: (Dark Background and Light Text) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\jid1-QoFqdK4qzUfGWQ@jetpack.xpi [2017-11-15]
FF Extension: (Reddit Enhancement Suite) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-11-14]
FF Extension: (New Tab Override) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\newtaboverride@agenedia.com.xpi [2017-12-12]
FF Extension: (Pioneer Enrollment) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2017-12-09] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Extension: (Dark Mode) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{174b2d58-b983-4501-ab4b-07e71203cb43}.xpi [2017-12-14]
FF Extension: (Black New Tab) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{3c53fae8-7f6e-4c86-b595-43f97766b977}.xpi [2017-12-12]
FF Extension: (Stylish - Custom themes for any website) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-12-12]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\nadnal\AppData\Roaming\Mozilla\Firefox\Profiles\zsbvht08.default\features\{7bf64db7-be77-49c4-b6cb-573d6ee3730e}\disable-js-shared-memory@mozilla.org.xpi [2018-01-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2018-01-07]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension - XUL/XPCOM) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2018-01-07] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)Chrome:
=======
CHR Profile: C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default [2018-01-08]
CHR Extension: (Slides) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-07]
CHR Extension: (Docs) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07]
CHR Extension: (Google Drive) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-07]
CHR Extension: (YouTube) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-07]
CHR Extension: (Sheets) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-07]
CHR Extension: (Webroot Filtering Extension) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-07]
CHR Extension: (Gmail) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\nadnal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-07]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crxOpera:
=======
OPR StartupUrls: "hxxp://reddit.com/"
OPR Extension: (Reddit Enhancement Suite) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfdcmdcpehpkengmkhkbpifajmbhfgae [2017-09-22]
OPR Extension: (Dark Skin for Youtube™) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmbefbhbhjgnjbegmnhmakmmldnfogcd [2017-08-29]
OPR Extension: (uBlock Origin) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-01-04]
OPR Extension: (Adblock Plus) - C:\Users\nadnal\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-28]==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKLM\SYSTEM\CurrentControlSet\Services\csrmxh <==== ATTENTION (Rootkit!)
S2 ab5d988e61f63d05b2ae52dff2836335; C:\Windows\ab5d988e61f63d05b2ae52dff2836335.dll [972288 2018-01-04] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 HasteUEService; C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe [1787688 2017-12-06] (Thalonet, Inc. (dba Haste))
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-07-07] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-26] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-10-13] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002720 2017-10-13] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [1061680 2018-01-07] (Webroot)
S2 gXuhN3YdrMJa Updater; C:\Program Files (x86)\gXuhN3YdrMJa Updater\gXuhN3YdrMJa Updater.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [X] <==== ATTENTION
S3 wpscloudsvr; "B:\nadnal\Kingsoft Office\wpscloudsvr.exe" LocalService [X]===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33120 2017-05-12] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-06-26] (Logitech Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-09] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-08] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2018-01-04] (Basil)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [127760 2018-01-07] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67024 2018-01-07] (Webroot)
S1 24c6e3dc6d6c7c7d1de0ff24f8051b3e; \??\C:\Windows\system32\drivers\24c6e3dc6d6c7c7d1de0ff24f8051b3e.sys [X]
R3 jmpswz; system32\drivers\pswzcf.sys [X]
S0 oWGJkjeP; System32\drivers\oWGJkjeP.sys [X]
S3 RivaTuner64; \??\C:\Users\nadnal\Desktop\zeldazelda\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S0 UtvoBAwh; System32\drivers\UtvoBAwh.sys [X]
S3 wzcfjm; system32\drivers\cfimps.sys [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-09 18:09 - 2018-01-09 18:09 - 000021530 _____ C:\Users\nadnal\Downloads\FRST.txt
2018-01-09 18:09 - 2018-01-09 18:09 - 000000000 ____D C:\FRST
2018-01-09 18:07 - 2018-01-09 18:07 - 002393088 _____ (Farbar) C:\Users\nadnal\Downloads\FRST64.exe
2018-01-09 17:03 - 2018-01-09 17:03 - 000142672 ____N C:\Windows\system32\Drivers\svrknqux.sys
2018-01-09 09:32 - 2018-01-09 09:33 - 000839996 _____ C:\Windows\Minidump\010918-455125-01.dmp
2018-01-09 09:32 - 2018-01-09 09:32 - 3639161408 _____ C:\Windows\MEMORY.DMP
2018-01-08 19:54 - 2018-01-08 20:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-01-07 18:47 - 2018-01-07 18:47 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\kFChCVAd.sys
2018-01-07 17:51 - 2018-01-07 17:51 - 000000202 _____ C:\Users\nadnal\Desktop\Deceit.url
2018-01-07 14:03 - 2018-01-07 14:03 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Google
2018-01-07 12:48 - 2018-01-07 12:48 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-01-07 12:48 - 2018-01-07 12:48 - 000002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-01-07 12:48 - 2018-01-07 12:48 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 12:48 - 2018-01-07 12:48 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-07 12:48 - 2018-01-07 12:48 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-07 12:48 - 2018-01-07 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-01-07 12:48 - 2018-01-07 12:48 - 000000000 ____D C:\Program Files\CCleaner
2018-01-07 12:46 - 2018-01-07 13:22 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-07 12:46 - 2018-01-07 13:22 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-07 12:45 - 2018-01-07 12:56 - 000000000 ____D C:\Users\nadnal\AppData\Local\Google
2018-01-07 12:45 - 2018-01-07 12:48 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-07 12:43 - 2018-01-07 12:43 - 011203696 _____ (Piriform Ltd) C:\Users\kd6-3.7\Desktop\ccsetup538pro.exe
2018-01-07 12:35 - 2018-01-07 13:20 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\CrashDumps
2018-01-07 12:35 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\DBG
2018-01-07 11:48 - 2018-01-09 09:32 - 000000000 ____D C:\Windows\Minidump
2018-01-07 10:42 - 2018-01-07 10:42 - 000000000 ____D C:\Users\kd6-3.7\Documents\League of Legends
2018-01-07 10:42 - 2018-01-07 10:42 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\CEF
2018-01-07 10:35 - 2018-01-07 10:35 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\KKxlMcMc.sys
2018-01-07 10:24 - 2018-01-07 10:24 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Comms
2018-01-07 10:21 - 2018-01-07 10:21 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2196192277-3204217356-2237211829-1002
2018-01-07 10:20 - 2018-01-07 10:21 - 000002380 _____ C:\Users\kd6-3.7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-07 10:20 - 2018-01-07 10:21 - 000000000 ___RD C:\Users\kd6-3.7\OneDrive
2018-01-07 10:16 - 2018-01-09 17:11 - 000182192 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2018-01-07 10:16 - 2018-01-09 17:11 - 000114672 _____ (Webroot) C:\Windows\system32\WRusr.dll
2018-01-07 10:16 - 2018-01-08 15:54 - 000000000 ____D C:\ProgramData\WRData
2018-01-07 10:16 - 2018-01-07 10:16 - 000127760 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2018-01-07 10:16 - 2018-01-07 10:16 - 000067024 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2018-01-07 10:16 - 2018-01-07 10:16 - 000000000 ____D C:\Program Files\Common Files\Webroot
2018-01-07 10:16 - 2018-01-07 10:16 - 000000000 ____D C:\Program Files (x86)\Webroot
2018-01-07 10:15 - 2018-01-07 10:15 - 001061680 _____ (Webroot) C:\Users\kd6-3.7\Desktop\0cabcntme538f43b4315.exe
2018-01-07 10:13 - 2018-01-07 10:13 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\MicrosoftEdge
2018-01-07 10:08 - 2018-01-07 10:08 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Logitech
2018-01-07 10:06 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Publishers
2018-01-07 10:05 - 2018-01-07 10:08 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\zargmvx
2018-01-07 10:05 - 2018-01-07 10:05 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\VirtualStore
2018-01-07 10:05 - 2018-01-07 10:05 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\cwhptdk
2018-01-07 10:04 - 2018-01-07 13:28 - 000000000 ____D C:\Users\kd6-3.7
2018-01-07 10:04 - 2018-01-07 12:35 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\Packages
2018-01-07 10:04 - 2018-01-07 10:04 - 000000020 ___SH C:\Users\kd6-3.7\ntuser.ini
2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Roaming\Adobe
2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\TileDataLayer
2018-01-07 10:04 - 2018-01-07 10:04 - 000000000 ____D C:\Users\kd6-3.7\AppData\Local\ConnectedDevicesPlatform
2018-01-07 08:06 - 2018-01-07 08:06 - 000039816 _____ C:\Windows\uninstaller.dat
2018-01-07 01:08 - 2018-01-09 17:12 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-07 01:08 - 2018-01-07 01:08 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 01:08 - 2018-01-07 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 01:08 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-07 01:07 - 2018-01-07 01:07 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-07 00:54 - 2018-01-07 00:55 - 042151072 _____ (Microsoft Corporation) C:\Users\nadnal\Downloads\Windows-KB890830-x64-V5.55.exe
2018-01-06 23:37 - 2018-01-06 23:38 - 004468000 _____ (Microsoft Corporation) C:\Users\nadnal\Downloads\Setup.X86.en-us_O365ProPlusRetail_02711010-e0c1-49ad-882a-39a871f40fe2_TX_PR_b_64_.exe
2018-01-06 23:28 - 2018-01-06 23:40 - 000000000 ____D C:\AdwCleaner
2018-01-06 23:24 - 2018-01-06 23:24 - 008198432 _____ (Malwarebytes) C:\Users\nadnal\Downloads\adwcleaner_7.0.6.0.exe
2018-01-06 23:17 - 2018-01-09 17:12 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-06 23:17 - 2018-01-09 17:12 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-06 23:17 - 2018-01-08 19:56 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-06 23:17 - 2018-01-07 01:08 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-06 23:17 - 2018-01-07 01:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-06 23:17 - 2018-01-06 23:17 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-06 23:14 - 2018-01-06 23:16 - 083316440 _____ (Malwarebytes ) C:\Users\nadnal\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-06 23:07 - 2018-01-06 23:07 - 000000000 ____D C:\Windows\pss
2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\Users\nadnal\AppData\Local\RadeonInstaller
2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\Program Files\AMD
2018-01-06 23:02 - 2018-01-06 23:02 - 000000000 ____D C:\AMD
2018-01-06 22:59 - 2018-01-06 23:00 - 041035960 _____ (AMD Inc.) C:\Users\nadnal\Downloads\radeon-software-adrenalin-17.12.2-minimalsetup-171219_web.exe
2018-01-06 22:59 - 2018-01-06 23:00 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-01-06 22:59 - 2018-01-06 22:59 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-01-06 22:59 - 2018-01-06 22:59 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-01-06 22:59 - 2018-01-06 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-01-06 22:58 - 2018-01-06 22:59 - 000002690 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-01-06 22:58 - 2018-01-06 22:59 - 000000000 ____D C:\ProgramData\Intel
2018-01-06 22:58 - 2018-01-06 22:58 - 000000000 ____D C:\Program Files\Intel
2018-01-06 22:58 - 2017-12-07 23:29 - 000041512 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2018-01-06 22:55 - 2018-01-06 22:57 - 013840800 _____ (Intel) C:\Users\nadnal\Downloads\Intel Driver and Support Assistant Installer.exe
2018-01-06 21:06 - 2018-01-09 17:03 - 085983232 _____ C:\Windows\system32\config\SOFTWARE
2018-01-06 13:01 - 2018-01-06 13:01 - 000625776 _____ C:\Users\nadnal\Downloads\JOI Alert Message.wav
2018-01-05 18:06 - 2018-01-06 23:57 - 000005554 _____ C:\Windows\system32\PerfStringBackup.TMP
2018-01-05 17:59 - 2018-01-05 17:59 - 000255904 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-05 04:10 - 2018-01-06 21:04 - 000000000 ____D C:\Windows\Microsoft Antimalware
2018-01-05 01:08 - 2018-01-05 01:08 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2018-01-04 21:44 - 2018-01-08 08:35 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\uTorrent
2018-01-04 20:20 - 2018-01-04 20:20 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\AVAST Software
2018-01-04 20:18 - 2018-01-04 20:18 - 000003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-04 20:18 - 2018-01-04 20:18 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-04 20:18 - 2018-01-04 20:18 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-04 20:17 - 2018-01-04 20:17 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-04 20:17 - 2018-01-04 20:17 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-04 20:17 - 2018-01-04 20:17 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-04 20:12 - 2018-01-08 09:18 - 000000000 ____D C:\Users\nadnal\AppData\Local\vdowsue
2018-01-04 20:08 - 2018-01-04 20:08 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-04 20:07 - 2018-01-04 20:07 - 001611944 _____ (Secure Download Ltd. ) C:\Users\nadnal\Downloads\KMSpico_patch
2018-01-04 20:06 - 2018-01-04 20:06 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
2018-01-04 20:05 - 2018-01-09 18:07 - 000000000 ____D C:\Users\nadnal\AppData\Local\dsdtrgn
2018-01-04 20:05 - 2018-01-04 20:08 - 000000000 ____D C:\Users\nadnal\AppData\Local\dtkpmrl
2018-01-04 20:04 - 2018-01-09 17:11 - 002888192 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tincouksvc.exe
2018-01-04 20:04 - 2018-01-04 20:04 - 000021604 _____ C:\Windows\System32\Tasks\gXuhN3YdrMJa
2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Windows\SysWOW64\msiwzex
2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Windows\system32\msiwzex
2018-01-04 20:04 - 2018-01-04 20:04 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\et
2018-01-04 20:03 - 2018-01-04 20:03 - 000000020 _____ C:\Windows\b46026946
2018-01-04 20:02 - 2018-01-04 20:02 - 000972288 _____ C:\Windows\ab5d988e61f63d05b2ae52dff2836335.dll
2018-01-04 19:53 - 2018-01-04 19:53 - 000003396 _____ C:\Windows\System32\Tasks\AutoKMSCustom
2018-01-04 19:41 - 2018-01-04 21:58 - 000000000 ____D C:\Windows\KMSServerService
2018-01-04 19:30 - 2018-01-07 19:53 - 000000000 ____D C:\Windows\AutoKMS
2018-01-04 19:15 - 2018-01-04 19:15 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2018-01-01 20:22 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2018-01-01 20:22 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2018-01-01 20:22 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2018-01-01 20:22 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-01-01 20:22 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2018-01-01 20:22 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-01-01 20:22 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-01-01 20:22 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-01-01 20:22 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-01-01 18:54 - 2018-01-01 18:54 - 000001443 _____ C:\Users\nadnal\Desktop\TheyAreBillions - Shortcut.lnk
2017-12-28 22:08 - 2017-12-28 22:08 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\League of Geeks
2017-12-28 16:31 - 2017-12-28 16:31 - 000000202 _____ C:\Users\nadnal\Desktop\Armello.url
2017-12-22 14:43 - 2017-12-22 15:18 - 1350501064 _____ C:\Users\nadnal\Downloads\【癒しBGM・作業用BGM】 ジブリオーケストラ メドレー Studio Ghibli Concert.mp4
2017-12-22 14:27 - 2017-12-22 14:34 - 277894037 _____ C:\Users\nadnal\Downloads\Studio Ghibli [Tributes Mix].mp4
2017-12-18 21:05 - 2017-12-18 21:09 - 073809754 _____ C:\Users\nadnal\Downloads\Vanilla - Origin (Full Album).mp4
2017-12-16 10:30 - 2017-12-16 10:40 - 270127857 _____ C:\Users\nadnal\Downloads\Lost in the future (Vaporwave - beats - electronic mix).mp4
2017-12-12 23:02 - 2017-12-12 23:02 - 000000000 ____D C:\Windows.old
2017-12-12 22:37 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-12-12 22:37 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-12-12 22:37 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-12-12 22:37 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-12-12 22:37 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-12 22:37 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-12-12 22:37 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 22:37 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-12-12 22:37 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-12 22:37 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-12-12 22:37 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 22:37 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-12-12 22:37 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-12-12 22:37 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-12-12 22:37 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-12 22:37 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-12 22:37 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-12 22:37 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-12 22:37 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-12-12 22:37 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2017-12-12 22:37 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-12-12 22:37 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-12-12 22:37 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-12-12 22:37 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 22:37 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-12-12 22:37 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-12 22:37 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2017-12-12 22:37 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-12-12 22:37 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-12 22:37 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-12 22:37 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-12-12 22:37 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-12-12 22:37 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2017-12-12 22:37 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-12 22:37 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2017-12-12 22:37 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-12 22:37 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-12 22:37 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-12 22:37 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-12 22:37 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-12 22:37 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-12 22:37 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-12 22:37 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 22:37 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-12-12 22:37 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-12-12 22:37 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-12-12 22:37 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-12-12 22:37 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-12-12 22:37 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-12-12 22:37 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-12 22:37 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-12-12 22:37 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-12 22:37 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-12 22:37 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-12 22:37 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-12 22:37 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-12 22:37 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-12-12 22:37 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2017-12-12 22:37 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-12-12 22:37 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2017-12-12 22:37 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-12-12 22:37 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-12-12 22:37 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-12-12 22:37 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-12-12 22:37 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-12-12 22:37 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-12-12 22:37 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-12-12 22:37 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-12-12 22:37 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-12-12 22:37 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-09 18:06 - 2017-11-14 16:12 - 000000000 ____D C:\Users\nadnal\AppData\LocalLow\Mozilla
2018-01-09 18:05 - 2017-07-07 01:36 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-09 17:37 - 2017-03-18 15:51 - 000000000 ____D C:\Windows\CbsTemp
2018-01-09 17:11 - 2017-07-07 11:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-09 17:11 - 2017-07-07 01:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-09 17:03 - 2017-03-18 06:40 - 067371008 _____ C:\Windows\system32\config\HARDWARE
2018-01-09 16:54 - 2017-03-18 06:40 - 001572864 _____ C:\Windows\system32\config\BBI
2018-01-09 09:20 - 2017-07-07 11:44 - 000000000 ____D C:\Users\nadnal\AppData\Local\Battle.net
2018-01-09 06:24 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-09 06:24 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\AppReadiness
2018-01-08 21:33 - 2017-07-07 11:59 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-01-08 19:55 - 2017-03-18 06:40 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-01-08 19:53 - 2017-07-07 02:01 - 000000000 ____D C:\Users\nadnal
2018-01-08 19:17 - 2017-07-07 20:36 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\uTorrent
2018-01-07 22:50 - 2017-07-31 22:07 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\vlc
2018-01-07 21:12 - 2017-08-31 17:53 - 000000000 ____D C:\Users\nadnal\Desktop\August=September
2018-01-07 13:21 - 2017-07-08 23:45 - 000000000 ____D C:\Users\nadnal\AppData\Local\CrashDumps
2018-01-07 13:21 - 2017-07-07 02:36 - 000000000 ____D C:\Windows\Panther
2018-01-07 13:21 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-07 13:21 - 2017-03-18 16:01 - 000000000 ____D C:\Windows\INF
2018-01-07 10:05 - 2017-07-07 02:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-07 00:56 - 2017-10-10 19:00 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-07 00:55 - 2017-07-07 13:11 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-06 22:58 - 2017-07-10 18:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-05 18:29 - 2017-09-22 18:19 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Twitch
2018-01-05 01:08 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\system32\oobe
2018-01-04 21:49 - 2017-07-28 23:27 - 000000410 __RSH C:\ProgramData\ntuser.pol
2018-01-04 21:00 - 2017-11-14 16:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-04 20:18 - 2017-07-08 11:11 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2018-01-04 20:17 - 2017-07-08 10:59 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-04 20:06 - 2017-11-14 16:12 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-04 20:06 - 2017-11-14 16:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-03 00:50 - 2017-07-10 19:41 - 000000000 ____D C:\Users\nadnal\AppData\Local\Spotify
2018-01-02 19:54 - 2017-07-10 19:39 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Spotify
2018-01-01 17:36 - 2017-07-10 19:20 - 000000000 ____D C:\Users\nadnal\Documents\My Games
2017-12-26 16:28 - 2017-07-07 11:22 - 000004214 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1499444529
2017-12-26 16:28 - 2017-07-07 11:22 - 000001384 _____ C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-20 23:35 - 2017-09-14 01:20 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-20 23:35 - 2017-09-14 01:20 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-17 19:37 - 2017-08-17 17:26 - 000000000 ____D C:\Users\nadnal\AppData\Local\HearthstoneDeckTracker
2017-12-17 19:37 - 2017-08-17 17:18 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-12-17 19:37 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Local\SquirrelTemp
2017-12-16 10:43 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\discord
2017-12-14 06:27 - 2017-07-07 02:01 - 000000000 ____D C:\Users\nadnal\AppData\Local\Packages
2017-12-13 10:03 - 2017-07-07 13:11 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 09:48 - 2017-11-15 21:32 - 000034293 _____ C:\Windows\diagwrn.xml
2017-12-13 09:48 - 2017-11-15 21:32 - 000034293 _____ C:\Windows\diagerr.xml
2017-12-13 08:51 - 2017-09-29 10:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-13 08:51 - 2017-03-18 16:03 - 000000000 ____D C:\Windows\registration
2017-12-11 18:23 - 2017-08-05 14:48 - 000000000 ____D C:\Users\nadnal\AppData\Local\Discord
2017-12-10 12:18 - 2017-08-17 17:18 - 000000000 ____D C:\Users\nadnal\AppData\Roaming\HearthstoneDeckTracker==================== Files in the root of some directories =======
2017-09-28 15:11 - 2017-09-28 15:11 - 001065984 _____ () C:\Users\nadnal\AppData\Local\file__0.localstorage
2017-09-22 16:40 - 2017-09-22 16:40 - 000007595 _____ () C:\Users\nadnal\AppData\Local\Resmon.ResmonCfg==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\svrknqux.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTIONLastRegBack: 2018-01-03 02:52
==================== End of FRST.txt ============================
-
Thank you kindly!
Hopefully you don't hear from me again in this thread ;] -
Gotcha, I'm totally in the dark as to how SmartService operates.
I'll see what I can do when I get home [around 5pm EST] and I will promptly report back here.
Thank you!
ps. Out of curiosity: FRST is run on the infected pc, the logs are reviewed, and then FRST is run again on the infected pc in order to grant access to WinRE - where FRST is run a third and final time? -
Hey,
I have a laptop I can use when I get home as a clean spare pc, so everything should work out.
I seem hasty because the spring semester started yesterday and having a home pc is critical.
Take your time and get back to me when you can, I follow directions well. And I'm sorry if I seem impatient. -
Great.
Well, I have FRST on my flash drive, as well as a new windows boot from windows media creation tool.
I'm aware of getting into WinRE as well as opening my flash drive [:I] and running the FRST.exe.
Would the next concurrent step be to post the log file here in order to get my fixlist? and can I do that, and the following steps, from my infected pc? -
Which is to say; help me create my own fixlist so I don't have to wait to come back here tomorrow.
-
Hey there, I think I have the SmartSerive malware.
Is there any way I can skip the steps and get to the fixlist by replacing the folders to be fixed with the names of the specific folders in my App data?
I'm speaking of the folders names 'dsntgb' and the like that I do not have permission to access [despite being admin.] and are the file location for the Windows Process Managers that are eating up my CPU?
I only ask because my spare PC is at work, and my home PC is infected.
Waiting a day to post logs would be an inconvenience when I think I'm tech literate enough to compensate.
Thanks!
Windows Process Manager 32-bit eating CPU- App data folders un-accessible
in Resolved Malware Removal Logs
Posted · Edited by nadnal
FRST.txt
Fixlog.txt