Jump to content

Recommended Posts

Hi, 

I appear to have gotten this malware winvmx client and am trying to remove it. I saw in a previous thread that I needed to run farbar recovery scan tool in recovery mode so I have done that and attached that log. I appreciate any and all help.

 

Thanks,

Sean 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by SYSTEM on MININT-RL9Q37C (06-03-2017 10:31:07)
Running from d:\
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-06-08] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] ()
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 LicCtrlService; C:\WINDOWS\runservice.exe [2560 2014-02-22] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5660512 2016-08-16] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755712 2017-02-23] (qdcomsvc Inc.) <==== ATTENTION
S2 Secunia CSI Agent; C:\Program Files (x86)\Secunia\CSI\csia-v6011.exe [674816 2013-07-19] (Secunia)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Sean\AppData\Local\Temp\20170306\ct.exe [724480 2017-02-22] (ct Corp.) <==== ATTENTION <==== ATTENTION
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\DrFone for iOS\DriverInstall.exe [97792 2016-08-06] (Wondershare)
S3 BRSptStub; "C:\ProgramData\BitRaider\BRSptStub.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-22] () <==== ATTENTION
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-18] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 07:08 - 2017-03-06 07:08 - 00000000 ____D C:\Windows\pss
2017-03-06 06:52 - 2017-03-06 06:52 - 02423808 _____ (Farbar) C:\Users\Sean\Downloads\FRST64 (2).exe
2017-03-06 06:49 - 2017-03-06 06:49 - 02423808 _____ (Farbar) C:\Users\Sean\Downloads\FRST64 (1).exe
2017-03-05 23:00 - 2017-03-05 23:00 - 00000000 ____D C:\Program Files (x86)\regtool
2017-03-05 22:50 - 2017-03-05 22:58 - 00005911 _____ C:\Users\Sean\Desktop\Fixlog.txt
2017-03-05 22:50 - 2017-03-05 22:50 - 00001409 _____ C:\Users\Sean\Downloads\fixlist.txt
2017-03-05 22:40 - 2017-03-05 22:46 - 00073968 _____ C:\Users\Sean\Desktop\Addition.txt
2017-03-05 22:36 - 2017-03-05 22:58 - 00000000 ____D C:\FRST
2017-03-05 22:36 - 2017-03-05 22:46 - 00074194 _____ C:\Users\Sean\Desktop\FRST.txt
2017-03-05 22:36 - 2017-03-05 22:36 - 02423808 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2017-03-05 22:36 - 2017-03-05 22:36 - 02423808 _____ (Farbar) C:\Users\Sean\Desktop\FRST64.exe
2017-03-05 22:29 - 2017-03-05 22:28 - 163186720 _____ (Sophos Limited) C:\Users\Sean\Desktop\Sophos Virus Removal Tool.exe
2017-03-05 22:21 - 2017-03-05 22:28 - 163186720 _____ (Sophos Limited) C:\Users\Sean\Downloads\Sophos Virus Removal Tool.exe
2017-03-05 22:05 - 2017-03-05 23:17 - 00000000 ____D C:\AdwCleaner
2017-03-05 22:05 - 2017-03-05 22:05 - 04031440 _____ C:\Users\Sean\Downloads\AdwCleaner.exe
2017-03-05 22:05 - 2017-03-05 22:05 - 04031440 _____ C:\Users\Sean\Desktop\AdwCleaner.exe
2017-03-05 22:04 - 2017-03-05 22:04 - 00001934 _____ C:\Users\Sean\Desktop\JRT.txt
2017-03-05 21:58 - 2017-03-05 21:57 - 01663736 _____ (Malwarebytes) C:\Users\Sean\Desktop\JRT.exe
2017-03-05 21:57 - 2017-03-05 21:57 - 01663736 _____ (Malwarebytes) C:\Users\Sean\Downloads\JRT.exe
2017-03-05 21:21 - 2017-03-06 07:25 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-03-05 21:21 - 2017-03-05 23:01 - 00000000 ____D C:\Users\Sean\AppData\Local\llssoft
2017-03-05 21:13 - 2017-03-05 21:21 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-03-05 21:13 - 2017-03-05 21:13 - 01852928 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-03-05 21:13 - 2017-03-05 21:13 - 00000000 ____D C:\Program Files (x86)\dataup
2017-03-05 21:12 - 2017-03-05 21:12 - 00000000 ____D C:\Users\Sean\AppData\Roaming\c
2017-03-05 21:12 - 2017-03-05 21:12 - 00000000 ____D C:\ProgramData\DivX
2017-03-05 21:12 - 2017-03-05 21:12 - 00000000 ____D C:\ProgramData\1488777171
2017-03-05 21:11 - 2017-03-05 21:11 - 00000000 ____D C:\Users\Sean\Downloads\Avira Antivirus Pro 15.0.22.54 Final Incl License Key
2017-03-05 21:10 - 2017-03-05 21:10 - 00000000 ____D C:\Users\Sean\Downloads\Driver Genius Pro 16.0.0.249 FINAL + Crack
2017-03-05 21:10 - 2017-03-05 21:10 - 00000000 ____D C:\Users\Sean\Downloads\Avast Pro Antivirus - Internet Security - Premier 2016 11.2.272
2017-03-05 17:08 - 2017-03-05 17:08 - 00078163 _____ C:\Users\Sean\Downloads\G107-Short-Essay-02(50)-Digging-Hole.pdf
2017-03-05 17:01 - 2017-03-05 17:01 - 00127297 _____ C:\Users\Sean\Downloads\G107-Short-Essay-02(50)-Earthquakes-1.pdf
2017-03-01 21:32 - 2017-03-01 21:32 - 00532877 _____ C:\Users\Sean\Downloads\SeanMoore_Resume_FederatedInsurance.pdf
2017-03-01 21:32 - 2017-03-01 21:32 - 00526579 _____ C:\Users\Sean\Downloads\SeanMoore_CoverLetter_FederatedInsurance.pdf
2017-03-01 21:23 - 2017-03-05 21:50 - 00001374 _____ C:\Users\Sean\Desktop\Google Chrome.lnk
2017-03-01 20:44 - 2017-03-01 20:44 - 00526818 _____ C:\Users\Sean\Downloads\SeanMoore_CoverLetter_PARNorthAmerica (1).pdf
2017-02-27 19:36 - 2017-02-27 19:36 - 00526818 _____ C:\Users\Sean\Downloads\SeanMoore_CoverLetter_PARNorthAmerica.pdf
2017-02-27 19:36 - 2017-02-27 19:36 - 00515207 _____ C:\Users\Sean\Downloads\SeanMoore_Resume_PARNorthAmerica.pdf
2017-02-27 18:50 - 2017-02-27 18:50 - 01011235 _____ C:\Users\Sean\Downloads\CoverLetter_AshleyShuler_SkirtPR_SummerIntern.pdf
2017-02-27 18:45 - 2017-02-27 18:45 - 00515207 _____ C:\Users\Sean\Downloads\SeanMoore_Resume.pdf
2017-02-27 18:45 - 2017-02-27 18:45 - 00425188 _____ C:\Users\Sean\Downloads\PAR_Account_Coordinator.pdf
2017-02-26 12:35 - 2017-02-26 12:35 - 00405236 _____ C:\Users\Sean\Documents\bipolar.pdf
2017-02-26 09:34 - 2017-02-26 09:34 - 01398460 _____ C:\Users\Sean\Downloads\Video (2).MOV
2017-02-22 14:12 - 2017-02-22 14:12 - 00051784 _____ C:\Windows\System32\Drivers\drmkpro64.sys
2017-02-21 10:49 - 2017-02-21 10:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-02-21 10:49 - 2017-02-21 10:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2017-02-20 12:12 - 2017-02-20 12:12 - 00000000 _____ C:\Users\Sean\Downloads\nunu request.txt
2017-02-19 21:34 - 2017-02-28 09:22 - 00002279 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-02-19 21:34 - 2017-02-19 21:34 - 00003508 _____ C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-02-19 21:34 - 2017-02-19 21:34 - 00003394 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2017-02-19 21:34 - 2017-02-19 21:34 - 00000000 ____D C:\Users\Sean\AppData\Local\WinZip
2017-02-19 21:34 - 2017-02-19 21:34 - 00000000 ____D C:\ProgramData\WinZip
2017-02-19 21:34 - 2017-02-19 21:34 - 00000000 ____D C:\Program Files\WinZip
2017-02-19 21:31 - 2017-02-28 09:22 - 00001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-19 21:31 - 2017-02-19 21:31 - 00000000 ____D C:\Program Files\iTunes
2017-02-19 21:31 - 2017-02-19 21:31 - 00000000 ____D C:\Program Files\iPod
2017-02-19 15:12 - 2017-02-19 15:12 - 00202856 _____ C:\Users\Sean\Downloads\pdf (1).pdf
2017-02-19 15:10 - 2017-02-19 15:10 - 00202856 _____ C:\Users\Sean\Downloads\pdf.pdf
2017-02-19 14:30 - 2017-02-19 14:30 - 01623058 _____ C:\Users\Sean\Downloads\Chapter 4_1-28-17.pptx
2017-02-17 09:26 - 2017-02-28 09:22 - 00001230 _____ C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2017-02-17 09:26 - 2017-02-17 09:26 - 00000000 ____D C:\Users\Sean\AppData\Local\Wondershare
2017-02-17 09:22 - 2017-02-28 09:22 - 00001131 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-17 09:22 - 2016-12-16 05:53 - 00040984 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2017-02-17 09:21 - 2017-02-17 09:26 - 00000000 ____D C:\Users\Sean\Downloads\Wondershare Data Recovery 5.0.0.5 FINAL + Crack [TechTools.net]
2017-02-17 09:21 - 2017-02-17 09:21 - 00000000 ____D C:\Users\Sean\Downloads\Revo Uninstaller Pro 3.1.8 FINAL + Crack [TechTools.ME]
2017-02-17 09:16 - 2017-02-17 09:17 - 14510896 _____ C:\Users\Sean\Downloads\angelica_privata_skype.mp4
2017-02-17 05:05 - 2017-02-17 05:05 - 00029153 _____ C:\ProgramData\agent.1487336728.bdinstall.bin
2017-02-17 05:02 - 2017-02-17 05:02 - 04548521 _____ C:\Users\Sean\Downloads\batman519 (batman519) [2017-02-17 06-23] -LIVE- 1 snack run..mp4
2017-02-16 20:38 - 2017-02-16 20:45 - 59247471 _____ C:\Users\Sean\Downloads\AdrianaDuncan33 - Bath Show Private (1).mp4
2017-02-16 20:38 - 2017-02-16 20:45 - 52743817 _____ C:\Users\Sean\Downloads\adrianaduncan33 (Adriana Duncan) [2016-12-27 09-25] -LIVE- 3 What's your favorite thing to do to a girl (1).mp4
2017-02-15 19:04 - 2017-02-15 19:05 - 00028708 _____ C:\ProgramData\agent.1487214242.bdinstall.bin
2017-02-15 19:01 - 2017-02-15 19:01 - 00047265 _____ C:\ProgramData\agent.1487214067.bdinstall.bin
2017-02-15 19:01 - 2017-02-15 19:01 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-15 19:00 - 2017-02-15 19:00 - 08459976 _____ C:\Users\Sean\Downloads\bitdefender_online.exe
2017-02-15 18:56 - 2017-02-28 09:22 - 00002208 _____ C:\Users\Sean\Desktop\Git Shell.lnk
2017-02-15 18:56 - 2017-02-17 05:24 - 00000000 ____D C:\Users\Sean\AppData\Local\GitHub
2017-02-15 18:56 - 2017-02-15 18:56 - 00000000 ____D C:\Users\Sean\Documents\GitHub
2017-02-15 18:53 - 2017-02-15 18:54 - 00679416 _____ () C:\Users\Sean\Downloads\GitHubSetup.exe
2017-02-15 15:20 - 2017-02-15 15:20 - 00075502 _____ C:\Users\Sean\Downloads\Notes.html
2017-02-15 12:28 - 2017-02-15 12:28 - 00068933 _____ C:\Users\Sean\Downloads\test_bank_for_essentials_of_understanding_abnormal_behavior_3rd_edition_by_sue (1).zip
2017-02-15 06:21 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files\475F6NZ0M3
2017-02-15 05:21 - 2017-02-15 05:21 - 00000000 ____D C:\Program Files\7VKFS2Z8IZ
2017-02-15 04:21 - 2017-02-15 04:21 - 00000000 ____D C:\Program Files\D8T3IW6R6F
2017-02-15 03:20 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\53PTQQBJD2
2017-02-15 02:20 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\W9M8HEQZCN
2017-02-15 02:20 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\9R9CGUOIM0
2017-02-15 02:19 - 2017-02-19 21:26 - 00000000 ____D C:\Program Files\O9Q1P6ZTSK
2017-02-15 02:12 - 2017-02-15 07:13 - 00000000 ____D C:\Windows\System32\SSL
2017-02-15 02:11 - 2017-02-15 02:11 - 00000000 ____D C:\Windows\System32\sstmp
2017-02-15 02:11 - 2017-02-15 02:11 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-02-15 02:10 - 2017-03-01 21:58 - 00000000 ____D C:\Users\Sean\AppData\Local\YwbtPack
2017-02-15 02:10 - 2017-03-01 21:57 - 00000000 ____D C:\Users\Sean\AppData\Local\Ogttics
2017-02-14 20:16 - 2017-02-14 20:16 - 00000000 ____D C:\Users\Sean\AppData\Local\Uber Entertainment
2017-02-14 13:43 - 2017-02-17 05:07 - 00000000 ____D C:\GOG Games
2017-02-14 13:20 - 2017-02-14 13:20 - 00000000 ____D C:\Users\Sean\AppData\Roaming\SmartSteamEmu
2017-02-14 13:20 - 2017-02-14 13:20 - 00000000 ____D C:\Users\Sean\AppData\Local\Porno-Studio-Tycoon
2017-02-14 13:17 - 2017-02-14 13:18 - 564710685 _____ C:\Users\Sean\Downloads\Porno.Studio.Tycoon.Early.Access.rar
2017-02-13 19:24 - 2017-02-13 19:41 - 1912602624 _____ C:\Users\Sean\Downloads\PinkMeth-Tor-Site-Archive.tar
2017-02-13 19:13 - 2017-02-13 19:13 - 59985853 _____ C:\Users\Sean\Downloads\pia-v66-installer-win.exe
2017-02-13 19:05 - 2017-02-13 19:05 - 00000000 _____ C:\Users\Sean\AppData\Local\{692C7269-AD05-4580-AB0A-154A615DE1CB}
2017-02-13 18:30 - 2017-02-13 18:30 - 00000000 ____D C:\Users\Sean\Documents\TRANSFORMERS_Devastation
2017-02-13 18:26 - 2017-02-13 18:26 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2017-02-13 18:26 - 2016-08-16 02:40 - 05660512 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2017-02-13 18:26 - 2005-01-02 22:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2017-02-13 18:26 - 2003-07-18 13:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2017-02-13 16:48 - 2017-02-13 16:51 - 47798498 _____ C:\Users\Sean\Downloads\oh my good my sister.mp4
2017-02-13 07:46 - 2017-02-13 07:54 - 122391501 _____ C:\Users\Sean\Downloads\ToplessTopics-2016-08-26_08-47.mp4
2017-02-11 19:53 - 2017-02-11 20:07 - 00000000 ____D C:\Users\Sean\Desktop\New folder
2017-02-11 19:41 - 2017-02-11 19:41 - 00872680 _____ (iMobie Inc.) C:\Users\Sean\Downloads\anytrans-setup (1).exe
2017-02-11 19:16 - 2017-02-11 19:16 - 02171548 _____ C:\Users\Sean\Downloads\cemu_1.7.1.zip
2017-02-11 19:16 - 2017-02-11 19:16 - 00000000 ____D C:\Users\Sean\Downloads\cemu_1.7.1
2017-02-11 17:35 - 2017-02-11 17:35 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Elcomsoft
2017-02-11 17:35 - 2017-02-11 17:35 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery
2017-02-11 17:35 - 2017-02-11 17:35 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery
2017-02-11 17:35 - 2017-02-11 17:35 - 00000000 ____D C:\Program Files (x86)\Elcomsoft
2017-02-11 17:33 - 2017-02-11 17:34 - 47005696 _____ C:\Users\Sean\Downloads\eppb_setup_en (1).msi
2017-02-11 16:16 - 2017-02-15 07:33 - 00000000 ____D C:\Program Files (x86)\Aiseesoft Studio
2017-02-11 16:15 - 2017-02-11 16:15 - 30750760 _____ (Aiseesoft Studio ) C:\Users\Sean\Downloads\fonelab (1).exe
2017-02-11 16:13 - 2017-02-11 16:13 - 26730128 _____ (Tipard Studio ) C:\Users\Sean\Downloads\tipard-ios-data-recovery-8.2.6.exe
2017-02-11 16:12 - 2017-02-11 16:12 - 00000000 ____D C:\Users\Sean\AppData\Local\Tipard Studio
2017-02-11 16:11 - 2017-02-11 16:11 - 21988704 _____ (Tipard Studio ) C:\Users\Sean\Downloads\tipard.exe
2017-02-11 15:29 - 2017-02-11 15:29 - 01853819 _____ C:\Users\Sean\Downloads\2017-02-11_08.15_Z O E ✨_Truth or dare).mp4
2017-02-11 15:28 - 2017-02-11 15:36 - 64110895 _____ C:\Users\Sean\Downloads\Z O E ✨-1BRKjVrArZvKw.mp4
2017-02-11 15:28 - 2017-02-11 15:36 - 57568377 _____ C:\Users\Sean\Downloads\Zoenicewander (Z O E ✨) [2017-01-14 04-46] =LIVE= Truth or dare.mp4
2017-02-11 15:24 - 2017-02-11 15:25 - 32494648 _____ (Shenzhen iMyFone Technology Co., Ltd. ) C:\Users\Sean\Downloads\iMyFone-D-Back (1).exe
2017-02-11 15:10 - 2017-02-17 05:11 - 00000000 ___RD C:\Users\Sean\Documents\MEGAsync
2017-02-11 15:09 - 2017-02-17 05:13 - 00000000 ____D C:\Users\Sean\AppData\Local\Mega Limited
2017-02-11 15:08 - 2017-02-11 15:08 - 13286592 _____ (MEGA Limited) C:\Users\Sean\Downloads\MEGAsyncSetup (1).exe
2017-02-09 21:35 - 2017-02-09 21:35 - 01728672 _____ C:\Users\Sean\Downloads\kensley_evan (Kensley Evan) [2016-11-19 22-35] Untitled (118532354).mp4
2017-02-09 21:32 - 2017-02-09 21:32 - 03206823 _____ C:\Users\Sean\Downloads\[2016-05-23 01-52] -LIVE- Shower scope at 20O, DONT SHARE TO TWITTER  Part Two.mp4
2017-02-09 16:27 - 2017-02-09 16:27 - 25238542 _____ C:\Users\Sean\Downloads\ksyu2004.webm
2017-02-09 16:26 - 2017-02-09 16:28 - 34555304 _____ C:\Users\Sean\Downloads\4.avi
2017-02-09 16:26 - 2017-02-09 16:27 - 08848409 _____ C:\Users\Sean\Downloads\3.mp4
2017-02-09 16:26 - 2017-02-09 16:27 - 03069105 _____ C:\Users\Sean\Downloads\2.mp4
2017-02-09 16:26 - 2017-02-09 16:26 - 06637704 _____ C:\Users\Sean\Downloads\5 (1).mp4
2017-02-09 09:14 - 2017-02-09 09:21 - 144745005 _____ C:\Users\Sean\Downloads\rajaandkaylin_01-29-2017_15-33.mkv
2017-02-09 00:33 - 2017-02-09 00:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-02-09 00:33 - 2017-02-09 00:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-02-07 14:16 - 2017-02-07 14:16 - 04396615 _____ C:\Users\Sean\Downloads\Zoenicewander (Z O E ✨) [2017-02-07 18-34-44] Untitled.mp4
2017-02-07 14:16 - 2017-02-07 14:16 - 01392518 _____ C:\Users\Sean\Downloads\Zoenicewander - 170207_1338 (need full cap).mp4
2017-02-07 05:23 - 2017-02-07 05:23 - 00600028 _____ C:\Users\Sean\Downloads\video (1).mov
2017-02-06 22:02 - 2017-02-06 22:20 - 93273928 _____ C:\Users\Sean\Downloads\ButtermilkPanc2 (Buttermilk Pancakes) [2016-12-17 03-51-51] Christmas fun.mp4
2017-02-06 22:02 - 2017-02-06 22:20 - 90783030 _____ C:\Users\Sean\Downloads\ButtermilkPanc2 (Buttermilk Pancakes) [2017-02-07 04-05-06].mp4
2017-02-06 22:02 - 2017-02-06 22:19 - 82151986 _____ C:\Users\Sean\Downloads\ButtermilkPanc2 (Buttermilk Pancakes) [2016-11-28 00-32-55].mp4
2017-02-06 22:01 - 2017-02-06 22:02 - 02085155 _____ C:\Users\Sean\Downloads\ButtermilkPanc2 (Buttermilk Pancakes) [2017-02-07 05-04-30].mp4
2017-02-06 20:11 - 2017-02-06 20:13 - 30910637 _____ C:\Users\Sean\Downloads\Hitchhikers guide to the Galaxy.rar
2017-02-06 19:14 - 2017-02-06 19:15 - 16815632 _____ C:\Users\Sean\Downloads\JaclynSanchezzz.mp4
2017-02-06 11:18 - 2017-02-06 11:21 - 25116690 _____ C:\Users\Sean\Downloads\Lena the Plug & Emily Rinaudo again - ShesFreaky.mp4
2017-02-06 11:18 - 2017-02-06 11:21 - 23134991 _____ C:\Users\Sean\Downloads\Lena the Plug & Emily Rinaudo 2 ShesFreaky.mp4
2017-02-06 07:26 - 2017-02-06 07:27 - 17103991 _____ C:\Users\Sean\Downloads\jessss07 (Jess) [2017-02-06 14-46-15] we are home.mp4
2017-02-05 20:22 - 2017-02-05 20:22 - 313023221 _____ C:\Users\Sean\Downloads\StarbucksMTF.rar
2017-02-05 20:20 - 2017-02-05 20:22 - 21871325 _____ C:\Users\Sean\Downloads\Zoenicewander 02-05-2017 19-56-34 1yNGaPawNYdKj.live [Nip Flashes].mp4
2017-02-05 20:20 - 2017-02-05 20:20 - 04846817 _____ C:\Users\Sean\Downloads\Zoenicewander (Z O E ✨) [2017-02-01 02-43] -LIVE- 1 Pee on me.mp4
2017-02-05 07:55 - 2017-02-05 07:56 - 12816665 _____ C:\Users\Sean\Downloads\REQUEST MORE jessiebabe00 .mp4
2017-02-04 14:13 - 2017-02-04 14:13 - 03179524 _____ C:\Users\Sean\Downloads\censoreding girl.mp4
2017-02-04 10:18 - 2017-02-04 10:18 - 06167040 _____ C:\Users\Sean\Downloads\chapter 4 power point.ppt
2017-02-04 10:10 - 2017-02-04 10:10 - 06518784 _____ C:\Users\Sean\Downloads\chapter 3 power point.ppt
2017-02-04 10:04 - 2017-02-04 10:04 - 03903996 _____ C:\Users\Sean\Downloads\Infant and Toddler Development, Screening, and Assessment .pdf
2017-02-04 09:10 - 2017-02-04 09:10 - 00813948 _____ C:\Users\Sean\Downloads\2017-01-28_19.41_❤️cashgal.mp4
2017-02-04 09:10 - 2017-02-04 09:10 - 00813948 _____ C:\Users\Sean\Downloads\2017-01-28_19.41_❤️cashgal (1).mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 07:27 - 2016-07-30 19:28 - 00000328 _____ C:\Windows\Tasks\iToolsDaemon.job
2017-03-06 07:27 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 07:26 - 2014-01-21 19:11 - 00000000 __RDO C:\Users\Sean\SkyDrive
2017-03-06 07:25 - 2014-12-14 16:00 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-03-06 07:24 - 2016-10-17 19:27 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-06 07:24 - 2016-07-30 19:28 - 00003258 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-03-06 07:24 - 2014-02-22 17:07 - 00003417 ___SH C:\Windows\SysWOW64\mmf.sys
2017-03-06 07:24 - 2014-01-21 18:53 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-06 06:55 - 2013-11-13 23:29 - 00799036 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-06 06:55 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2017-03-06 06:42 - 2016-10-17 19:27 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-06 06:38 - 2014-10-25 16:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-06 05:56 - 2014-01-21 19:25 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C8AAE47-C1A1-48E8-BD0F-420CED39BCF0}
2017-03-06 00:07 - 2014-01-22 08:24 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1486023-1717900501-3310008601-1001
2017-03-05 23:03 - 2014-02-01 12:13 - 00000000 ____D C:\Users\Sean\AppData\Local\Adobe
2017-03-05 22:56 - 2014-01-21 18:55 - 00000000 ____D C:\users\Sean
2017-03-05 22:52 - 2015-02-22 17:00 - 00000000 ____D C:\Users\Sean\AppData\LocalLow\Temp
2017-03-05 21:44 - 2014-01-22 06:02 - 00000000 ____D C:\Users\Sean\AppData\Local\CrashDumps
2017-03-05 21:18 - 2014-01-21 16:56 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-05 21:13 - 2016-09-07 17:35 - 00000000 ____D C:\Users\Sean\AppData\Roaming\qBittorrent
2017-03-05 13:36 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\System32\config\BBI
2017-03-05 13:36 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-03-04 20:58 - 2014-01-22 08:18 - 00000000 ____D C:\Users\Sean\AppData\Local\Packages
2017-03-04 20:43 - 2014-12-20 20:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-01 21:26 - 2015-06-13 07:40 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-01 21:26 - 2014-12-23 20:40 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-01 21:26 - 2014-12-20 20:09 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-01 21:08 - 2016-09-07 13:35 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-02-28 13:36 - 2014-01-22 06:34 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-28 09:23 - 2014-06-08 07:18 - 00000000 ____D C:\Users\Sean\AppData\Local\Deployment
2017-02-28 09:22 - 2017-01-25 20:08 - 00001418 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-28 09:22 - 2017-01-14 09:04 - 00000846 _____ C:\Users\Public\Desktop\Dolphin.lnk
2017-02-28 09:22 - 2016-12-28 12:22 - 00001125 _____ C:\Users\Sean\Desktop\Syncios.lnk
2017-02-28 09:22 - 2016-12-28 11:36 - 00001106 _____ C:\Users\Sean\Desktop\Syncios Data Recovery.lnk
2017-02-28 09:22 - 2016-11-13 19:57 - 00000787 _____ C:\Users\Sean\Desktop\Start Tor Browser.lnk
2017-02-28 09:22 - 2016-10-23 08:20 - 00001165 _____ C:\Users\Public\Desktop\Sid Meiers Civilization VI.lnk
2017-02-28 09:22 - 2016-08-13 19:20 - 00001302 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
2017-02-28 09:22 - 2016-08-13 19:15 - 00001128 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2017-02-28 09:22 - 2016-07-30 19:28 - 00001132 _____ C:\Users\Public\Desktop\iTools 3.lnk
2017-02-28 09:22 - 2016-07-21 11:58 - 00001021 _____ C:\Users\Public\Desktop\iExplorer.lnk
2017-02-28 09:22 - 2016-05-01 17:21 - 00001941 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-02-28 09:22 - 2016-04-23 19:04 - 00002065 _____ C:\Users\Sean\Desktop\Ace Stream Media Center.lnk
2017-02-28 09:22 - 2016-04-23 19:04 - 00001961 _____ C:\Users\Sean\Desktop\Ace Player.lnk
2017-02-28 09:22 - 2016-02-23 20:09 - 00001006 _____ C:\Users\Sean\Desktop\Droid4X Multi Manager.lnk
2017-02-28 09:22 - 2015-12-14 19:58 - 00001360 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-02-28 09:22 - 2015-09-13 17:35 - 00002253 _____ C:\Users\Sean\Desktop\Kindle.lnk
2017-02-28 09:22 - 2015-07-06 11:17 - 00000890 _____ C:\Users\Public\Desktop\ComicRack.lnk
2017-02-28 09:22 - 2015-06-02 04:05 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-28 09:22 - 2015-05-03 10:52 - 00001843 _____ C:\Users\Sean\Desktop\Spotify.lnk
2017-02-28 09:22 - 2015-04-21 11:16 - 00001183 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2017-02-28 09:22 - 2015-04-21 11:15 - 00001146 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-02-28 09:22 - 2015-03-31 13:17 - 00001903 _____ C:\Users\Public\Desktop\Apps.lnk
2017-02-28 09:22 - 2015-03-31 13:17 - 00001813 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2017-02-28 09:22 - 2015-03-21 16:16 - 00000983 _____ C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
2017-02-28 09:22 - 2015-03-05 19:56 - 00001904 _____ C:\Users\Public\Desktop\Cities XXL.lnk
2017-02-28 09:22 - 2015-02-02 10:43 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-28 09:22 - 2014-12-29 10:50 - 00001683 _____ C:\Users\Sean\Desktop\Play Fallout New Vegas.lnk
2017-02-28 09:22 - 2014-12-29 10:50 - 00000882 _____ C:\Users\Sean\Desktop\visit www.nosteam.ro.lnk
2017-02-28 09:22 - 2014-12-27 19:27 - 00001018 _____ C:\Users\Public\Desktop\Southpark Stick of Truth.lnk
2017-02-28 09:22 - 2014-12-21 21:28 - 00001077 _____ C:\Users\Public\Desktop\DS4Windows.lnk
2017-02-28 09:22 - 2014-12-21 20:56 - 00001987 _____ C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2017-02-28 09:22 - 2014-12-20 20:38 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-02-28 09:22 - 2014-12-16 08:57 - 00001782 _____ C:\Users\Public\Desktop\Mass Effect 3.lnk
2017-02-28 09:22 - 2014-12-14 16:00 - 00001154 _____ C:\Users\Public\Desktop\WD SmartWare.lnk
2017-02-28 09:22 - 2014-12-14 15:59 - 00001207 _____ C:\Users\Public\Desktop\WD Security.lnk
2017-02-28 09:22 - 2014-12-14 15:59 - 00001127 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2017-02-28 09:22 - 2014-11-21 17:06 - 00001379 _____ C:\Users\Public\Desktop\Marvel Heroes Launcher.lnk
2017-02-28 09:22 - 2014-10-19 21:38 - 00001492 _____ C:\Users\Public\Desktop\The Sims 4 Deluxe Edition.lnk
2017-02-28 09:22 - 2014-10-19 19:18 - 00000913 _____ C:\Users\Sean\Desktop\BitTorrent.lnk
2017-02-28 09:22 - 2014-04-17 13:41 - 00000885 _____ C:\Users\Sean\Desktop\BOSS GUI - Shortcut.lnk
2017-02-28 09:22 - 2014-04-17 11:56 - 00000940 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-02-28 09:22 - 2014-03-26 14:55 - 00001736 _____ C:\Users\Sean\Desktop\Play SimCity 2013 Offline.lnk
2017-02-28 09:22 - 2014-03-13 21:56 - 00001332 _____ C:\Users\Sean\Desktop\Major League Baseball 2K12.lnk
2017-02-28 09:22 - 2014-02-05 17:29 - 00002040 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2017-02-28 09:22 - 2014-01-31 23:01 - 00001815 _____ C:\Users\Public\Desktop\MultiBit 0.5.16.lnk
2017-02-28 09:22 - 2014-01-30 17:28 - 00000876 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-02-28 09:22 - 2014-01-30 17:14 - 00001015 _____ C:\Users\Sean\Desktop\µTorrent.lnk
2017-02-28 09:22 - 2014-01-22 08:42 - 00002093 _____ C:\Users\Public\Desktop\Launch Get Connected.lnk
2017-02-28 09:22 - 2014-01-22 06:34 - 00000965 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-28 09:22 - 2014-01-21 21:13 - 00001240 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2017-02-28 09:22 - 2014-01-21 20:01 - 00001459 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2017-02-28 09:22 - 2014-01-21 19:54 - 00002066 _____ C:\Users\Sean\Desktop\RuneScape.lnk
2017-02-28 09:22 - 2014-01-21 16:58 - 00002053 _____ C:\Users\Public\Desktop\Super-Charger.lnk
2017-02-28 09:22 - 2014-01-21 16:56 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-28 09:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\WinStore
2017-02-27 19:44 - 2016-10-17 19:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-19 21:33 - 2015-12-15 17:38 - 00110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2017-02-19 21:33 - 2015-04-15 04:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-19 21:33 - 2014-01-30 17:54 - 00000000 ____D C:\Program Files\WinRAR
2017-02-19 21:32 - 2015-12-15 17:33 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-19 21:32 - 2015-12-15 17:33 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-19 21:32 - 2015-12-14 20:12 - 00000000 ____D C:\Program Files\Java
2017-02-19 21:31 - 2014-11-28 13:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-19 21:05 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\ModemLogs
2017-02-19 19:41 - 2014-12-23 20:41 - 00337080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.148756216614004
2017-02-17 09:27 - 2016-08-13 19:20 - 00000000 ____D C:\ProgramData\Wondershare
2017-02-17 09:26 - 2016-08-13 19:20 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-02-17 09:22 - 2014-12-15 07:57 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-02-17 09:22 - 2014-12-15 07:57 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-17 05:58 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\vpnplugins
2017-02-17 05:54 - 2016-02-23 19:51 - 00000000 ____D C:\Users\Sean\.VirtualBox
2017-02-17 05:46 - 2014-01-21 17:32 - 00000000 ____D C:\Users\Sean\AppData\Local\ElevatedDiagnostics
2017-02-17 05:29 - 2014-01-27 18:16 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-02-15 18:42 - 2016-02-23 19:47 - 00000000 _____ C:\hsrv.txt
2017-02-15 18:37 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Globalization
2017-02-15 08:08 - 2013-08-22 06:44 - 05099024 _____ C:\Windows\System32\FNTCACHE.DAT
2017-02-15 07:39 - 2014-12-14 18:24 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-15 07:22 - 2015-12-14 19:58 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 15:38 - 2014-10-25 16:18 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 15:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 15:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\System32\Macromed
2017-02-13 19:18 - 2014-12-14 12:28 - 00000000 ____D C:\Program Files\pia_manager
2017-02-13 19:04 - 2017-01-05 19:35 - 00000000 ____D C:\Users\Sean\AppData\LocalLow\BitTorrent
2017-02-13 19:04 - 2015-05-03 10:52 - 00000000 ____D C:\Users\Sean\AppData\Local\Spotify
2017-02-13 19:03 - 2014-01-30 17:14 - 00000000 ____D C:\Users\Sean\AppData\Roaming\uTorrent
2017-02-13 19:02 - 2014-10-19 19:18 - 00000000 ____D C:\Users\Sean\AppData\Roaming\BitTorrent
2017-02-13 18:25 - 2014-12-06 21:58 - 00000000 __SHD C:\Users\Sean\AppData\Local\EmieUserList
2017-02-13 18:25 - 2014-12-06 21:58 - 00000000 __SHD C:\Users\Sean\AppData\Local\EmieSiteList
2017-02-13 18:25 - 2014-12-06 21:58 - 00000000 __SHD C:\Users\Sean\AppData\Local\EmieBrowserModeList
2017-02-11 20:21 - 2016-08-12 02:29 - 00000000 ____D C:\Users\Sean\Documents\Syncios Data Recovery
2017-02-11 19:03 - 2015-05-03 10:52 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Spotify
2017-02-11 18:57 - 2015-06-02 04:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 16:28 - 2015-02-02 10:43 - 00000000 ____D C:\Users\Sean\AppData\Roaming\vlc

Files to move or delete:
====================
C:\Users\Sean\matrix_cl_matrix_LIVE.dat


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-12 18:53] - [2015-04-08 14:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: Minimal => The system is configured to boot to Safe Mode <===== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-02-24 04:11
Restore point date: 2017-03-05 14:01
Restore point date: 2017-03-05 21:33
Restore point date: 2017-03-05 21:59
Restore point date: 2017-03-05 22:51
Restore point date: 2017-03-05 22:51

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 8136.07 MB
Available physical RAM: 7153.45 MB
Total Virtual: 8136.07 MB
Available Virtual: 7175.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:174.97 GB) NTFS
Drive d: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive e: (My Passport) (Fixed) (Total:1862.97 GB) (Free:1573.16 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C503D2F0)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: CF84F39D)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 4D092685)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

LastRegBack: 2017-03-05 13:47

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello SeanMoore19 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Continue with the following:

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Boot your system back to Normal mode, continue with the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hello SeanMoore19,

Thanks for those logs, continue with the following:

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your rely, also tell me if you have any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hello SeanMoore19,

Thanks for those logs and information update, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image
 
Let me see those logs....
 
Thank you,
 
Kevin..

fixlist.txt

Link to post
Share on other sites

Yes! It seems to be much better. The original winvmx is gone. The only lingering issue I can tell is that google chrome opens a weird page whenever I try to open a new tab, but it says "

Your file was not found

It may have been moved or deleted.
ERR_FILE_NOT_FOUND"

And the name of the tab is always, "chrome-extension://ffoaha..." So I'm not sure if I should just do a clean install of chrome or whatever you suggest. 

Link to post
Share on other sites

Yes a fresh install of Chrome is worth a shot... If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help...?
Link to post
Share on other sites

So I reinstalled chrome and when I did I was prompted to log into my google account and during that process I was redirected to: "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html?access_point=0&source=0?attemptToken=" I'm under if this is legit or not and if you have any ideas as this was the literal first site I accessed. It could've just been a chrome error. However, the previous page when opening new tabs is fixed. 

Link to post
Share on other sites

Thanks for the update, good to hear all is well again... Continue with the following to clean up..

Uninstall Sophos AV and RogueKiller http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.