Jump to content

Black screen after scanning with malwarebyte


Recommended Posts

Hi,

Could you help me out? My pc got infected my malware so I installed and ran Malwarebytes.

However, with rebooting my pc screen stays black. The white cursor is visible and can me moved around with the mouse. Other that that nothing. I found another post on this forum concerning the same problem so I tried that solution. I must do something wrong because it's not working.

1. installing farbar recovery scan tool on usb stick.  2.running the program by entering command prompt, scanning and saving the log to the same usb stick farbar is installed.

I get the following log: (see attachment)

If I am not mistaken I than go to system image recovery? select windows 10...and get the message that windows cannot find a system image on this computer.

What am I doing wrong?

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by SYSTEM on MININT-GN401J5 (18-04-2017 17:36:01)
Running from E:\
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-19] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4869120 2015-11-23] (DYMO)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Windows\system32\AdminService.exe [355760 2016-06-25] (Windows (R) Win 7 DDK provider)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\Windows\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation)
S2 DusmSvc; C:\Windows\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation)
S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33520 2015-11-23] (Sanford, L.P.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-06] (HP Inc.)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-09-21] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
S2 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [335808 2017-03-18] (Microsoft Corporation)
S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)
S3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1054720 2017-03-18] (Microsoft Corporation)
S3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [799232 2017-03-18] (Microsoft Corporation)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [555008 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
S3 xbgm; C:\Windows\System32\xbgmsvc.dll [301216 2017-03-18] (Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [96768 2017-03-18] (Microsoft Corporation)
S3 CAD; C:\Windows\System32\drivers\CAD.sys [53664 2017-03-18] (Microsoft Corporation)
S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [405408 2017-03-18] (Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [51104 2017-03-18] (Microsoft Corporation)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-18] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation)
S3 nvdimmn; C:\Windows\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 pmem; C:\Windows\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation)
S3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [40352 2017-03-18] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\PrecisionX OC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: xbgm -> C:\Windows\System32\xbgmsvc.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-18 17:31 - 2017-04-18 17:31 - 00000000 ___HD C:\$SysReset
2017-04-18 17:30 - 2017-04-18 17:31 - 00000000 ____D C:\FRST
2017-04-18 17:29 - 2017-04-18 17:35 - 00000000 _____ C:\Recovery.txt
2017-04-18 02:47 - 2017-04-18 07:20 - 00251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-18 02:47 - 2017-04-18 02:49 - 00092096 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-04-18 02:47 - 2017-04-18 02:47 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-04-18 02:47 - 2017-04-18 02:47 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-04-18 02:47 - 2017-04-18 02:47 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-04-18 02:47 - 2017-04-18 02:47 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-18 02:47 - 2017-03-22 01:02 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-04-18 02:33 - 2017-04-18 02:42 - 00000000 ____D C:\Program Files\Plumbytes Software
2017-04-18 02:15 - 2017-04-18 02:15 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-18 00:41 - 2017-04-18 00:41 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\Photostory
2017-04-17 21:04 - 2017-04-18 02:32 - 00000000 ____D C:\Windows.old
2017-04-17 21:03 - 2017-04-17 21:03 - 23680512 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 23675392 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 20505600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 19334144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 12787200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 11869696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 08319392 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 08247296 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 07904784 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 06756920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 06296064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 05477088 _____ (Microsoft Corporation) C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 03672064 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-04-17 21:03 - 2017-04-17 21:03 - 02957824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-04-17 21:03 - 2017-04-17 21:03 - 02444184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-04-17 21:03 - 2017-04-17 21:03 - 02085280 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01760264 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01657344 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01605632 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01604312 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01518088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01411640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01356800 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01323880 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01147296 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 01024416 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 00986592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00750560 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 00626520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 00624640 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\winspool.drv
2017-04-17 21:03 - 2017-04-17 21:03 - 00543648 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2017-04-17 21:03 - 2017-04-17 21:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2017-04-17 21:03 - 2017-04-17 21:03 - 00409504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2017-04-17 21:03 - 2017-04-17 21:03 - 00388000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2017-04-17 21:03 - 2017-04-17 21:03 - 00382368 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00364032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00354360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\XpsDocumentTargetPrint.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00205728 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00119296 _____ (Microsoft Corporation) C:\Windows\System32\UserDataTimeUtil.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\mfmjpegdec.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00047104 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-17 21:03 - 2017-04-17 21:03 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2017-04-17 21:03 - 2017-04-17 21:03 - 00032004 _____ C:\Windows\System32\edgehtmlpluginpolicy.bin
2017-04-17 21:03 - 2017-04-17 21:03 - 00008192 _____ C:\Windows\System32\config\userdiff
2017-04-17 21:03 - 2017-04-17 11:06 - 00000000 ____D C:\Windows\ServiceProfiles
2017-04-17 21:03 - 2017-03-17 22:00 - 09481728 _____ (Microsoft Corporation) C:\Windows\System32\prm0013.dll
2017-04-17 21:02 - 2017-04-17 21:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-17 21:02 - 2017-04-17 21:02 - 00000000 ____D C:\Program Files\MSBuild
2017-04-17 21:02 - 2017-04-17 21:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-17 21:02 - 2017-04-17 21:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-17 21:02 - 2017-02-10 11:26 - 01166520 _____ (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
2017-04-17 21:02 - 2017-02-10 11:26 - 00124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2017-04-17 21:02 - 2017-02-10 11:26 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2017-04-17 21:02 - 2017-02-10 11:21 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-04-17 21:02 - 2017-02-10 11:21 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-17 21:02 - 2017-02-10 11:21 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-04-17 12:41 - 2017-04-17 12:41 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\DBG
2017-04-17 12:40 - 2017-04-17 12:40 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-17 12:38 - 2017-04-17 12:38 - 00000020 ___SH C:\Users\Grom.DESKTOP-MAF6RCN\ntuser.ini
2017-04-17 11:19 - 2017-04-17 11:19 - 00000000 ____D C:\ProgramData\USOShared
2017-04-17 11:16 - 2017-04-18 06:43 - 00942836 _____ C:\Windows\System32\PerfStringBackup.INI
2017-04-17 11:12 - 2017-04-17 11:12 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-17 11:10 - 2017-04-18 07:20 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-17 11:10 - 2017-04-18 02:19 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-04-17 11:10 - 2017-04-17 23:21 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34132AF7-79C1-4924-8C36-27F5F78D6672}
2017-04-17 11:10 - 2017-04-17 11:11 - 00007623 _____ C:\Windows\diagwrn.xml
2017-04-17 11:10 - 2017-04-17 11:11 - 00007623 _____ C:\Windows\diagerr.xml
2017-04-17 11:10 - 2017-04-17 11:10 - 00004930 _____ C:\Windows\System32\Tasks\Hujshqudather Cache
2017-04-17 11:10 - 2017-04-17 11:10 - 00003556 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00003344 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-17 11:10 - 2017-04-17 11:10 - 00003142 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00003120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-17 11:10 - 2017-04-17 11:10 - 00003114 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00003108 _____ C:\Windows\System32\Tasks\KMSAutoNet
2017-04-17 11:10 - 2017-04-17 11:10 - 00003016 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00002996 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00002944 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00002902 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-17 11:10 - 2017-04-17 11:10 - 00002750 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-GROM-Grom
2017-04-17 11:10 - 2017-04-17 11:10 - 00002600 _____ C:\Windows\System32\Tasks\EVGAPrecisionX
2017-04-17 11:10 - 2017-04-17 11:10 - 00002220 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-17 11:10 - 2017-04-17 11:10 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-04-17 11:07 - 2017-04-17 11:08 - 00000000 ____D C:\Windows\System32\config\bbimigrate
2017-04-17 11:06 - 2017-04-18 07:16 - 00000000 ____D C:\users\Grom.DESKTOP-MAF6RCN
2017-04-17 11:06 - 2017-04-18 05:10 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-04-17 11:06 - 2017-04-17 11:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-17 11:06 - 2017-04-17 11:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-17 11:06 - 2017-04-17 11:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-17 11:06 - 2017-04-17 11:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 _SHDL C:\Users\Grom.DESKTOP-MAF6RCN\My Documents
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 _SHDL C:\Users\Grom.DESKTOP-MAF6RCN\Documents\My Videos
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 _SHDL C:\Users\Grom.DESKTOP-MAF6RCN\Documents\My Pictures
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 _SHDL C:\Users\Grom.DESKTOP-MAF6RCN\Documents\My Music
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-17 11:06 - 2017-04-17 11:06 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-04-17 11:06 - 2017-03-18 12:56 - 02233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 06386232 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 02477624 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 01762752 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 00546752 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 00392128 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2017-04-17 11:06 - 2016-12-29 04:44 - 00069568 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2017-04-17 11:06 - 2016-12-18 23:26 - 07651057 _____ C:\Windows\System32\nvcoproc.bin
2017-04-17 11:05 - 2017-04-18 07:20 - 05043640 _____ C:\Windows\System32\FNTCACHE.DAT
2017-04-17 10:34 - 2017-04-18 02:32 - 00000000 ___DC C:\Windows\Panther
2017-04-17 10:34 - 2017-04-17 10:42 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-17 09:11 - 2017-04-17 12:38 - 00000000 ____D C:\Windows10Upgrade
2017-04-15 05:05 - 2017-04-15 05:05 - 00000000 ____D C:\Program Files (x86)\temp
2017-04-14 20:44 - 2017-04-14 20:44 - 00000000 ___HD C:\$AV_AVG
2017-04-14 20:44 - 2017-04-14 20:44 - 00000000 ____D C:\Program Files\su6v4mf7
2017-04-14 18:44 - 2017-04-18 02:30 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-04-14 18:44 - 2017-04-15 03:54 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Mozilla
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Firefox
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\LocalLow\Mozilla
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Firefox
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Alltie
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\ProgramData\Software
2017-04-14 18:44 - 2017-04-14 18:44 - 00000000 ____D C:\Program Files (x86)\Alltie
2017-04-14 03:26 - 2017-04-17 23:17 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2017-04-14 03:26 - 2017-04-15 03:57 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-04-13 23:41 - 2017-04-18 02:23 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\AvgSetupLog
2017-04-13 23:41 - 2017-04-18 02:23 - 00000000 ____D C:\ProgramData\Avg
2017-04-13 23:41 - 2017-04-13 23:41 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Avg
2017-04-13 15:15 - 2017-04-14 00:27 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Kitty
2017-04-13 15:15 - 2017-04-13 15:15 - 00000000 ____D C:\Update
2017-04-13 15:12 - 2017-04-17 10:34 - 00000036 _____ C:\Windows\progress.ini
2017-04-13 15:06 - 2017-04-13 15:06 - 00000000 ____D C:\Program Files (x86)\MK
2017-04-13 15:05 - 2017-04-13 15:05 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP152.SYS
2017-04-13 15:03 - 2017-04-13 15:03 - 00000000 ____D C:\ProgramData\6a045909
2017-04-13 07:50 - 2017-04-18 03:10 - 00000000 ____D C:\Program Files (x86)\Muhogh
2017-04-13 07:50 - 2017-04-13 07:50 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Atozet
2017-04-13 07:50 - 2017-04-13 07:50 - 00000000 ____D C:\Program Files (x86)\Dersstdward Controls
2017-04-13 07:30 - 2017-04-17 12:38 - 00000000 ___HD C:\$GetCurrent
2017-04-13 07:22 - 2017-04-13 23:15 - 00187904 _____ C:\Windows\rsrcs.dll
2017-04-13 07:21 - 2017-04-13 07:27 - 00000000 ____D C:\Windows\System32\SSL
2017-04-13 07:20 - 2017-04-18 03:10 - 00000000 ____D C:\Program Files (x86)\Drization
2017-04-13 07:20 - 2017-04-13 15:24 - 00000002 _____ C:\END
2017-04-13 07:20 - 2017-04-13 15:23 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Cleing
2017-04-13 07:20 - 2017-04-13 07:50 - 00140288 _____ C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Installer.dat
2017-04-13 07:20 - 2017-04-13 07:20 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Kernoentatnetion
2017-04-13 00:02 - 2017-04-13 00:02 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\UNP
2017-04-12 23:58 - 2017-04-17 09:06 - 00000000 ____D C:\Program Files\UNP
2017-04-12 10:47 - 2017-04-18 02:24 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\phone
2017-04-12 09:31 - 2017-04-12 09:31 - 00001928 _____ C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\Google Drive.lnk
2017-04-12 08:37 - 2017-04-17 15:03 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\random - bewerkt
2017-04-12 03:24 - 2017-03-27 21:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\DdcWnsListener.dll
2017-04-12 03:24 - 2017-03-27 21:28 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-04-06 10:58 - 2017-04-12 08:48 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\foto's voor photostory website
2017-04-04 15:16 - 2017-04-04 15:16 - 00382450 _____ C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\superet factuur.pdf
2017-04-04 14:48 - 2017-04-04 14:48 - 00376555 _____ C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\ecomondo factuur.pdf
2017-03-20 17:39 - 2017-03-03 22:18 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-03-20 17:21 - 2017-03-27 02:43 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-18 07:20 - 2016-12-09 03:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-18 07:20 - 2016-11-22 03:50 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Skype
2017-04-18 07:20 - 2016-09-26 01:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-18 07:20 - 2016-09-21 23:21 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Spotify
2017-04-18 07:20 - 2016-09-21 23:17 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Spotify
2017-04-18 07:15 - 2017-01-10 09:11 - 00000000 ___RD C:\Users\Grom.DESKTOP-MAF6RCN\Google Drive
2017-04-18 07:15 - 2016-12-19 17:09 - 00003355 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-04-18 05:49 - 2017-03-18 13:01 - 00000000 ____D C:\Windows\INF
2017-04-18 05:11 - 2017-03-18 03:40 - 00786432 _____ C:\Windows\System32\config\BBI
2017-04-18 02:32 - 2016-12-09 03:30 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\CrashDumps
2017-04-18 02:21 - 2016-09-22 00:36 - 00000412 __RSH C:\ProgramData\ntuser.pol
2017-04-18 02:19 - 2016-10-08 09:11 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-04-18 02:19 - 2016-10-08 08:55 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Hewlett-Packard
2017-04-18 02:19 - 2016-10-08 08:55 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-04-18 02:18 - 2016-09-21 22:47 - 00000000 ___RD C:\Users\Grom.DESKTOP-MAF6RCN\OneDrive
2017-04-18 02:15 - 2016-09-21 23:21 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Google
2017-04-18 02:15 - 2016-09-20 14:30 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-18 00:41 - 2017-03-13 10:42 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\Asian Glories rebranding
2017-04-17 23:05 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\appcompat
2017-04-17 21:05 - 2017-03-18 13:03 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2017-04-17 21:04 - 2017-03-18 13:06 - 00000000 ____D C:\Windows\Setup
2017-04-17 21:03 - 2017-03-18 18:30 - 00000000 ____D C:\Windows\OCR
2017-04-17 16:00 - 2016-09-24 01:29 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Adobe
2017-04-17 14:39 - 2017-03-18 12:51 - 00000000 ____D C:\Windows\CbsTemp
2017-04-17 13:10 - 2017-03-18 13:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-17 13:10 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\AppReadiness
2017-04-17 12:55 - 2016-09-21 22:45 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Packages
2017-04-17 12:40 - 2016-09-21 22:50 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Comms
2017-04-17 12:38 - 2017-03-18 13:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-17 12:38 - 2016-09-20 13:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-17 11:19 - 2017-03-18 13:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-17 11:11 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2017-04-17 11:11 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\Registration
2017-04-17 11:10 - 2017-03-18 18:31 - 00000000 ____D C:\Windows\HoloShell
2017-04-17 11:10 - 2017-03-18 13:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-17 11:10 - 2016-09-26 01:37 - 00027280 _____ C:\Windows\System32\emptyregdb.dat
2017-04-17 11:10 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\Tasks_Migrated
2017-04-17 11:08 - 2017-03-18 13:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-17 11:08 - 2017-02-20 09:34 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-17 11:07 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\System32\spool
2017-04-17 11:07 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\System32\NDF
2017-04-17 11:07 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-17 11:07 - 2017-03-18 13:03 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-04-17 11:07 - 2017-03-18 13:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-17 11:07 - 2017-02-20 06:46 - 00000000 ____D C:\Windows\System32\appmgmt
2017-04-17 11:07 - 2016-09-20 13:54 - 00000000 ____D C:\Program Files\Intel
2017-04-17 11:07 - 2015-10-29 23:24 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-04-17 11:06 - 2017-03-18 13:03 - 00000000 ____D C:\Windows\Help
2017-04-17 11:06 - 2017-03-18 03:40 - 00000000 ____D C:\Windows\System32\Sysprep
2017-04-17 09:05 - 2017-02-20 09:47 - 00000000 ____D C:\Program Files\Reimage
2017-04-17 08:23 - 2017-03-05 09:39 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForGrom.job
2017-04-14 03:45 - 2016-11-10 21:22 - 00000034 _____ C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\AdobeWLCMCache.dat
2017-04-14 03:05 - 2016-12-09 03:06 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-14 02:36 - 2017-02-20 10:09 - 00000000 _____ C:\Windows\System32\reimage.rep
2017-04-14 02:31 - 2017-02-20 09:57 - 00012710 _____ C:\Windows\System32\Native.exe
2017-04-13 15:33 - 2016-09-24 11:30 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\vlc
2017-04-13 15:13 - 2016-09-21 23:47 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\ElevatedDiagnostics
2017-04-13 07:25 - 2016-09-26 08:31 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Local\Citrix
2017-04-13 07:23 - 2016-12-30 11:43 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\qBittorrent
2017-04-12 14:28 - 2016-09-21 07:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-12 08:51 - 2017-03-13 10:45 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\Desktop\hucksherbs
2017-04-12 04:14 - 2016-09-20 14:59 - 00000000 ____D C:\Windows\System32\MRT
2017-04-12 04:13 - 2016-09-22 22:44 - 148601744 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-04-08 17:44 - 2016-09-22 01:35 - 00532136 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-04-03 08:56 - 2017-03-18 13:06 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-03 08:56 - 2017-03-18 13:06 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-28 01:45 - 2016-09-21 22:45 - 00000000 ____D C:\Users\Grom.DESKTOP-MAF6RCN\AppData\Roaming\Adobe
2017-03-27 02:43 - 2016-11-22 03:50 - 00000000 ____D C:\ProgramData\Skype
2017-03-20 17:21 - 2016-11-22 03:50 - 00002638 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-20 17:20 - 2016-09-20 13:47 - 00000000 ____D C:\ProgramData\Package Cache

==================== Known DLLs (Whitelisted) =========================

C:\Windows\System32\_wowarmhw.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\_wowarmhw.dll IS MISSING <==== ATTENTION
[2017-03-18 12:58] - [2017-03-18 12:58] - 0685504 ____A (Microsoft Corporation) C:\Windows\System32\SHCORE.dll
[2017-03-18 12:58] - [2017-03-18 12:58] - 0569264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHCORE.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2017-03-18 12:57] - [2017-03-18 12:57] - 0707584 ____A (Microsoft Corporation) 47FF22F309A19C495E6BDD90DFA92A95

C:\Windows\System32\wininit.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 0318232 ____A (Microsoft Corporation) 9A4BA96E87A1FD69381249557BDE2BF0

C:\Windows\explorer.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 4847928 ____A (Microsoft Corporation) 4E09D16BD3D98831C42CFD59E88E5807

C:\Windows\SysWOW64\explorer.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 4469832 ____A (Microsoft Corporation) B118183E015EE8EE5EE0FB650C2D8813

C:\Windows\System32\svchost.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 0047664 ____A (Microsoft Corporation) 3120B24060924F9B94182A1432B2D7F9

C:\Windows\SysWOW64\svchost.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 0040904 ____A (Microsoft Corporation) 6BDB3091562E7DD2C877472286B6CC46

C:\Windows\System32\services.exe
[2017-03-18 12:57] - [2017-03-18 12:57] - 0527976 ____A (Microsoft Corporation) 800D00D1A7ADA9E341CACDF287347584

C:\Windows\System32\User32.dll
[2017-03-18 12:57] - [2017-03-18 12:57] - 1345088 ____A (Microsoft Corporation) 9F67071B597A3CCC8C11CE761CE88B04

C:\Windows\SysWOW64\User32.dll
[2017-03-18 12:58] - [2017-03-18 12:59] - 1292872 ____A (Microsoft Corporation) CCA445CB2F0B36B651E976A3BD1FE26E

C:\Windows\System32\userinit.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 0032256 ____A (Microsoft Corporation) 46B72E05D0B9F489CA60DBD7361039B0

C:\Windows\SysWOW64\userinit.exe
[2017-03-18 12:58] - [2017-03-18 12:58] - 0027136 ____A (Microsoft Corporation) 61E7F56A1C00894FCB212F25BB52EE68

C:\Windows\System32\rpcss.dll
[2017-03-18 12:58] - [2017-03-18 12:58] - 1084416 ____A (Microsoft Corporation) 18440D3E6011A2D4E8965ADA201A089B

C:\Windows\System32\dnsapi.dll
[2017-03-18 12:57] - [2017-03-18 12:57] - 0661224 ____A (Microsoft Corporation) 0F9FA6A2D4EAE50393DCE473759A9845

C:\Windows\SysWOW64\dnsapi.dll
[2017-03-18 12:58] - [2017-03-18 12:58] - 0508344 ____A (Microsoft Corporation) 3F969D5ADEAB3284ABD500B37D74A8F8

C:\Windows\System32\Drivers\volsnap.sys
[2017-03-18 12:57] - [2017-03-18 12:57] - 0397216 ____A (Microsoft Corporation) E3429DBBEA3965BB96E24B16EF4A2551


==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-04-18 07:16

==================== Memory info =========================== 

Percentage of memory in use: 5%
Total physical RAM: 16323.05 MB
Available physical RAM: 15488.02 MB
Total Virtual: 16323.05 MB
Available Virtual: 15528.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:97.75 GB) NTFS
Drive d: (Opslag) (Fixed) (Total:931.39 GB) (Free:899.18 GB) NTFS
Drive e: (w_10_pro_x64) (Removable) (Total:7.62 GB) (Free:4.4 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 7.6 GB) (Disk ID: 182A1F37)
Partition 1: (Active) - (Size=7.6 GB) - (Type=07 NTFS)

LastRegBack: 2017-04-17 11:05

==================== End of FRST.txt ============================

 

I

 

 

 

 

 

FRST.txt

Link to post
Share on other sites

Hello Hucksim and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot does your system boot OK....? If so run FRST again as follows:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin....

 

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Hi Kevin,

Thank you for helping me.

I just did what you asked. The only difference is that I booted windows in safe mode with networking. 

I added fixlist to the usb containing FRST64. Did the scan and pressed Fix once. See attachments. 

I added fixlog, frst and addition

What would be the next step?

With kind regards,

Huck

Fixlog.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

You were in that mode when you ran FRST the first time....

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by SYSTEM on MININT-GN401J5 (18-04-2017 17:36:01)
Running from E:\
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001

 

Link to post
Share on other sites

Did this issue happen after a recent Windows Update... ? I can see from the logs that a restore point was created at the time of a windows update:

Quote

==================== Restore Points =========================

18-04-2017 00:39:40 Windows Update

Your current version of windows is Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)

When you access the recovery environment there is usually a list of options, it may be similar to the following:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Normally we ask that select "Command Prompt" so we can run FRST, can you select System Restore instead, once selected it is just a matter of following the prompts...

 

Link to post
Share on other sites

Yes, it was a windows upgrade to the newest version.

Actually the update was after that my computer got infected by the malware. I hoped that the upgrade would somehow remove the malware, it didnt.

So I installed malwarebyte afterwards and did the scan and now I havde a black screen

Link to post
Share on other sites

Can you access Malwarebytes from Safe mode with NW, post the log showing what was removed to cause the problem...

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Scan Report" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...


What about system restore, have you tried that.

Link to post
Share on other sites

Chances are your system is back to an infected state, do not run Malwarebytes.. Run FRST and post both logs, lets have a look at your system...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...

Link to post
Share on other sites

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes Take No Action with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Sorry, went to sleep, than had to work.

I put the frst and fixfile on the desktop and did the scan. The fixlog is in the attachment. Than i downloaded and ran adwcleaner. Afterwards the pc would reboot. 

Beneath is the adwleaner logpad which i put in a txt file.

I followed ur link, downloaded malwarebytes and ran the scan with rootkits and and archives on. After the scan i did not take any action, just exported the log which is in the attachment.

 

Fixlog.txt

adwcleaner notepad.txt

malwarebytes scan.txt

Link to post
Share on other sites

Hi Kevin,

I ran adwcleaner and used the clear function. Also did the scan with malwarebytes and quarantined the entries.

I have restarted the pc a couple times now, seems like there is no more malware. I will keep you updated if I see anything the next couple of days.

Link to post
Share on other sites

Thanks for the update Hucksim, one more scan to ensure we have not missed anything.... This short scan so will not take several hours..

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
if your system is responding as expected with no issues or concerns we can clean up...
 
Thank you,
 
Kevin

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.