Jump to content

Igfxmtc.exe and other possible virus


Disbett

Recommended Posts

Hello Disbett and welcome to Malwarebytes,

What describe suggests that your system is infected with "smartservice" that is a ruthless infection and difficult to remove..... You will need access to another PC and USB flash drive with a value of 4 GB or above. Let me know if that is possible..

Run FRST scan primarily for now....

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...

 

Link to post
Share on other sites

Sorry Kevin, I didnt follow the instructions to the 't' Here is the info you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Thuong Nguyen (administrator) on THUONGNGUYEN-PC (21-12-2017 01:34:03)
Running from C:\Users\Thuong Nguyen\Downloads
Loaded Profiles: Thuong Nguyen (Available Profiles: Thuong Nguyen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\tincvkhsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\wdoekcp.exe
() C:\Users\Thuong Nguyen\AppData\Local\igfxmtc\igfxmtc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) D:\Winamp\winamp.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe
() C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2017-08-21] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\...\Run: [KillPingReboot] => C:\Program Files\Kill Ping\KillPingReboot.exe [14968 2017-12-11] ()
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\...\Run: [Kill Ping] => C:\Program Files\Kill Ping\Kill Ping.exe [4968056 2017-12-11] ()
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\...\MountPoints2: {8e0b9231-86e1-11e7-9ab4-806e6f6e6963} - E:\autostart.exe
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-09-07] (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{02ABC834-1167-44AB-8A06-019293B935B7}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{41313292-A190-4E68-80A7-D1D7E5D25948}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{474392D5-5F8E-44C8-8A23-9ED43E1154B7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{693ED24E-8F88-4053-AD06-0CF29E5B3A84}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1849777165-2980190727-2104827836-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 3favs8e1.default
FF ProfilePath: C:\Users\Thuong Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\3favs8e1.default [2017-12-20]
FF Homepage: Mozilla\Firefox\Profiles\3favs8e1.default -> about:blank
FF Extension: (Adblock Plus) - C:\Users\Thuong Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\3favs8e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-23] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-21] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default [2017-12-21]
CHR Extension: (Slides) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-20]
CHR Extension: (Docs) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-20]
CHR Extension: (Google Drive) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-20]
CHR Extension: (YouTube) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-20]
CHR Extension: (Sheets) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-20]
CHR Extension: (Google Docs Offline) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-20]
CHR Extension: (Gmail) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Thuong Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-20]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1849777165-2980190727-2104827836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2017-08-21] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-08-21] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-15] (NVIDIA Corporation)
R2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-27] (RemoteMyApp sp. z o.o.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 5352B364; C:\Windows\System32\drivers\5352B364.sys [255928 2017-12-19] (Malwarebytes)
S3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2258608 2017-02-10] (MediaTek Inc.)
S3 cpuz140; C:\Users\Thuong Nguyen\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-08-25] (CPUID) <==== ATTENTION
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
R3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [495376 2013-04-04] (Intel Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-12-20] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-12-20] (Greatis Software)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-15] (Zemana Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 udiskMgr; system32\drivers\jmptwz.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 01:34 - 2017-12-21 01:34 - 000020467 _____ C:\Users\Thuong Nguyen\Downloads\FRST.txt
2017-12-21 01:33 - 2017-12-21 01:34 - 000000000 ____D C:\FRST
2017-12-21 01:33 - 2017-12-21 01:33 - 002392064 _____ (Farbar) C:\Users\Thuong Nguyen\Downloads\FRST64.exe
2017-12-20 23:37 - 2017-12-20 23:37 - 000000023 _____ C:\Windows\SysWOW64\Partizan.RRI
2017-12-20 23:30 - 2017-12-20 23:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Thuong Nguyen\Downloads\SpyHunter-Installer.exe
2017-12-20 23:23 - 2017-12-20 23:23 - 000142136 ____N C:\Windows\system32\Drivers\pcsilpsv.sys
2017-12-20 22:51 - 2017-12-20 23:23 - 000005482 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-12-20 22:50 - 2017-12-20 23:17 - 000000000 ____D C:\@RestoreQuarantine
2017-12-20 22:40 - 2017-12-20 23:27 - 000000000 ____D C:\ProgramData\RegRun
2017-12-20 22:40 - 2017-12-20 22:40 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-12-20 22:39 - 2017-12-20 23:44 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\RegRun2
2017-12-20 22:39 - 2017-12-20 23:34 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-12-20 22:39 - 2017-12-20 23:27 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-12-20 22:39 - 2017-12-20 22:39 - 000003354 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2017-12-20 22:39 - 2017-12-20 22:39 - 000001011 _____ C:\Users\Thuong Nguyen\Desktop\UnHackMe.lnk
2017-12-20 22:39 - 2017-12-20 22:39 - 000000002 RSHOT C:\Windows\winstart.bat
2017-12-20 22:39 - 2017-12-20 22:39 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-12-20 22:39 - 2017-12-20 22:39 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-12-20 22:39 - 2017-12-20 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-12-20 22:39 - 2017-12-13 17:47 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-12-20 22:39 - 2017-12-13 08:48 - 019105248 _____ (Greatis Software, LLC. ) C:\Users\Thuong Nguyen\Downloads\unhackme_setup.exe
2017-12-20 22:39 - 2017-08-21 19:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.old
2017-12-20 22:39 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-12-20 22:38 - 2017-12-20 22:38 - 019080503 _____ C:\Users\Thuong Nguyen\Downloads\unhackme.zip
2017-12-20 21:42 - 2017-12-20 21:42 - 002527376 _____ (Trend Micro Inc.) C:\Users\Thuong Nguyen\Downloads\HousecallLauncher64.exe
2017-12-20 17:14 - 2014-08-28 20:07 - 003179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-12-20 17:14 - 2014-05-08 03:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-12-20 14:17 - 2017-12-20 17:51 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-20 14:17 - 2017-12-20 14:17 - 000003454 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-20 14:17 - 2017-12-20 14:17 - 000003328 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-12-20 14:17 - 2017-12-20 14:17 - 000000986 _____ C:\Users\Public\Desktop\Gyazo.lnk
2017-12-20 14:17 - 2017-12-20 14:17 - 000000986 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2017-12-20 14:17 - 2017-12-20 14:17 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Gyazo
2017-12-20 14:17 - 2017-12-20 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-12-20 14:16 - 2017-12-20 14:16 - 013938096 _____ (Nota Inc. ) C:\Users\Thuong Nguyen\Downloads\Gyazo-3.3.4.exe
2017-12-20 14:15 - 2017-12-20 14:16 - 000000059 _____ C:\Users\Thuong Nguyen\AppData\Local\UserProducts.xml
2017-12-20 14:14 - 2017-12-20 14:14 - 002731152 _____ (Skillbrains ) C:\Users\Thuong Nguyen\Downloads\setup-lightshot.exe
2017-12-19 22:50 - 2017-12-19 22:50 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7D23C51A.sys
2017-12-19 22:49 - 2017-12-19 22:49 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-12-19 22:38 - 2017-12-19 22:38 - 000000000 ___HD C:\$GetCurrent
2017-12-19 22:37 - 2017-12-19 22:37 - 000000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-19 22:37 - 2017-12-19 22:37 - 000000682 _____ C:\Users\Thuong Nguyen\Desktop\Windows 10 Update Assistant.lnk
2017-12-19 22:37 - 2017-12-19 22:37 - 000000000 ____D C:\Windows10Upgrade
2017-12-19 22:36 - 2017-12-19 22:36 - 006242320 _____ (Microsoft Corporation) C:\Users\Thuong Nguyen\Downloads\Windows10Upgrade24074.exe
2017-12-19 01:15 - 2017-12-19 01:15 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5352B364.sys
2017-12-17 22:20 - 2017-12-17 22:20 - 000000869 _____ C:\Users\Public\Desktop\Kill Ping.lnk
2017-12-17 22:20 - 2017-12-17 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kill Ping
2017-12-17 22:20 - 2017-12-17 22:20 - 000000000 ____D C:\Program Files\TAP-Windows
2017-12-17 22:19 - 2017-12-17 22:19 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Desktop\Kill_Ping_3.3.0.21.exe
2017-12-17 22:09 - 2017-12-17 22:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\KillPing
2017-12-17 22:09 - 2017-12-17 22:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\IsolatedStorage
2017-12-17 22:09 - 2017-12-17 22:09 - 000000000 ____D C:\ProgramData\Kill Ping
2017-12-17 21:57 - 2017-12-17 21:57 - 000013622 _____ C:\Users\Thuong Nguyen\Documents\Kill Ping Invoice-76269.pdf
2017-12-17 21:56 - 2017-12-21 01:32 - 000000000 ____D C:\Program Files\Kill Ping
2017-12-17 21:55 - 2017-12-17 21:55 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Downloads\Kill_Ping_3.3.0.21.exe
2017-12-15 18:32 - 2017-12-15 18:47 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5587732F.sys
2017-12-15 18:31 - 2017-12-20 10:25 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-15 18:31 - 2017-12-19 22:54 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\mbar
2017-12-15 17:19 - 2017-12-15 17:19 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\{39C90F95-1D61-632D-70F9-46C55491BA5D}
2017-12-15 17:18 - 2017-12-15 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-12-15 17:18 - 2017-12-15 17:18 - 000000000 ____D C:\Program Files\PowerISO
2017-12-15 17:18 - 2017-06-06 18:36 - 000138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2017-12-15 16:52 - 2017-12-15 16:52 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\WinISO Computing
2017-12-15 16:52 - 2017-12-15 16:52 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinISO
2017-12-15 16:52 - 2017-12-15 16:52 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\WinISO Computing
2017-12-15 16:52 - 2017-12-15 16:52 - 000000000 ____D C:\Program Files (x86)\WinISO Computing
2017-12-15 16:52 - 2016-10-20 09:13 - 000204032 _____ (WinISO.com) C:\Windows\system32\Drivers\WinisoCDBus.sys
2017-12-15 16:32 - 2017-12-15 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-12-15 16:32 - 2017-12-15 16:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-12-15 14:33 - 2017-12-15 16:13 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\Thumb Drive
2017-12-15 14:32 - 2017-12-15 14:32 - 000000000 ___HD C:\$AV_ASW
2017-12-15 14:22 - 2017-12-15 16:27 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151337686143604
2017-12-15 14:22 - 2017-12-15 16:27 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa919cb190088d68e.tmp
2017-12-15 14:22 - 2017-12-15 16:11 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-15 14:22 - 2017-12-15 14:22 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswddd2977ab543040f.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151336936143504
2017-12-15 14:22 - 2017-12-15 14:22 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\asw77f1ddca0e530c97.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswf5a0b7812a9f6a34.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw2d2d868b96d8c465.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw80de2ec735b34a44.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswecfee1acda8cb74b.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf3c88580dafb7be9.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\asw827f5ff2c4d32f5a.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc26911067e37f9d4.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe323630720be6298.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw63f4bbbb5804bb4e.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd8fa3985d2fed5df.tmp
2017-12-15 14:22 - 2017-12-15 14:22 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\AVAST Software
2017-12-15 14:22 - 2017-12-15 14:22 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-15 14:22 - 2017-12-15 14:22 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-15 13:15 - 2017-12-15 13:15 - 000000000 ____D C:\ProgramData\dbg
2017-12-15 13:08 - 2017-12-15 13:08 - 000006790 _____ C:\Users\Thuong Nguyen\Desktop\look at these 2.txt
2017-12-15 13:06 - 2017-12-15 13:06 - 000006867 _____ C:\Users\Thuong Nguyen\Desktop\look at these.txt
2017-12-15 12:59 - 2017-12-19 22:57 - 000000560 _____ C:\Users\Thuong Nguyen\Desktop\JRT.txt
2017-12-15 12:55 - 2017-12-20 21:13 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-12-15 12:46 - 2017-12-15 12:46 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-15 12:45 - 2017-12-21 00:39 - 000832587 _____ C:\Windows\ZAM.krnl.trace
2017-12-15 12:45 - 2017-12-21 00:23 - 000841512 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-15 12:45 - 2017-12-15 12:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-12-15 12:45 - 2017-12-15 12:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-12-15 12:45 - 2017-12-15 12:45 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Zemana
2017-12-15 12:45 - 2017-12-15 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-12-15 12:45 - 2017-12-15 12:45 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-15 12:44 - 2017-12-15 12:46 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-15 12:35 - 2017-12-19 01:28 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\cleaning
2017-12-15 11:53 - 2017-12-15 11:53 - 000002014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Online.lnk
2017-12-15 11:53 - 2017-12-15 11:53 - 000002008 _____ C:\Users\Public\Desktop\Black Desert Online.lnk
2017-12-15 11:53 - 2017-12-15 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2017-12-15 11:51 - 2017-12-15 11:51 - 051930432 _____ (Kakao Games Europe B.V.) C:\Users\Thuong Nguyen\Downloads\BlackDesertOnlineSetup_20170726_1022.exe
2017-12-14 00:33 - 2017-12-14 00:33 - 000000068 _____ C:\Users\Thuong Nguyen\AppData\Local\b5wqke8ztn
2017-12-13 12:08 - 2017-12-13 12:08 - 000000000 ___DC C:\Users\Thuong Nguyen\AppData\Local\MigWiz
2017-12-13 09:42 - 2017-12-13 09:42 - 008187336 _____ (Malwarebytes) C:\Users\Thuong Nguyen\Desktop\adwcleaner_7.0.5.0.exe
2017-12-13 09:26 - 2017-12-13 12:17 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-13 09:26 - 2017-12-13 09:26 - 083316440 _____ (Malwarebytes ) C:\Users\Thuong Nguyen\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-13 09:26 - 2017-12-13 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-13 09:26 - 2017-12-13 09:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-13 09:26 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-13 09:22 - 2017-12-13 09:58 - 000000000 ____D C:\Windows\pss
2017-12-13 09:17 - 2017-12-20 23:47 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\nvsbzai
2017-12-13 09:15 - 2017-12-21 00:59 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\wdoekcp
2017-12-13 09:15 - 2017-12-17 21:50 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\igfxmtc
2017-12-13 09:15 - 2017-12-13 09:15 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Macromedia
2017-12-13 09:14 - 2017-12-21 00:51 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-13 09:14 - 2017-12-20 23:23 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tincvkhsvc.exe
2017-12-13 09:14 - 2017-12-19 01:28 - 000000000 ___HD C:\Program Files (x86)\jared
2017-12-13 09:14 - 2017-12-15 20:22 - 000000000 ____D C:\Windows\system32\wdhlmic
2017-12-13 09:14 - 2017-12-15 16:13 - 000000000 ____D C:\Program Files (x86)\boase
2017-12-13 09:14 - 2017-12-15 13:17 - 000000000 ___HD C:\Program Files (x86)\Bizet
2017-12-13 09:14 - 2017-12-13 09:14 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 09:14 - 2017-12-13 09:14 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 09:14 - 2017-12-13 09:14 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 09:14 - 2017-12-13 09:14 - 000000020 _____ C:\Windows\b3239755
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ____D C:\Windows\SysWOW64\wdhlmic
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ____D C:\Program Files (x86)\plunging
2017-12-13 09:13 - 2017-12-13 09:13 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\et
2017-12-13 09:11 - 2017-12-15 16:13 - 000000000 ____D C:\Users\Thuong Nguyen\Downloads\RemoveWAT v2.2.6
2017-12-13 08:53 - 2017-12-13 08:53 - 001407310 _____ (Igor Pavlov) C:\Users\Thuong Nguyen\Downloads\7z1701-x64.exe
2017-12-13 08:53 - 2017-12-13 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-12-13 08:53 - 2017-12-13 08:53 - 000000000 ____D C:\Program Files\7-Zip
2017-12-13 00:25 - 2017-12-13 00:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 00:20 - 2013-10-01 20:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-12-13 00:20 - 2013-10-01 20:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-12-13 00:20 - 2013-10-01 20:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-12-13 00:20 - 2013-10-01 19:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-12-13 00:20 - 2013-10-01 19:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-12-13 00:20 - 2013-10-01 19:29 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-12-13 00:20 - 2013-10-01 19:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-12-13 00:20 - 2013-10-01 18:15 - 001057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-12-13 00:20 - 2013-10-01 18:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-12-13 00:20 - 2013-10-01 18:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-12-13 00:20 - 2013-10-01 18:08 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-12-13 00:20 - 2013-10-01 18:01 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-12-13 00:20 - 2013-10-01 17:58 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-12-13 00:20 - 2013-10-01 17:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-12-13 00:20 - 2013-10-01 17:08 - 000855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-12-13 00:20 - 2013-10-01 16:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-12-13 00:20 - 2013-10-01 14:57 - 006578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-12-13 00:20 - 2013-10-01 14:55 - 005698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-12-13 00:09 - 2012-08-23 08:13 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-12-13 00:09 - 2012-08-23 08:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-12-13 00:09 - 2012-08-23 05:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-12-13 00:09 - 2012-08-23 04:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-12-13 00:03 - 2017-10-27 10:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-13 00:03 - 2017-09-13 17:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-13 00:03 - 2017-09-13 17:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-13 00:03 - 2017-09-13 17:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-13 00:03 - 2017-09-13 17:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-13 00:01 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-12-13 00:01 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-12-13 00:01 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-12-13 00:01 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-12-13 00:01 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-12-13 00:01 - 2016-04-14 07:49 - 000603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-12-13 00:01 - 2016-04-14 07:21 - 000647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-12-13 00:01 - 2016-04-08 22:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-12-13 00:01 - 2016-04-08 21:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-12-13 00:01 - 2015-12-08 15:54 - 002285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-12-13 00:01 - 2015-12-08 13:07 - 002777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-12-13 00:01 - 2015-07-30 12:06 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-12-13 00:01 - 2015-07-30 12:06 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-12-13 00:01 - 2015-07-30 12:06 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-12-13 00:01 - 2015-07-30 11:57 - 001987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-12-13 00:01 - 2015-07-30 11:57 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-12-13 00:01 - 2013-11-26 02:16 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-12-13 00:01 - 2013-11-22 16:48 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-12-12 23:51 - 2015-02-03 21:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-12-12 23:51 - 2015-02-03 20:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-12-12 16:02 - 2017-11-15 19:41 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-12-12 16:02 - 2017-11-15 19:41 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-12-11 16:57 - 2017-12-11 16:57 - 000035750 _____ C:\Windows\uninstaller.dat
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-11-28 12:56 - 2017-11-28 12:56 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\dvdcss
2017-11-27 12:21 - 2017-11-27 12:21 - 001014369 _____ C:\Users\Thuong Nguyen\Documents\2016_nmfs_gear_form.pdf
2017-11-27 12:20 - 2017-11-27 12:20 - 000049793 _____ C:\Users\Thuong Nguyen\Documents\2016_nmfs_landings_form.pdf
2017-11-25 20:42 - 2017-11-25 20:42 - 000000555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2017-11-25 20:42 - 2017-11-25 20:42 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\Vuze Downloads
2017-11-25 20:42 - 2017-11-25 20:42 - 000000000 ____D C:\Users\Thuong Nguyen\.swt
2017-11-25 20:41 - 2017-12-05 19:14 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Azureus
2017-11-25 20:40 - 2017-11-25 20:40 - 000091808 _____ (Azureus Software, Inc.) C:\Users\Thuong Nguyen\Downloads\VuzeBittorrentClientInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 01:34 - 2009-07-13 20:34 - 020971520 _____ C:\Windows\system32\config\HARDWARE
2017-12-21 01:25 - 2017-10-03 21:56 - 000000000 ____D C:\ProgramData\Remotr
2017-12-21 00:44 - 2009-07-13 22:45 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-21 00:44 - 2009-07-13 22:45 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-20 23:58 - 2017-08-21 20:40 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2017-12-20 23:54 - 2017-08-22 23:32 - 000007626 _____ C:\Users\Thuong Nguyen\AppData\Local\Resmon.ResmonCfg
2017-12-20 23:29 - 2017-08-22 22:22 - 000740406 _____ C:\Windows\system32\perfh015.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000683802 _____ C:\Windows\system32\perfh00E.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000607036 _____ C:\Windows\system32\perfh008.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000416826 _____ C:\Windows\system32\perfh011.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000383998 _____ C:\Windows\system32\prfh0804.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000171382 _____ C:\Windows\system32\perfc00E.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000155980 _____ C:\Windows\system32\perfc015.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000122208 _____ C:\Windows\system32\perfc011.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000119700 _____ C:\Windows\system32\prfc0804.dat
2017-12-20 23:29 - 2017-08-22 22:22 - 000111236 _____ C:\Windows\system32\perfc008.dat
2017-12-20 23:29 - 2009-08-25 12:32 - 000663768 _____ C:\Windows\system32\perfh01D.dat
2017-12-20 23:29 - 2009-08-25 12:32 - 000142582 _____ C:\Windows\system32\perfc01D.dat
2017-12-20 23:29 - 2009-08-25 11:41 - 000724648 _____ C:\Windows\system32\perfh019.dat
2017-12-20 23:29 - 2009-08-25 11:41 - 000150950 _____ C:\Windows\system32\perfc019.dat
2017-12-20 23:29 - 2009-08-25 11:33 - 000743546 _____ C:\Windows\system32\perfh013.dat
2017-12-20 23:29 - 2009-08-25 11:33 - 000153210 _____ C:\Windows\system32\perfc013.dat
2017-12-20 23:29 - 2009-08-25 11:25 - 000494562 _____ C:\Windows\system32\perfh014.dat
2017-12-20 23:29 - 2009-08-25 11:25 - 000095512 _____ C:\Windows\system32\perfc014.dat
2017-12-20 23:29 - 2009-08-25 11:18 - 000740094 _____ C:\Windows\system32\perfh010.dat
2017-12-20 23:29 - 2009-08-25 11:18 - 000146954 _____ C:\Windows\system32\perfc010.dat
2017-12-20 23:29 - 2009-08-25 11:09 - 000745764 _____ C:\Windows\system32\perfh00C.dat
2017-12-20 23:29 - 2009-08-25 11:09 - 000149688 _____ C:\Windows\system32\perfc00C.dat
2017-12-20 23:29 - 2009-08-25 11:01 - 000481550 _____ C:\Windows\system32\perfh00B.dat
2017-12-20 23:29 - 2009-08-25 11:01 - 000101628 _____ C:\Windows\system32\perfc00B.dat
2017-12-20 23:29 - 2009-08-25 10:54 - 000745504 _____ C:\Windows\system32\perfh00A.dat
2017-12-20 23:29 - 2009-08-25 10:54 - 000158582 _____ C:\Windows\system32\perfc00A.dat
2017-12-20 23:29 - 2009-08-25 10:46 - 000697256 _____ C:\Windows\system32\perfh007.dat
2017-12-20 23:29 - 2009-08-25 10:46 - 000149224 _____ C:\Windows\system32\perfc007.dat
2017-12-20 23:29 - 2009-08-25 10:38 - 000509462 _____ C:\Windows\system32\perfh006.dat
2017-12-20 23:29 - 2009-08-25 10:38 - 000098766 _____ C:\Windows\system32\perfc006.dat
2017-12-20 23:29 - 2009-07-13 23:13 - 012054442 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-20 23:29 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-12-20 23:25 - 2017-08-21 19:45 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-20 23:23 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-20 21:11 - 2017-08-21 19:50 - 000000000 ____D C:\AdwCleaner
2017-12-20 20:18 - 2017-08-22 22:35 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\discord
2017-12-20 02:14 - 2017-08-22 21:03 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\Black Desert
2017-12-19 13:38 - 2017-08-23 20:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 01:43 - 2017-08-22 09:36 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\CrashDumps
2017-12-19 01:34 - 2017-08-23 20:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 23:38 - 2017-08-21 19:17 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\LocalLow\Mozilla
2017-12-17 22:17 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-15 18:32 - 2017-08-21 19:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-15 17:07 - 2009-07-13 23:08 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-15 15:23 - 2017-10-17 14:34 - 000000000 ____D C:\ProgramData\Skype
2017-12-15 15:04 - 2017-10-16 19:09 - 000000000 ____D C:\Windows\Minidump
2017-12-15 15:04 - 2017-08-21 20:28 - 000352818 ____N C:\Windows\Minidump\121517-7706-01.dmp
2017-12-15 13:15 - 2017-08-21 18:36 - 000000000 ____D C:\Users\Thuong Nguyen
2017-12-15 11:53 - 2017-08-21 19:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-15 00:33 - 2017-08-22 08:50 - 000000393 _____ C:\Users\Thuong Nguyen\AppData\Roaming\WB.CFG
2017-12-14 11:32 - 2017-08-26 22:04 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-12-14 00:33 - 2017-08-21 19:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-13 19:22 - 2017-08-26 15:09 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 09:52 - 2017-08-23 20:47 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Skype
2017-12-13 03:43 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2017-12-13 00:33 - 2017-08-23 03:16 - 000000000 ____D C:\Windows\system32\appraiser
2017-12-13 00:33 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2017-12-13 00:33 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\et-EE
2017-12-13 00:33 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-13 00:26 - 2017-08-22 12:25 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 00:25 - 2017-08-22 12:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 00:24 - 2017-08-21 19:30 - 011900688 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-13 00:03 - 2017-08-21 19:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-13 00:03 - 2017-08-21 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-13 00:03 - 2017-08-21 19:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-13 00:02 - 2017-08-21 19:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-13 00:02 - 2017-08-21 19:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-12 16:05 - 2017-10-07 09:54 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\vlc
2017-12-12 16:02 - 2017-08-21 19:45 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 16:02 - 2017-08-21 19:45 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-11 18:13 - 2017-08-22 22:35 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-11 18:13 - 2017-08-22 22:35 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Discord
2017-12-10 17:14 - 2017-09-29 08:02 - 000008079 _____ C:\Users\Thuong Nguyen\Documents\Everything.m3u8
2017-12-01 15:14 - 2009-07-13 21:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-30 14:25 - 2017-08-25 12:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-24 20:09 - 2017-11-18 09:41 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Battle.net
2017-11-24 20:09 - 2017-11-18 09:40 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-22 07:42 - 2017-10-21 13:39 - 000000000 ____D C:\Program Files (x86)\Soda PDF Desktop Manager
2017-11-22 07:42 - 2017-10-21 13:38 - 000000000 ____D C:\Program Files\Soda PDF Desktop
2017-11-22 07:42 - 2017-10-21 13:37 - 000000000 ____D C:\ProgramData\Soda PDF Desktop

==================== Files in the root of some directories =======

2017-08-22 08:50 - 2017-12-15 00:33 - 000000393 _____ () C:\Users\Thuong Nguyen\AppData\Roaming\WB.CFG
2017-12-14 00:33 - 2017-12-14 00:33 - 000000068 _____ () C:\Users\Thuong Nguyen\AppData\Local\b5wqke8ztn
2017-08-22 23:32 - 2017-12-20 23:54 - 000007626 _____ () C:\Users\Thuong Nguyen\AppData\Local\Resmon.ResmonCfg
2017-12-20 14:15 - 2017-12-20 14:15 - 000000003 _____ () C:\Users\Thuong Nguyen\AppData\Local\updater.log
2017-12-20 14:15 - 2017-12-20 14:16 - 000000059 _____ () C:\Users\Thuong Nguyen\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-08-22 21:04 - 2017-12-12 20:51 - 000000180 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-08-22 21:04 - 2017-12-20 23:58 - 000000088 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\a0f7bc24eac5ac249ac3c80d81a8909a.dll
2017-11-25 20:42 - 2017-12-05 19:14 - 000079904 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\i4jdel0.exe
2017-08-21 19:49 - 2017-08-09 16:21 - 000758288 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvSCPAPI.dll
2017-08-21 19:49 - 2017-08-09 16:21 - 000873136 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvSCPAPI64.dll
2017-09-28 22:21 - 2017-08-09 16:21 - 000368576 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\pcsilpsv.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-19 06:44

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hiya Disbett,

It is not an external hard drive we need, it is a USB Flash drive, also called memory stick or pen drive.... Continue:

Plug USB Flash Drive into spare PC, navigate to that drive and Right click on it directly, select > Format. Tha quick option is adequate.

When the format completes download Farbar Recovery Scan Tool from here:
                                                                  
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Do NOT plug the Flash drive into the sick PC untill booted to the Recovery Environment

If you are using Vista or Windows 7 enter System Recovery Options as follows.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  E:\frst64 or E:\frst depending on your version. Press Enter
    Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next,

Boot back to Normal Windows, now run Malwarebytes as follows:

Open Malwarebytes Anti-Malware.

  • On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives

  • Scroll further to Potential Threat Protection make sure the following are set as follows:

    Potentially Unwanted Programs (PUP`s)         set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s)  set as :- Alwaysdetect PUM`s (recommended)

  • Click on the Scan make sure Threat Scan is selected,

  • A Threat Scan will begin.

  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

  • If asked to restart your computer to complete the removal, please do so

  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options: > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     

  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Let me see those two logs in your reply..

Thank you,

Kevin.

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by SYSTEM on MININT-5UJSMRE (21-12-2017 03:53:53)
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2017-08-21] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\Thuong Nguyen\...\Run: [KillPingReboot] => C:\Program Files\Kill Ping\KillPingReboot.exe [14968 2017-12-11] ()
HKU\Thuong Nguyen\...\Run: [Kill Ping] => C:\Program Files\Kill Ping\Kill Ping.exe [4968056 2017-12-11] ()
HKU\Thuong Nguyen\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\bnkzacxg" => removed successfully
C:\Windows\System32\drivers\pcswadgj.sys => moved successfully
"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
C:\Users\Thuong Nguyen\AppData\Local\igfxmtc\igfxmtc.exe => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\cscipgh.exe => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\wdoekcp\wdoekcp.exe => moved successfully
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-27] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-15] (NVIDIA Corporation)
S2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-27] (RemoteMyApp sp. z o.o.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 5352B364; C:\Windows\System32\drivers\5352B364.sys [255928 2017-12-18] (Malwarebytes)
S3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2258608 2017-02-10] (MediaTek Inc.)
S3 cpuz140; C:\Users\Thuong Nguyen\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-08-25] (CPUID) <==== ATTENTION
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
S3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [495376 2013-04-04] (Intel Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-12-20] ()
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-21] (Malwarebytes)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
S0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-12-20] (Greatis Software)
S2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-15] (Zemana Ltd.)
S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-15] (Zemana Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 01:37 - 2017-12-21 01:45 - 000052093 _____ C:\Windows\ZAM.krnl.trace
2017-12-21 01:37 - 2017-12-21 01:45 - 000023174 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-21 01:37 - 2017-12-21 01:44 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-12-20 23:34 - 2017-12-20 23:34 - 000055365 _____ C:\Users\Thuong Nguyen\Downloads\FRST.txt
2017-12-20 23:34 - 2017-12-20 23:34 - 000039421 _____ C:\Users\Thuong Nguyen\Downloads\Addition.txt
2017-12-20 23:33 - 2017-12-21 03:53 - 000000000 ____D C:\FRST
2017-12-20 23:33 - 2017-12-20 23:33 - 002392064 _____ (Farbar) C:\Users\Thuong Nguyen\Downloads\FRST64.exe
2017-12-20 21:30 - 2017-12-20 21:30 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Thuong Nguyen\Downloads\SpyHunter-Installer.exe
2017-12-20 20:51 - 2017-12-21 01:43 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-12-20 20:50 - 2017-12-20 21:17 - 000000000 ____D C:\@RestoreQuarantine
2017-12-20 20:40 - 2017-12-20 21:27 - 000000000 ____D C:\ProgramData\RegRun
2017-12-20 20:40 - 2017-12-20 20:40 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-12-20 20:39 - 2017-12-20 21:44 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\RegRun2
2017-12-20 20:39 - 2017-12-20 21:34 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-12-20 20:39 - 2017-12-20 21:27 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-12-20 20:39 - 2017-12-20 20:39 - 000003354 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2017-12-20 20:39 - 2017-12-20 20:39 - 000001011 _____ C:\Users\Thuong Nguyen\Desktop\UnHackMe.lnk
2017-12-20 20:39 - 2017-12-20 20:39 - 000000002 RSHOT C:\Windows\winstart.bat
2017-12-20 20:39 - 2017-12-20 20:39 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-12-20 20:39 - 2017-12-20 20:39 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-12-20 20:39 - 2017-12-13 15:47 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-12-20 20:39 - 2017-12-13 06:48 - 019105248 _____ (Greatis Software, LLC. ) C:\Users\Thuong Nguyen\Downloads\unhackme_setup.exe
2017-12-20 20:39 - 2017-08-21 17:39 - 000000824 _____ C:\Windows\System32\Drivers\etc\hosts.old
2017-12-20 20:39 - 2015-12-28 09:32 - 000049968 _____ (Greatis Software) C:\Windows\System32\partizan.exe
2017-12-20 20:38 - 2017-12-20 20:38 - 019080503 _____ C:\Users\Thuong Nguyen\Downloads\unhackme.zip
2017-12-20 19:42 - 2017-12-20 19:42 - 002527376 _____ (Trend Micro Inc.) C:\Users\Thuong Nguyen\Downloads\HousecallLauncher64.exe
2017-12-20 15:14 - 2014-08-28 18:07 - 003179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-12-20 15:14 - 2014-05-08 01:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2017-12-20 12:17 - 2017-12-20 15:51 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-20 12:17 - 2017-12-20 12:17 - 000003454 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-20 12:17 - 2017-12-20 12:17 - 000003328 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-12-20 12:17 - 2017-12-20 12:17 - 000000986 _____ C:\Users\Public\Desktop\Gyazo.lnk
2017-12-20 12:17 - 2017-12-20 12:17 - 000000986 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2017-12-20 12:17 - 2017-12-20 12:17 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Gyazo
2017-12-20 12:16 - 2017-12-20 12:16 - 013938096 _____ (Nota Inc. ) C:\Users\Thuong Nguyen\Downloads\Gyazo-3.3.4.exe
2017-12-20 12:15 - 2017-12-20 12:16 - 000000059 _____ C:\Users\Thuong Nguyen\AppData\Local\UserProducts.xml
2017-12-20 12:14 - 2017-12-20 12:14 - 002731152 _____ (Skillbrains ) C:\Users\Thuong Nguyen\Downloads\setup-lightshot.exe
2017-12-19 20:50 - 2017-12-19 20:50 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7D23C51A.sys
2017-12-19 20:49 - 2017-12-19 20:49 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-12-19 20:38 - 2017-12-19 20:38 - 000000000 ___HD C:\$GetCurrent
2017-12-19 20:37 - 2017-12-19 20:37 - 000000682 _____ C:\Users\Thuong Nguyen\Desktop\Windows 10 Update Assistant.lnk
2017-12-19 20:37 - 2017-12-19 20:37 - 000000000 ____D C:\Windows10Upgrade
2017-12-19 20:36 - 2017-12-19 20:36 - 006242320 _____ (Microsoft Corporation) C:\Users\Thuong Nguyen\Downloads\Windows10Upgrade24074.exe
2017-12-18 23:15 - 2017-12-18 23:15 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\5352B364.sys
2017-12-17 20:20 - 2017-12-17 20:20 - 000000869 _____ C:\Users\Public\Desktop\Kill Ping.lnk
2017-12-17 20:20 - 2017-12-17 20:20 - 000000000 ____D C:\Program Files\TAP-Windows
2017-12-17 20:19 - 2017-12-17 20:19 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Desktop\Kill_Ping_3.3.0.21.exe
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\KillPing
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\IsolatedStorage
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\ProgramData\Kill Ping
2017-12-17 19:57 - 2017-12-17 19:57 - 000013622 _____ C:\Users\Thuong Nguyen\Documents\Kill Ping Invoice-76269.pdf
2017-12-17 19:56 - 2017-12-21 01:00 - 000000000 ____D C:\Program Files\Kill Ping
2017-12-17 19:55 - 2017-12-17 19:55 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Downloads\Kill_Ping_3.3.0.21.exe
2017-12-15 16:32 - 2017-12-15 16:47 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\5587732F.sys
2017-12-15 16:31 - 2017-12-20 08:25 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-15 16:31 - 2017-12-19 20:54 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\mbar
2017-12-15 15:19 - 2017-12-15 15:19 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\{39C90F95-1D61-632D-70F9-46C55491BA5D}
2017-12-15 14:52 - 2017-12-15 14:52 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\WinISO Computing
2017-12-15 14:52 - 2017-12-15 14:52 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\WinISO Computing
2017-12-15 14:52 - 2017-12-15 14:52 - 000000000 ____D C:\Program Files (x86)\WinISO Computing
2017-12-15 14:52 - 2016-10-20 07:13 - 000204032 _____ (WinISO.com) C:\Windows\System32\Drivers\WinisoCDBus.sys
2017-12-15 14:32 - 2017-12-15 14:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-12-15 12:33 - 2017-12-15 14:13 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\Thumb Drive
2017-12-15 12:32 - 2017-12-15 12:32 - 000000000 ___HD C:\$AV_ASW
2017-12-15 12:22 - 2017-12-21 01:37 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-15 12:22 - 2017-12-15 14:27 - 000455384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys.151337686143604
2017-12-15 12:22 - 2017-12-15 12:22 - 000455384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys.151336936143504
2017-12-15 12:22 - 2017-12-15 12:22 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-15 11:15 - 2017-12-15 11:15 - 000000000 ____D C:\ProgramData\dbg
2017-12-15 11:08 - 2017-12-15 11:08 - 000006790 _____ C:\Users\Thuong Nguyen\Desktop\look at these 2.txt
2017-12-15 11:06 - 2017-12-15 11:06 - 000006867 _____ C:\Users\Thuong Nguyen\Desktop\look at these.txt
2017-12-15 10:59 - 2017-12-19 20:57 - 000000560 _____ C:\Users\Thuong Nguyen\Desktop\JRT.txt
2017-12-15 10:55 - 2017-12-20 19:13 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2017-12-15 10:46 - 2017-12-15 10:46 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-15 10:45 - 2017-12-15 10:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2017-12-15 10:45 - 2017-12-15 10:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zam64.sys
2017-12-15 10:45 - 2017-12-15 10:45 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Zemana
2017-12-15 10:45 - 2017-12-15 10:45 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-15 10:44 - 2017-12-15 10:46 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-15 10:35 - 2017-12-18 23:28 - 000000000 ____D C:\Users\Thuong Nguyen\Desktop\cleaning
2017-12-15 09:53 - 2017-12-15 09:53 - 000002008 _____ C:\Users\Public\Desktop\Black Desert Online.lnk
2017-12-15 09:51 - 2017-12-15 09:51 - 051930432 _____ (Kakao Games Europe B.V.) C:\Users\Thuong Nguyen\Downloads\BlackDesertOnlineSetup_20170726_1022.exe
2017-12-13 22:33 - 2017-12-13 22:33 - 000000068 _____ C:\Users\Thuong Nguyen\AppData\Local\b5wqke8ztn
2017-12-13 10:08 - 2017-12-13 10:08 - 000000000 ___DC C:\Users\Thuong Nguyen\AppData\Local\MigWiz
2017-12-13 07:42 - 2017-12-13 07:42 - 008187336 _____ (Malwarebytes) C:\Users\Thuong Nguyen\Desktop\adwcleaner_7.0.5.0.exe
2017-12-13 07:26 - 2017-12-13 10:17 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-13 07:26 - 2017-12-13 07:26 - 083316440 _____ (Malwarebytes ) C:\Users\Thuong Nguyen\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-13 07:26 - 2017-12-13 07:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-13 07:26 - 2017-11-29 07:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-12-13 07:22 - 2017-12-13 07:58 - 000000000 ____D C:\Windows\pss
2017-12-13 07:17 - 2017-12-20 21:47 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\nvsbzai
2017-12-13 07:15 - 2017-12-21 03:53 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\wdoekcp
2017-12-13 07:15 - 2017-12-21 03:53 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\igfxmtc
2017-12-13 07:15 - 2017-12-13 07:15 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Macromedia
2017-12-13 07:14 - 2017-12-21 01:43 - 002884096 _____ C:\Windows\System32\tincvkhsvc.exe
2017-12-13 07:14 - 2017-12-21 00:51 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-13 07:14 - 2017-12-18 23:28 - 000000000 ___HD C:\Program Files (x86)\jared
2017-12-13 07:14 - 2017-12-15 18:22 - 000000000 ____D C:\Windows\System32\wdhlmic
2017-12-13 07:14 - 2017-12-15 14:13 - 000000000 ____D C:\Program Files (x86)\boase
2017-12-13 07:14 - 2017-12-15 11:17 - 000000000 ___HD C:\Program Files (x86)\Bizet
2017-12-13 07:14 - 2017-12-13 07:14 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 07:14 - 2017-12-13 07:14 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 07:14 - 2017-12-13 07:14 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 07:14 - 2017-12-13 07:14 - 000000020 _____ C:\Windows\b3239755
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Windows\SysWOW64\wdhlmic
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Windows\System32\Macromed
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Program Files (x86)\plunging
2017-12-13 07:13 - 2017-12-13 07:13 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\et
2017-12-13 07:11 - 2017-12-15 14:13 - 000000000 ____D C:\Users\Thuong Nguyen\Downloads\RemoveWAT v2.2.6
2017-12-13 06:53 - 2017-12-13 06:53 - 001407310 _____ (Igor Pavlov) C:\Users\Thuong Nguyen\Downloads\7z1701-x64.exe
2017-12-13 06:53 - 2017-12-13 06:53 - 000000000 ____D C:\Program Files\7-Zip
2017-12-12 22:25 - 2017-12-12 22:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-12-12 22:20 - 2013-10-01 18:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2017-12-12 22:20 - 2013-10-01 18:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2017-12-12 22:20 - 2013-10-01 18:08 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2017-12-12 22:20 - 2013-10-01 17:48 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2017-12-12 22:20 - 2013-10-01 17:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2017-12-12 22:20 - 2013-10-01 17:29 - 000062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2017-12-12 22:20 - 2013-10-01 17:10 - 000044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2017-12-12 22:20 - 2013-10-01 16:15 - 001057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2017-12-12 22:20 - 2013-10-01 16:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-12-12 22:20 - 2013-10-01 16:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-12-12 22:20 - 2013-10-01 16:08 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2017-12-12 22:20 - 2013-10-01 16:01 - 000420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2017-12-12 22:20 - 2013-10-01 15:58 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-12-12 22:20 - 2013-10-01 15:31 - 001147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2017-12-12 22:20 - 2013-10-01 15:08 - 000855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-12-12 22:20 - 2013-10-01 14:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-12-12 22:20 - 2013-10-01 12:57 - 006578176 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-12-12 22:20 - 2013-10-01 12:55 - 005698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-12-12 22:09 - 2012-08-23 06:13 - 000243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-12-12 22:09 - 2012-08-23 06:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2017-12-12 22:09 - 2012-08-23 03:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-12-12 22:09 - 2012-08-23 02:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2017-12-12 22:03 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-12 22:03 - 2017-09-13 15:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-12 22:03 - 2017-09-13 15:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-12 22:03 - 2017-09-13 15:19 - 000927544 _____ C:\Windows\System32\vulkan-1.dll
2017-12-12 22:03 - 2017-09-13 15:19 - 000591160 _____ C:\Windows\System32\vulkaninfo.exe
2017-12-12 22:01 - 2017-10-17 18:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-12-12 22:01 - 2017-10-17 18:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-12-12 22:01 - 2017-10-15 14:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-12-12 22:01 - 2017-10-04 05:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-12-12 22:01 - 2017-10-04 05:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-12-12 22:01 - 2016-04-14 05:49 - 000603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-12-12 22:01 - 2016-04-14 05:21 - 000647680 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2017-12-12 22:01 - 2016-04-08 20:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-12-12 22:01 - 2016-04-08 19:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-12-12 22:01 - 2015-12-08 13:54 - 002285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-12-12 22:01 - 2015-12-08 11:07 - 002777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-12-12 22:01 - 2015-07-30 10:06 - 002565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2017-12-12 22:01 - 2015-07-30 10:06 - 001648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2017-12-12 22:01 - 2015-07-30 10:06 - 001180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2017-12-12 22:01 - 2015-07-30 09:57 - 001987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-12-12 22:01 - 2015-07-30 09:57 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-12-12 22:01 - 2013-11-26 00:16 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-12-12 22:01 - 2013-11-22 14:48 - 003928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-12-12 21:51 - 2015-02-03 19:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2017-12-12 21:51 - 2015-02-03 18:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-12-12 14:02 - 2017-11-15 17:41 - 000057792 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2017-12-12 14:02 - 2017-11-15 17:41 - 000050624 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-12-11 14:57 - 2017-12-11 14:57 - 000035750 _____ C:\Windows\uninstaller.dat
2017-12-03 21:44 - 2017-12-03 21:44 - 000641696 _____ (Microsoft Corporation) C:\Windows\System32\msvcp140.dll
2017-12-03 21:44 - 2017-12-03 21:44 - 000389296 _____ (Microsoft Corporation) C:\Windows\System32\vccorlib140.dll
2017-12-03 21:44 - 2017-12-03 21:44 - 000331432 _____ (Microsoft Corporation) C:\Windows\System32\concrt140.dll
2017-12-03 21:44 - 2017-12-03 21:44 - 000087728 _____ (Microsoft Corporation) C:\Windows\System32\vcruntime140.dll
2017-12-03 21:38 - 2017-12-03 21:38 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 21:38 - 2017-12-03 21:38 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 21:38 - 2017-12-03 21:38 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 21:38 - 2017-12-03 21:38 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-11-28 10:56 - 2017-11-28 10:56 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\dvdcss
2017-11-27 10:21 - 2017-11-27 10:21 - 001014369 _____ C:\Users\Thuong Nguyen\Documents\2016_nmfs_gear_form.pdf
2017-11-27 10:20 - 2017-11-27 10:20 - 000049793 _____ C:\Users\Thuong Nguyen\Documents\2016_nmfs_landings_form.pdf
2017-11-25 18:42 - 2017-11-25 18:42 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\Vuze Downloads
2017-11-25 18:42 - 2017-11-25 18:42 - 000000000 ____D C:\Users\Thuong Nguyen\.swt
2017-11-25 18:41 - 2017-12-05 17:14 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Azureus
2017-11-25 18:40 - 2017-11-25 18:40 - 000091808 _____ (Azureus Software, Inc.) C:\Users\Thuong Nguyen\Downloads\VuzeBittorrentClientInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 01:46 - 2009-07-13 18:34 - 019660800 _____ C:\Windows\System32\config\HARDWARE
2017-12-21 01:45 - 2009-07-13 20:45 - 000013424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-21 01:45 - 2009-07-13 20:45 - 000013424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-21 01:44 - 2017-08-21 17:45 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-21 01:44 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-21 01:00 - 2017-08-21 18:40 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2017-12-20 23:38 - 2017-08-22 20:22 - 000740406 _____ C:\Windows\System32\perfh015.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000683802 _____ C:\Windows\System32\perfh00E.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000607036 _____ C:\Windows\System32\perfh008.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000416826 _____ C:\Windows\System32\perfh011.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000383998 _____ C:\Windows\System32\prfh0804.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000171382 _____ C:\Windows\System32\perfc00E.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000155980 _____ C:\Windows\System32\perfc015.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000122208 _____ C:\Windows\System32\perfc011.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000119700 _____ C:\Windows\System32\prfc0804.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000111236 _____ C:\Windows\System32\perfc008.dat
2017-12-20 23:38 - 2009-08-25 10:32 - 000663768 _____ C:\Windows\System32\perfh01D.dat
2017-12-20 23:38 - 2009-08-25 10:32 - 000142582 _____ C:\Windows\System32\perfc01D.dat
2017-12-20 23:38 - 2009-08-25 09:41 - 000724648 _____ C:\Windows\System32\perfh019.dat
2017-12-20 23:38 - 2009-08-25 09:41 - 000150950 _____ C:\Windows\System32\perfc019.dat
2017-12-20 23:38 - 2009-08-25 09:33 - 000743546 _____ C:\Windows\System32\perfh013.dat
2017-12-20 23:38 - 2009-08-25 09:33 - 000153210 _____ C:\Windows\System32\perfc013.dat
2017-12-20 23:38 - 2009-08-25 09:25 - 000494562 _____ C:\Windows\System32\perfh014.dat
2017-12-20 23:38 - 2009-08-25 09:25 - 000095512 _____ C:\Windows\System32\perfc014.dat
2017-12-20 23:38 - 2009-08-25 09:18 - 000740094 _____ C:\Windows\System32\perfh010.dat
2017-12-20 23:38 - 2009-08-25 09:18 - 000146954 _____ C:\Windows\System32\perfc010.dat
2017-12-20 23:38 - 2009-08-25 09:09 - 000745764 _____ C:\Windows\System32\perfh00C.dat
2017-12-20 23:38 - 2009-08-25 09:09 - 000149688 _____ C:\Windows\System32\perfc00C.dat
2017-12-20 23:38 - 2009-08-25 09:01 - 000481550 _____ C:\Windows\System32\perfh00B.dat
2017-12-20 23:38 - 2009-08-25 09:01 - 000101628 _____ C:\Windows\System32\perfc00B.dat
2017-12-20 23:38 - 2009-08-25 08:54 - 000745504 _____ C:\Windows\System32\perfh00A.dat
2017-12-20 23:38 - 2009-08-25 08:54 - 000158582 _____ C:\Windows\System32\perfc00A.dat
2017-12-20 23:38 - 2009-08-25 08:46 - 000697256 _____ C:\Windows\System32\perfh007.dat
2017-12-20 23:38 - 2009-08-25 08:46 - 000149224 _____ C:\Windows\System32\perfc007.dat
2017-12-20 23:38 - 2009-08-25 08:38 - 000509462 _____ C:\Windows\System32\perfh006.dat
2017-12-20 23:38 - 2009-08-25 08:38 - 000098766 _____ C:\Windows\System32\perfc006.dat
2017-12-20 23:38 - 2009-07-13 21:13 - 012054442 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-20 23:38 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-20 23:25 - 2017-10-03 19:56 - 000000000 ____D C:\ProgramData\Remotr
2017-12-20 21:54 - 2017-08-22 21:32 - 000007626 _____ C:\Users\Thuong Nguyen\AppData\Local\Resmon.ResmonCfg
2017-12-20 19:11 - 2017-08-21 17:50 - 000000000 ____D C:\AdwCleaner
2017-12-20 18:18 - 2017-08-22 20:35 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\discord
2017-12-20 00:14 - 2017-08-22 19:03 - 000000000 ____D C:\Users\Thuong Nguyen\Documents\Black Desert
2017-12-19 11:38 - 2017-08-23 18:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-18 23:43 - 2017-08-22 07:36 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\CrashDumps
2017-12-18 23:34 - 2017-08-23 18:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 21:38 - 2017-08-21 17:17 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\LocalLow\Mozilla
2017-12-17 20:17 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-12-15 16:32 - 2017-08-21 17:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-15 15:07 - 2009-07-13 21:08 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-15 13:23 - 2017-10-17 12:34 - 000000000 ____D C:\ProgramData\Skype
2017-12-15 13:04 - 2017-10-16 17:09 - 000000000 ____D C:\Windows\Minidump
2017-12-15 13:04 - 2017-08-21 18:28 - 000352818 ____N C:\Windows\Minidump\121517-7706-01.dmp
2017-12-15 11:15 - 2017-08-21 16:36 - 000000000 ____D C:\users\Thuong Nguyen
2017-12-15 09:53 - 2017-08-21 17:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-14 22:33 - 2017-08-22 06:50 - 000000393 _____ C:\Users\Thuong Nguyen\AppData\Roaming\WB.CFG
2017-12-13 22:33 - 2017-08-21 17:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-13 07:52 - 2017-08-23 18:47 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\Skype
2017-12-13 01:43 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2017-12-12 22:33 - 2017-08-23 01:16 - 000000000 ____D C:\Windows\System32\appraiser
2017-12-12 22:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2017-12-12 22:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\et-EE
2017-12-12 22:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-12 22:26 - 2017-08-22 10:25 - 000000000 ____D C:\Windows\System32\MRT
2017-12-12 22:25 - 2017-08-22 10:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-12-12 22:24 - 2017-08-21 17:30 - 011900688 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-12 22:03 - 2017-08-21 17:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-12 22:03 - 2017-08-21 17:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-12 22:02 - 2017-08-21 17:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-12 22:02 - 2017-08-21 17:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-12 14:05 - 2017-10-07 07:54 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\vlc
2017-12-12 14:02 - 2017-08-21 17:45 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-12 14:02 - 2017-08-21 17:45 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-11 16:13 - 2017-08-22 20:35 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Discord
2017-12-10 15:14 - 2017-09-29 06:02 - 000008079 _____ C:\Users\Thuong Nguyen\Documents\Everything.m3u8
2017-12-01 13:14 - 2009-07-13 19:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-24 18:09 - 2017-11-18 07:41 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\Battle.net
2017-11-24 18:09 - 2017-11-18 07:40 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-22 05:42 - 2017-10-21 11:39 - 000000000 ____D C:\Program Files (x86)\Soda PDF Desktop Manager
2017-11-22 05:42 - 2017-10-21 11:38 - 000000000 ____D C:\Program Files\Soda PDF Desktop
2017-11-22 05:42 - 2017-10-21 11:37 - 000000000 ____D C:\ProgramData\Soda PDF Desktop

Some files in TEMP:
====================
2017-08-22 19:04 - 2017-12-12 18:51 - 000000180 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-08-22 19:04 - 2017-12-21 00:42 - 000000075 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\a0f7bc24eac5ac249ac3c80d81a8909a.dll
2017-08-21 17:49 - 2017-08-09 14:21 - 000758288 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvSCPAPI.dll
2017-08-21 17:49 - 2017-08-09 14:21 - 000873136 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvSCPAPI64.dll
2017-09-28 20:21 - 2017-08-09 14:21 - 000368576 _____ (NVIDIA Corporation) C:\Users\Thuong Nguyen\AppData\Local\Temp\nvStInst.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 5%
Total physical RAM: 32718.04 MB
Available physical RAM: 30802.55 MB
Total Virtual: 32716.19 MB
Available Virtual: 30804.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:3.83 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (A6210) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive g: (usb1) (Removable) (Total:1953.12 GB) (Free:1952.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:2794.39 GB) (Free:2676.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 579A85B7)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9533F226)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1953.1 GB) (Disk ID: FDC01076)
Partition 1: (Active) - (Size=1953.1 GB) - (Type=07 NTFS)

LastRegBack: 2017-12-19 04:44

==================== End of FRST.txt ============================

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/21/17
Scan Time: 3:57 AM
Log File: 51765da8-e635-11e7-8152-00ff474392d5.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3535
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ThuongNguyen-PC\Thuong Nguyen

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261600
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.SpyHunter, C:\USERS\THUONG NGUYEN\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [882], [433139],1.0.3535
HackTool.WpaKill, C:\USERS\THUONG NGUYEN\DESKTOP\THUMB DRIVE\REMOVEWAT.226.RAR, Quarantined, [3483], [75683],1.0.3535

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Thanks for those logs, continue as follows with your system still in Normal mode..

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download  AdCleaner from here https://www.malwarebytes.com/adwcleaner/

Or from here: https://www.bleepingcomputer.com/download/adwcleaner/dl/125/

  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Thuong Nguyen (21-12-2017 04:47:22) Run:1
Running from C:\Users\Thuong Nguyen\Downloads
Loaded Profiles: Thuong Nguyen (Available Profiles: Thuong Nguyen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\Thuong Nguyen\...\Run: [KillPingReboot] => C:\Program Files\Kill Ping\KillPingReboot.exe [14968 2017-12-11] ()
C:\Program Files\Kill Ping
HKU\Thuong Nguyen\...\Run: [Kill Ping] => C:\Program Files\Kill Ping\Kill Ping.exe [4968056 2017-12-11] ()
S4 5352B364; C:\Windows\System32\drivers\5352B364.sys [255928 2017-12-18] (Malwarebytes)
C:\Windows\System32\drivers\5352B364.sys
S3 cpuz140; C:\Users\Thuong Nguyen\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-08-25] (CPUID) <==== ATTENTION
C:\Users\Thuong Nguyen\AppData\Local\Temp\cpuz140
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 
C:\Windows\winstart.bat
C:\Windows\System32\Drivers\7D23C51A.sys
C:\Windows\System32\Drivers\5352B364.sys
2017-12-17 20:20 - 2017-12-17 20:20 - 000000869 _____ C:\Users\Public\Desktop\Kill Ping.lnk
2017-12-17 20:20 - 2017-12-17 20:20 - 000000000 ____D C:\Program Files\TAP-Windows
2017-12-17 20:19 - 2017-12-17 20:19 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Desktop\Kill_Ping_3.3.0.21.exe
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\KillPing
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\IsolatedStorage
2017-12-17 20:09 - 2017-12-17 20:09 - 000000000 ____D C:\ProgramData\Kill Ping
2017-12-17 19:56 - 2017-12-21 01:00 - 000000000 ____D C:\Program Files\Kill Ping
2017-12-17 19:55 - 2017-12-17 19:55 - 017378112 _____ (Kill Ping ) C:\Users\Thuong Nguyen\Downloads\Kill_Ping_3.3.0.21.exe
2017-12-15 16:32 - 2017-12-15 16:47 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\5587732F.sys
C:\Users\Thuong Nguyen\AppData\Local\b5wqke8ztn
2017-12-13 07:17 - 2017-12-20 21:47 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\nvsbzai
2017-12-13 07:15 - 2017-12-21 03:53 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\wdoekcp
2017-12-13 07:15 - 2017-12-21 03:53 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Local\igfxmtc
2017-12-13 07:14 - 2017-12-21 01:43 - 002884096 _____ C:\Windows\System32\tincvkhsvc.exe
2017-12-13 07:14 - 2017-12-18 23:28 - 000000000 ___HD C:\Program Files (x86)\jared
2017-12-13 07:14 - 2017-12-15 18:22 - 000000000 ____D C:\Windows\System32\wdhlmic
2017-12-13 07:14 - 2017-12-15 14:13 - 000000000 ____D C:\Program Files (x86)\boase
2017-12-13 07:14 - 2017-12-15 11:17 - 000000000 ___HD C:\Program Files (x86)\Bizet
2017-12-13 07:14 - 2017-12-13 07:14 - 000000020 _____ C:\Windows\b3239755
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Windows\SysWOW64\wdhlmic
2017-12-13 07:14 - 2017-12-13 07:14 - 000000000 ____D C:\Program Files (x86)\plunging
2017-12-13 07:13 - 2017-12-13 07:13 - 000000000 ____D C:\Users\Thuong Nguyen\AppData\Roaming\et
C:\Windows\uninstaller.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000740406 _____ C:\Windows\System32\perfh015.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000683802 _____ C:\Windows\System32\perfh00E.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000607036 _____ C:\Windows\System32\perfh008.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000416826 _____ C:\Windows\System32\perfh011.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000383998 _____ C:\Windows\System32\prfh0804.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000171382 _____ C:\Windows\System32\perfc00E.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000155980 _____ C:\Windows\System32\perfc015.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000122208 _____ C:\Windows\System32\perfc011.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000119700 _____ C:\Windows\System32\prfc0804.dat
2017-12-20 23:38 - 2017-08-22 20:22 - 000111236 _____ C:\Windows\System32\perfc008.dat
2017-12-20 23:38 - 2009-08-25 10:32 - 000663768 _____ C:\Windows\System32\perfh01D.dat
2017-12-20 23:38 - 2009-08-25 10:32 - 000142582 _____ C:\Windows\System32\perfc01D.dat
2017-12-20 23:38 - 2009-08-25 09:41 - 000724648 _____ C:\Windows\System32\perfh019.dat
2017-12-20 23:38 - 2009-08-25 09:41 - 000150950 _____ C:\Windows\System32\perfc019.dat
2017-12-20 23:38 - 2009-08-25 09:33 - 000743546 _____ C:\Windows\System32\perfh013.dat
2017-12-20 23:38 - 2009-08-25 09:33 - 000153210 _____ C:\Windows\System32\perfc013.dat
2017-12-20 23:38 - 2009-08-25 09:25 - 000494562 _____ C:\Windows\System32\perfh014.dat
2017-12-20 23:38 - 2009-08-25 09:25 - 000095512 _____ C:\Windows\System32\perfc014.dat
2017-12-20 23:38 - 2009-08-25 09:18 - 000740094 _____ C:\Windows\System32\perfh010.dat
2017-12-20 23:38 - 2009-08-25 09:18 - 000146954 _____ C:\Windows\System32\perfc010.dat
2017-12-20 23:38 - 2009-08-25 09:09 - 000745764 _____ C:\Windows\System32\perfh00C.dat
2017-12-20 23:38 - 2009-08-25 09:09 - 000149688 _____ C:\Windows\System32\perfc00C.dat
2017-12-20 23:38 - 2009-08-25 09:01 - 000481550 _____ C:\Windows\System32\perfh00B.dat
2017-12-20 23:38 - 2009-08-25 09:01 - 000101628 _____ C:\Windows\System32\perfc00B.dat
2017-12-20 23:38 - 2009-08-25 08:54 - 000745504 _____ C:\Windows\System32\perfh00A.dat
2017-12-20 23:38 - 2009-08-25 08:54 - 000158582 _____ C:\Windows\System32\perfc00A.dat
2017-12-20 23:38 - 2009-08-25 08:46 - 000697256 _____ C:\Windows\System32\perfh007.dat
2017-12-20 23:38 - 2009-08-25 08:46 - 000149224 _____ C:\Windows\System32\perfc007.dat
2017-12-20 23:38 - 2009-08-25 08:38 - 000509462 _____ C:\Windows\System32\perfh006.dat
2017-12-20 23:38 - 2009-08-25 08:38 - 000098766 _____ C:\Windows\System32\perfc006.dat
2017-08-22 19:04 - 2017-12-12 18:51 - 000000180 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-08-22 19:04 - 2017-12-21 00:42 - 000000075 _____ () C:\Users\Thuong Nguyen\AppData\Local\Temp\a0f7bc24eac5ac249ac3c80d81a8909a.dll
Task: {F3A23DC3-7B30-4750-AAED-79D49311B888} - System32\Tasks\Handy => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Handy\Handy.dll",oXHBfNgt <==== ATTENTION
Task: {FE02D07D-3A01-4520-BA41-C132022EE5FF} - System32\Tasks\OjweJ9csvWQA => ojwej9csvwqa.exe
FirewallRules: [{08E7190F-DD74-43FD-91B5-8696C57C54CF}] => (Allow) LPort=1900
FirewallRules: [{91CD4B1D-AC63-498A-BB4C-03B54FFB2A54}] => (Allow) LPort=2869
FirewallRules: [{AC735194-874A-41EE-A700-CE124741BFDC}] => (Allow) LPort=8317
EmptyTemp:
Hosts:
CMD: ipconfig /flushDNS
end


*****************

Processes closed successfully.
Restore point was successfully created.
HKU\Thuong Nguyen\Software\Microsoft\Windows\CurrentVersion\Run\\KillPingReboot => value not found.
C:\Program Files\Kill Ping => moved successfully
HKU\Thuong Nguyen\Software\Microsoft\Windows\CurrentVersion\Run\\Kill Ping => value not found.
"HKLM\System\CurrentControlSet\Services\5352B364" => removed successfully
5352B364 => service removed successfully
C:\Windows\System32\drivers\5352B364.sys => moved successfully
"HKLM\System\CurrentControlSet\Services\cpuz140" => removed successfully
cpuz140 => service removed successfully
C:\Users\Thuong Nguyen\AppData\Local\Temp\cpuz140 => moved successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully
xhunter1 => service removed successfully
C:\Windows\winstart.bat => moved successfully
C:\Windows\System32\Drivers\7D23C51A.sys => moved successfully
"C:\Windows\System32\Drivers\5352B364.sys" => not found.
C:\Users\Public\Desktop\Kill Ping.lnk => moved successfully
C:\Program Files\TAP-Windows => moved successfully
C:\Users\Thuong Nguyen\Desktop\Kill_Ping_3.3.0.21.exe => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\KillPing => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\IsolatedStorage => moved successfully
C:\ProgramData\Kill Ping => moved successfully
"C:\Program Files\Kill Ping" => not found.
C:\Users\Thuong Nguyen\Downloads\Kill_Ping_3.3.0.21.exe => moved successfully
C:\Windows\System32\Drivers\5587732F.sys => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\b5wqke8ztn => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\nvsbzai => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\wdoekcp => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\igfxmtc => moved successfully
C:\Windows\System32\tincvkhsvc.exe => moved successfully
C:\Program Files (x86)\jared => moved successfully
C:\Windows\System32\wdhlmic => moved successfully
C:\Program Files (x86)\boase => moved successfully
C:\Program Files (x86)\Bizet => moved successfully
C:\Windows\b3239755 => moved successfully
C:\Windows\SysWOW64\wdhlmic => moved successfully
C:\Program Files (x86)\plunging => moved successfully
C:\Users\Thuong Nguyen\AppData\Roaming\et => moved successfully
C:\Windows\uninstaller.dat => moved successfully
C:\Windows\System32\perfh015.dat => moved successfully
C:\Windows\System32\perfh00E.dat => moved successfully
C:\Windows\System32\perfh008.dat => moved successfully
C:\Windows\System32\perfh011.dat => moved successfully
C:\Windows\System32\prfh0804.dat => moved successfully
C:\Windows\System32\perfc00E.dat => moved successfully
C:\Windows\System32\perfc015.dat => moved successfully
C:\Windows\System32\perfc011.dat => moved successfully
C:\Windows\System32\prfc0804.dat => moved successfully
C:\Windows\System32\perfc008.dat => moved successfully
C:\Windows\System32\perfh01D.dat => moved successfully
C:\Windows\System32\perfc01D.dat => moved successfully
C:\Windows\System32\perfh019.dat => moved successfully
C:\Windows\System32\perfc019.dat => moved successfully
C:\Windows\System32\perfh013.dat => moved successfully
C:\Windows\System32\perfc013.dat => moved successfully
C:\Windows\System32\perfh014.dat => moved successfully
C:\Windows\System32\perfc014.dat => moved successfully
C:\Windows\System32\perfh010.dat => moved successfully
C:\Windows\System32\perfc010.dat => moved successfully
C:\Windows\System32\perfh00C.dat => moved successfully
C:\Windows\System32\perfc00C.dat => moved successfully
C:\Windows\System32\perfh00B.dat => moved successfully
C:\Windows\System32\perfc00B.dat => moved successfully
C:\Windows\System32\perfh00A.dat => moved successfully
C:\Windows\System32\perfc00A.dat => moved successfully
C:\Windows\System32\perfh007.dat => moved successfully
C:\Windows\System32\perfc007.dat => moved successfully
C:\Windows\System32\perfh006.dat => moved successfully
C:\Windows\System32\perfc006.dat => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll => moved successfully
C:\Users\Thuong Nguyen\AppData\Local\Temp\a0f7bc24eac5ac249ac3c80d81a8909a.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A23DC3-7B30-4750-AAED-79D49311B888} => could not remove key. ErrorCode1: 0x00000001
C:\Windows\System32\Tasks\Handy => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Handy => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE02D07D-3A01-4520-BA41-C132022EE5FF} => key not found
C:\Windows\System32\Tasks\OjweJ9csvWQA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OjweJ9csvWQA => key not found
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08E7190F-DD74-43FD-91B5-8696C57C54CF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91CD4B1D-AC63-498A-BB4C-03B54FFB2A54} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC735194-874A-41EE-A700-CE124741BFDC} => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22559836 B
Java, Flash, Steam htmlcache => 30415803 B
Windows/system/drivers => 43746909164 B
Edge => 0 B
Chrome => 372903435 B
Firefox => 32861537 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33477 B
LocalService => 33125 B
NetworkService => 103699 B
Thuong Nguyen => 3083459247 B

RecycleBin => 0 B
EmptyTemp: => 44 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:48:04 ====

 

# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 21 10:54:43 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2617 B] - [2017/8/22 1:51:17]
C:/AdwCleaner/AdwCleaner[C1].txt - [2699 B] - [2017/12/13 15:45:19]
C:/AdwCleaner/AdwCleaner[C2].txt - [1708 B] - [2017/12/13 16:3:47]
C:/AdwCleaner/AdwCleaner[C3].txt - [1844 B] - [2017/12/13 17:10:10]
C:/AdwCleaner/AdwCleaner[C4].txt - [1982 B] - [2017/12/15 17:24:53]
C:/AdwCleaner/AdwCleaner[C5].txt - [2118 B] - [2017/12/15 19:2:19]
C:/AdwCleaner/AdwCleaner[C6].txt - [2587 B] - [2017/12/20 4:43:37]
C:/AdwCleaner/AdwCleaner[C7].txt - [2392 B] - [2017/12/21 3:12:3]
C:/AdwCleaner/AdwCleaner[S0].txt - [2704 B] - [2017/8/22 1:50:47]
C:/AdwCleaner/AdwCleaner[S10].txt - [2654 B] - [2017/12/20 4:43:21]
C:/AdwCleaner/AdwCleaner[S11].txt - [2369 B] - [2017/12/21 3:11:11]
C:/AdwCleaner/AdwCleaner[S12].txt - [2308 B] - [2017/12/21 10:53:59]
C:/AdwCleaner/AdwCleaner[S1].txt - [1159 B] - [2017/8/22 1:56:25]
C:/AdwCleaner/AdwCleaner[S2].txt - [1149 B] - [2017/8/22 2:0:8]
C:/AdwCleaner/AdwCleaner[S3].txt - [1214 B] - [2017/8/23 8:50:50]
C:/AdwCleaner/AdwCleaner[S4].txt - [2980 B] - [2017/12/13 15:44:50]
C:/AdwCleaner/AdwCleaner[S5].txt - [1419 B] - [2017/12/13 15:50:18]
C:/AdwCleaner/AdwCleaner[S6].txt - [1685 B] - [2017/12/13 16:3:34]
C:/AdwCleaner/AdwCleaner[S7].txt - [1821 B] - [2017/12/13 17:9:59]
C:/AdwCleaner/AdwCleaner[S8].txt - [1958 B] - [2017/12/15 17:24:35]
C:/AdwCleaner/AdwCleaner[S9].txt - [2096 B] - [2017/12/15 19:2:5]


########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt ##########

 


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0)
Started On Tue Aug 22 13:25:42 2017

Engine: 1.1.14003.0
Signatures: 1.249.316.0
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 22 13:26:17 2017


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.52, September 2017 (build 5.52.14201.0)
Started On Fri Sep 29 00:19:47 2017

Engine: 1.1.14104.0
Signatures: 1.251.334.0
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 29 00:20:30 2017


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.53, October 2017 (build 5.53.14306.0)
Started On Wed Dec 13 00:25:43 2017

Engine: 1.1.14104.0
Signatures: 1.251.1312.0
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 13 00:26:34 2017


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1)
Started On Thu Dec 21 04:58:34 2017

Engine: 1.1.14405.2
Signatures: 1.257.1160.0
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: BrowserModifier:Win32/Soctuseer!excl and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Windows\8ba29fb67de14f004ff0cc3cffe75a11.exe
        SigSeq: 0x000005554A1D9F60
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\1339bd77e0b8efe054c9016ecded6d27\
        SigSeq: 0x000005554A1D9F60

Results Summary:
----------------
Found BrowserModifier:Win32/Soctuseer!excl and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 21 05:00:18 2017


Return code: 6 (0x6)
 

Link to post
Share on other sites

Thanks for the update Disbett, good to hear your system is ok. U

nless you have any remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" from here: https://www.bleepingcomputer.com/download/delfix/  and save it to your desktop.

Or use the following if first link is down:

http://en.kioskea.net/download/download-24087-delfix

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 

  •    
  • Remove disinfection tools <----- this will remove tools we may have used.
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings   <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices :- http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Do I need a Registry Cleaner?

Take care and  surf safe http://www.wikihow.com/Be-Safe-on-the-Internet

Kevin...  busy.gif

 

Edited by kevinf80
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.