User Tag List

what to do?

This is a discussion on what to do? within the Resolved HJT Threads forums, part of the Tech Support Forum category. okay so here's a bit of a doosy... (wow did i just say that?) so desktop is infected with a


 
 
Thread Tools Search this Thread
Old 01-24-2017, 06:08 PM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



okay so here's a bit of a doosy... (wow did i just say that?)

so desktop is infected with a killer virus. first popups started happening, i thought nothing of it. then bing was set to my default engine when it wasn't set to my default engine.... annnnnnd then it hijacked my keyboard so i type random things with button presses..... (this was when i noticed something was wrong) so i ran scans. first with windows defender then with spyhunter. when that found a bunch of things and killed them i thought "okay problem solved." but it wasn't. soooooo.... then it somehow disabled ctr-alt-del.(how is that even possible?) also it's cut the internet to the computer. and finally just now it cut the keyboard entirely. i can no longer type. this presents a problem as i cannot login without typing. so i'm at a total loss for what to do. help?
cookiesnmilk is offline  
Sponsored Links
Advertisement
 
Old 01-24-2017, 07:43 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

If necessary, download the tools to USB drive on another computer and transfer them to your desktop.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-24-2017, 11:19 PM   #3
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



as stated, computer has no internet..... I also lack flash drives and no computer in this house other than my desktop has the capability of disk burning.

edit: am getting flash drive tomorrow so can use this computer's internet for these purposes.

edit2: i need to log into the desktop without the keyboard. as i stated. how is this accomplished?
cookiesnmilk is offline  
Sponsored Links
Advertisement
 
Old 01-25-2017, 01:56 PM   #4
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by keith (administrator) on DESKTOP-RLJ412S (25-01-2017 16:48:26)
Running from F:\
Loaded Profiles: keith (Available Profiles: keith)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-20] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [Discord] => C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2296db44-f235-4b8a-ad3e-89919fc148be}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721f1d436a0aff61278811e0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pi&pr=fr&d=2015-11-01 11:39:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3814647098-2249820185-1439755522-1001 -> {A9EF54B4-5C00-407E-9EED-182FFE98EF82} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: ujyfkd3b.default
FF ProfilePath: C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default [2017-01-24]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\Extensions\[email protected] [2016-11-21]
FF Extension: (FlashResizer) - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\Extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}.xpi [2016-11-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VLC Media Player\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\92558484.js [2016-11-29] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\92558484.cfg [2016-11-29] <==== ATTENTION

Chrome:
=======

uhhhh adwcleaner didn't ask me to restart anything. it gave me this though....

# AdwCleaner v6.042 - Logfile created 25/01/2017 at 16:47:14
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-25.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : keith - DESKTOP-RLJ412S
# Running from : F:\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: SpyHunter 4 Service
Service Found: esgiguard
Service Found: EsgScanner


***** [ Folders ] *****

Folder Found: C:\Users\keith\AppData\Local\YSearchUtil
Folder Found: C:\Users\keith\AppData\Roaming\Enigma Software Group
Folder Found: C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
Folder Found: C:\Program Files\Enigma Software Group
Folder Found: C:\sh4ldr
Folder Found: C:\ProgramData\FFinder LTD
Folder Found: C:\ProgramData\Application Data\FFinder LTD
Folder Found: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

File Found: C:\Users\keith\Desktop\SpyHunter.lnk
File Found: C:\WINDOWS\SysNative\drivers\EsgScanner.sys
File Found: C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\extensions\[email protected]


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: SpyHunter4Startup


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\FFinder LTD
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Key Found: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
Data Found: HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721f1
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\features.en.softo
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\halo-zero.en.soft
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sonic-2-hd.en.sof
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\features.en.softonic
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\halo-zero.en.softoni
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sonic-2-hd.en.softon
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\features.en.sof
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\halo-zero.en.so
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sonic-2-hd.en.s
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\features.en.softon
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\halo-zero.en.softo
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sonic-2-hd.en.soft


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5887 Bytes] - [25/01/2017 16:47:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5960 Bytes] ##########
Attached Files
File Type: txt Addition.txt (62.5 KB, 33 views)
cookiesnmilk is offline  
Old 01-25-2017, 06:47 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello cookiesnmilk. Good job, but you were supposed to choose 'Clean" after the AdwCleaner scan.

Also, you didn't paste the entire FEST.txt log in your last reply. The bottom half of the log is missing.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-26-2017, 01:38 AM   #6
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



ok here's my next attempt at following your directions.

adwcleaner log

# AdwCleaner v6.042 - Logfile created 26/01/2017 at 04:24:48
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-25.2 [Local]
# Operating System : Windows 10 Home (X64)
# Username : keith - DESKTOP-RLJ412S
# Running from : C:\Users\keith\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: SpyHunter 4 Service
[-] Service deleted: esgiguard
[-] Service deleted: EsgScanner


***** [ Folders ] *****

[-] Folder deleted: C:\Users\keith\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\keith\AppData\Roaming\Enigma Software Group
[-] Folder deleted: C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
[#] Folder deleted on reboot: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\FFinder LTD
[#] Folder deleted on reboot: C:\ProgramData\Application Data\FFinder LTD
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

[-] File deleted: C:\Users\keith\Desktop\SpyHunter.lnk
[-] File deleted: C:\WINDOWS\SysNative\drivers\EsgScanner.sys
[-] File deleted: C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\extensions\[email protected]


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\FFinder LTD
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Data restored: HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\features.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\halo-zero.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sonic-2-hd.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\features.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\halo-zero.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sonic-2-hd.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\features.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\halo-zero.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sonic-2-hd.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\features.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\halo-zero.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sonic-2-hd.en.softonic.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5818 Bytes] - [26/01/2017 04:24:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [6079 Bytes] - [25/01/2017 16:47:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [6165 Bytes] - [26/01/2017 04:24:24]

#########


and here is the other thing

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by keith (administrator) on DESKTOP-RLJ412S (26-01-2017 04:21:48)
Running from C:\Users\keith\Desktop
Loaded Profiles: keith (Available Profiles: keith)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Hammer & Chisel, Inc.) C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-20] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\...\Run: [Discord] => C:\Users\keith\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2296db44-f235-4b8a-ad3e-89919fc148be}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721f1d436a0aff61278811e0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pi&pr=fr&d=2015-11-01 11:39:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3814647098-2249820185-1439755522-1001 -> {A9EF54B4-5C00-407E-9EED-182FFE98EF82} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: ujyfkd3b.default
FF ProfilePath: C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default [2017-01-24]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\Extensions\[email protected] [2016-11-21]
FF Extension: (FlashResizer) - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ujyfkd3b.default\Extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}.xpi [2016-11-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VLC Media Player\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\92558484.js [2016-11-29] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\92558484.cfg [2016-11-29] <==== ATTENTION

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Maximize Flash) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\chihjmmmhbapnhemoopibkekbojilhge [2016-03-14]
CHR Extension: (uBlock Origin) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-01-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-04]
CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Qmee) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-01-10]
CHR Extension: (Office Online) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-10-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-07]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-29] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-02] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-13] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-13] (Electronic Arts)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2017-01-24] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-01-24] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-01-24] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2016-01-12] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-12] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 04:21 - 2017-01-26 04:22 - 00016793 _____ C:\Users\keith\Desktop\FRST.txt
2017-01-26 04:20 - 2017-01-26 04:21 - 03988944 _____ C:\Users\keith\Desktop\AdwCleaner.exe
2017-01-26 04:20 - 2017-01-26 04:21 - 02420736 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe
2017-01-26 04:20 - 2017-01-26 04:20 - 03988944 _____ C:\Users\keith\Downloads\AdwCleaner.exe
2017-01-26 04:20 - 2017-01-26 04:20 - 02420736 _____ (Farbar) C:\Users\keith\Downloads\FRST64.exe
2017-01-25 16:48 - 2017-01-26 04:21 - 00000000 ____D C:\FRST
2017-01-25 16:46 - 2017-01-25 16:47 - 00000000 ____D C:\AdwCleaner
2017-01-25 16:46 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:46 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 21:00 - 2017-01-24 21:00 - 01977404 _____ C:\WINDOWS\Minidump\012417-5921-01.dmp
2017-01-24 21:00 - 2017-01-24 21:00 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-24 12:49 - 2017-01-24 12:49 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer (1).exe
2017-01-24 12:49 - 2017-01-24 12:49 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-01-24 12:49 - 2017-01-24 12:49 - 00001139 _____ C:\Users\keith\Desktop\SpyHunter.lnk
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Enigma Software Group
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\sh4ldr
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 _____ C:\autoexec.bat
2017-01-24 12:46 - 2017-01-24 12:46 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer.exe
2017-01-24 12:46 - 2017-01-24 12:46 - 01271624 _____ ( ) C:\Users\keith\Downloads\adobe_flash_setup.exe
2017-01-24 10:56 - 2017-01-24 10:56 - 00003830 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:56 - 2017-01-24 10:56 - 00000000 ____D C:\Users\keith\AppData\Local\NVIDIA
2017-01-24 10:56 - 2016-11-17 08:44 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-24 10:56 - 2016-11-17 08:44 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-24 10:56 - 2016-11-17 08:44 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-24 10:56 - 2016-11-17 08:44 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-24 10:56 - 2016-11-17 08:44 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-24 10:55 - 2017-01-24 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-24 10:55 - 2017-01-24 10:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:55 - 2017-01-24 10:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:55 - 2017-01-24 10:55 - 00003804 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:55 - 2017-01-24 10:55 - 00003642 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:55 - 2017-01-24 10:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 10:55 - 2017-01-24 10:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-24 10:55 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-24 10:55 - 2016-12-15 19:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-24 10:55 - 2016-12-15 19:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-24 10:55 - 2016-12-15 19:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-24 10:55 - 2016-12-15 19:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-24 10:53 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-24 10:53 - 2017-01-20 11:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-24 10:53 - 2017-01-20 11:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-24 10:53 - 2016-11-17 08:44 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-24 10:53 - 2016-11-17 08:44 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-24 10:53 - 2016-11-17 08:44 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-24 10:49 - 2017-01-24 10:50 - 398382600 _____ (NVIDIA Corporation) C:\Users\keith\Downloads\378.49-desktop-win10-64bit-international-whql.exe
2017-01-24 08:29 - 2017-01-24 08:29 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-01-19 22:41 - 2017-01-19 22:41 - 00000000 ____D C:\Users\keith\AppData\Local\Zombie_Party_v2
2017-01-16 19:48 - 2017-01-16 19:48 - 00000221 _____ C:\Users\keith\Desktop\Warhammer 40,000 Dawn of War II Retribution.url
2017-01-11 12:54 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 12:54 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 12:54 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 12:54 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 12:54 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 12:54 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 12:54 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 12:54 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 12:54 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 12:54 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 12:54 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 12:54 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 12:54 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 12:54 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 12:54 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 12:54 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 12:54 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 12:54 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 12:54 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 12:54 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 12:54 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 12:54 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 12:54 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 12:54 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 12:54 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 12:54 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 12:54 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 12:54 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 12:54 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 12:54 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 12:54 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 12:54 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 12:54 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 12:54 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 12:54 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 12:54 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 12:54 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 12:54 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 12:54 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 12:54 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 12:54 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 12:54 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 12:54 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 12:54 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 12:54 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 12:54 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 12:54 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 12:54 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 12:54 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 12:54 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 12:54 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 12:54 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 12:54 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 12:54 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 12:54 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 12:54 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 12:54 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 12:54 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 12:54 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 12:54 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 12:54 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 12:54 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 12:54 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 12:54 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 12:54 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 12:54 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 12:54 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 12:54 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 12:54 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 12:54 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 12:54 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 12:54 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 12:54 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 12:54 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 12:54 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 12:54 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 12:54 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 12:54 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 12:54 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 12:54 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 12:54 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 12:54 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 12:54 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 12:54 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 12:54 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 12:54 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 12:54 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 12:54 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 12:54 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 12:54 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 12:54 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 12:54 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 12:54 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 12:54 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 12:54 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 12:54 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 12:54 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 12:54 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 12:54 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 12:54 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 12:54 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 12:54 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 12:54 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 12:54 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 12:54 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 12:54 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 12:54 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 12:54 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 12:54 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 12:54 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 12:54 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 12:54 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 12:54 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 12:54 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 12:54 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 12:54 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 12:54 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 12:54 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 12:54 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 12:54 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 12:54 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 12:54 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 12:54 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 12:54 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 12:54 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 12:54 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 12:54 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 12:54 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 12:54 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 12:54 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 12:54 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 12:54 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 12:54 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 12:54 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 12:54 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 12:54 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 12:54 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 12:54 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 12:54 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 12:54 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 12:54 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 12:54 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 12:54 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 12:54 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 12:54 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 12:54 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 12:54 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 12:54 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 12:54 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 12:54 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 12:54 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 12:54 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 12:54 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 12:54 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 12:54 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 12:54 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-08 12:45 - 2017-01-08 12:45 - 01094141 _____ C:\Users\keith\Downloads\ls2125i.pdf
2017-01-08 03:17 - 2017-01-08 03:17 - 00000000 ____D C:\Users\keith\Documents\Paradox Interactive
2017-01-08 03:07 - 2017-01-08 03:07 - 00000222 _____ C:\Users\keith\Desktop\Stellaris.url
2017-01-07 18:03 - 2017-01-07 18:03 - 02332316 _____ C:\Users\keith\Desktop\forge-1.5.2-7.8.1.738-installer.jar
2017-01-07 18:01 - 2017-01-07 18:00 - 01383030 _____ C:\Users\keith\Desktop\MineTunes-3_3_00-MC1_5_2.zip
2017-01-07 18:00 - 2017-01-07 18:00 - 01383030 _____ C:\Users\keith\Downloads\MineTunes-3_3_00-MC1_5_2.zip
2017-01-07 17:52 - 2017-01-07 17:52 - 00107814 _____ C:\Users\keith\Downloads\ModLoader 1.2.4.zip
2017-01-07 17:51 - 2017-01-07 17:51 - 01227179 _____ C:\Users\keith\Downloads\MCDitty-V0_9_3_01-MC_1_2_5-2.zip
2017-01-07 17:50 - 2017-01-07 17:50 - 02046524 _____ C:\Users\keith\Downloads\MCDitty-V0_9_6_01-MC1_3_2.zip
2017-01-07 17:49 - 2017-01-07 17:49 - 01258056 _____ C:\Users\keith\Downloads\MCDitty-V0_9_5_06-MC_1_3_1-1.zip
2017-01-07 17:46 - 2017-01-07 17:46 - 02202909 _____ C:\Users\keith\Downloads\forge-1.6.2-9.10.1.871-installer.jar
2017-01-07 17:45 - 2017-01-07 17:45 - 08302969 _____ C:\Users\keith\Downloads\MineTunes-3_6_01-MC1_6_2.zip
2017-01-07 17:37 - 2017-01-07 17:37 - 02014260 _____ C:\Users\keith\Downloads\forge-1.6.4-9.11.1.1345-universal.jar
2017-01-07 17:35 - 2017-01-07 17:37 - 02346253 _____ C:\Users\keith\Downloads\forge-1.6.4-9.11.1.1345-installer-win (1).exe
2017-01-07 17:35 - 2017-01-07 17:35 - 02346253 _____ C:\Users\keith\Downloads\forge-1.6.4-9.11.1.1345-installer-win.exe
2017-01-07 17:34 - 2017-01-07 17:34 - 08302832 _____ C:\Users\keith\Downloads\MineTunes-3_7_00-MC1_6_4.zip
2017-01-07 17:34 - 2017-01-07 17:34 - 08302832 _____ C:\Users\keith\Desktop\MineTunes-3_7_00-MC1_6_4.zip
2017-01-07 17:29 - 2017-01-07 17:29 - 00001866 _____ C:\Users\keith\Downloads\fairy.mid
2017-01-07 17:28 - 2017-01-07 17:28 - 00004656 _____ C:\Users\keith\Downloads\The_Legend_of_Zelda_-_A_Link_to_the_Past_-_Fairy_Fountain_by_Gori_Fater.mid
2017-01-07 17:27 - 2017-01-07 17:27 - 00001965 _____ C:\Users\keith\Downloads\Dawn.mid
2017-01-07 17:26 - 2017-01-07 17:26 - 00026713 _____ C:\Users\keith\Downloads\title-screen-arranged-2-.mid
2017-01-07 17:26 - 2017-01-07 17:26 - 00000793 _____ C:\Users\keith\Downloads\Earth God's Lyric.mid
2017-01-07 17:26 - 2017-01-07 17:26 - 00000779 _____ C:\Users\keith\Downloads\save-continue-retry-screen-2-.mid
2017-01-07 17:25 - 2017-01-07 17:25 - 00020673 _____ C:\Users\keith\Downloads\title-screen-arranged-.mid
2017-01-07 17:25 - 2017-01-07 17:25 - 00011953 _____ C:\Users\keith\Downloads\title-screen-3-.mid
2017-01-07 17:25 - 2017-01-07 17:25 - 00008653 _____ C:\Users\keith\Downloads\title-screen.mid
2017-01-07 17:25 - 2017-01-07 17:25 - 00002521 _____ C:\Users\keith\Downloads\save-continue-retry-screen.mid
2017-01-07 04:57 - 2017-01-07 04:57 - 00000000 ____D C:\Users\keith\AppData\Roaming\ModLauncherWPF
2017-01-07 04:57 - 2017-01-07 04:57 - 00000000 ____D C:\Users\keith\AppData\Roaming\FiraxisLive
2017-01-07 03:07 - 2017-01-07 03:07 - 00045755 _____ C:\Users\keith\Downloads\devilwent.mid
2017-01-07 03:01 - 2017-01-07 03:01 - 00054713 _____ C:\Users\keith\Downloads\Devil_Went_Down_To_Georgia.mid
2017-01-07 03:01 - 2017-01-07 03:01 - 00001278 _____ C:\Users\keith\Desktop\Minecraft Note Block Studio - Shortcut.lnk
2017-01-07 02:59 - 2017-01-07 02:59 - 00005126 _____ C:\Users\keith\Downloads\AUD_AP0278.mid
2017-01-07 02:56 - 2017-01-07 02:56 - 04003519 _____ C:\Users\keith\Downloads\Minecraft Note Block Studio 3.2.1.zip
2017-01-07 02:54 - 2017-01-07 02:54 - 00058150 _____ C:\Users\keith\Downloads\DevilWentDownToGeorgia.mid
2017-01-07 02:52 - 2017-01-07 02:53 - 09140005 _____ (Stuff by David ) C:\Users\keith\Downloads\Minecraft Note Block Studio installer.exe
2017-01-07 00:16 - 2017-01-07 00:16 - 00000222 _____ C:\Users\keith\Desktop\XCOM 2.url
2017-01-07 00:05 - 2017-01-23 22:45 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 04:17 - 2016-10-20 08:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-26 04:17 - 2016-02-16 22:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 04:16 - 2016-10-20 08:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 04:16 - 2016-10-20 08:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 00:19 - 2016-10-20 08:31 - 00000000 ____D C:\Users\keith
2017-01-26 00:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-25 16:55 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 16:50 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-25 16:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-25 16:49 - 2016-02-17 00:50 - 01241514 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-24 21:01 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-24 21:00 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-24 16:55 - 2016-07-31 18:39 - 00000000 ____D C:\Users\keith\AppData\Roaming\discord
2017-01-24 16:44 - 2016-02-16 22:57 - 00000000 ____D C:\Users\keith\AppData\Roaming\Skype
2017-01-24 12:52 - 2016-06-27 10:55 - 00000000 ____D C:\Users\keith\AppData\Local\ElevatedDiagnostics
2017-01-24 12:41 - 2016-11-10 13:31 - 00000000 ____D C:\Users\keith\AppData\Local\CrashDumps
2017-01-24 12:41 - 2016-02-16 22:31 - 00000000 ____D C:\Users\keith\AppData\Local\Packages
2017-01-24 10:59 - 2016-11-08 16:40 - 00000000 ____D C:\Users\keith\AppData\Local\NVIDIA Corporation
2017-01-24 10:56 - 2016-10-20 08:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-24 10:56 - 2016-10-20 08:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-24 10:55 - 2016-10-20 08:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-24 09:03 - 2016-05-14 02:33 - 00000000 ____D C:\ProgramData\Oracle
2017-01-24 08:29 - 2016-06-03 14:10 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-24 08:29 - 2016-06-03 14:10 - 00000000 ____D C:\Program Files\Java
2017-01-24 08:29 - 2016-05-14 02:33 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-24 08:29 - 2016-05-14 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-24 08:29 - 2016-05-14 02:33 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-23 22:45 - 2016-02-16 22:32 - 00002374 _____ C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 22:45 - 2016-02-16 22:32 - 00000000 ___RD C:\Users\keith\OneDrive
2017-01-23 19:00 - 2016-08-26 23:30 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-08-26 23:30 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-01-20 11:38 - 2016-11-28 01:07 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-01-20 11:38 - 2016-11-28 01:07 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-11-08 16:37 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-01-20 11:38 - 2016-11-08 16:37 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-01-20 10:13 - 2016-11-28 01:07 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 02479160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-11-28 01:07 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-01-19 16:35 - 2016-02-17 01:26 - 00000000 ____D C:\Users\keith\AppData\Local\Warframe
2017-01-19 00:45 - 2016-02-16 22:42 - 00000000 ____D C:\Users\keith\AppData\Local\Battle.net
2017-01-18 22:46 - 2016-02-16 22:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-18 07:57 - 2016-11-28 01:07 - 07755067 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-01-16 20:05 - 2016-02-17 01:16 - 00000000 ____D C:\Users\keith\Documents\my games
2017-01-14 21:19 - 2016-02-16 22:43 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2017-01-13 13:04 - 2016-03-11 10:52 - 00000000 ____D C:\ProgramData\Origin
2017-01-13 13:03 - 2016-03-11 11:38 - 00000000 ____D C:\Users\keith\AppData\Roaming\Origin
2017-01-13 12:58 - 2016-03-11 10:52 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-12 17:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 00:50 - 2016-02-16 22:31 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 20:04 - 2016-10-20 08:30 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 20:04 - 2016-03-14 09:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 20:03 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 20:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 20:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 20:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 20:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 18:44 - 2016-02-17 01:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 18:43 - 2016-02-17 01:47 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 15:54 - 2016-07-31 18:39 - 00002244 _____ C:\Users\keith\Desktop\Discord.lnk
2017-01-11 15:54 - 2016-07-31 18:39 - 00000000 ____D C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 15:54 - 2016-07-31 18:39 - 00000000 ____D C:\Users\keith\AppData\Local\Discord
2017-01-10 21:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 21:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 20:42 - 2016-12-06 22:26 - 00000000 ____D C:\Users\keith\AppData\Roaming\obs-studio
2017-01-09 18:07 - 2016-10-19 14:52 - 00000000 ____D C:\Users\keith\AppData\Roaming\vlc
2017-01-07 18:32 - 2016-06-02 18:43 - 00001161 _____ C:\Users\keith\Desktop\nativelog.txt
2017-01-07 18:04 - 2016-11-17 20:15 - 00000000 ____D C:\Users\keith\AppData\Roaming\.minecraft
2017-01-07 04:55 - 2016-07-28 15:34 - 00000000 ____D C:\Users\keith\AppData\LocalLow\Ludeon Studios
2017-01-07 00:05 - 2016-10-20 08:35 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-07 00:05 - 2016-10-20 08:35 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-12-06 20:39 - 2016-12-06 20:39 - 0000053 _____ () C:\Users\keith\AppData\Roaming\Camdata.ini
2016-12-06 20:39 - 2016-12-06 20:39 - 0000408 _____ () C:\Users\keith\AppData\Roaming\CamLayout.ini
2016-12-06 20:39 - 2016-12-06 20:39 - 0000408 _____ () C:\Users\keith\AppData\Roaming\CamShapes.ini
2016-12-06 20:39 - 2016-12-06 20:39 - 0004537 _____ () C:\Users\keith\AppData\Roaming\CamStudio.cfg
2016-12-06 20:30 - 2016-12-06 21:02 - 0000096 _____ () C:\Users\keith\AppData\Roaming\version2.xml

Some files in TEMP:
====================
2016-11-17 20:03 - 2016-11-17 20:03 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-1184221181827816821.dll
2016-11-17 20:21 - 2016-11-17 20:21 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-1352718375706966523.dll
2016-11-20 22:39 - 2016-11-20 22:39 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-1466791600126471146.dll
2016-11-18 20:02 - 2016-11-18 20:02 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-1527103112285143278.dll
2017-01-07 17:32 - 2017-01-07 17:32 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-1958783776649238522.dll
2016-11-20 13:46 - 2016-11-20 13:46 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-2228150508999190667.dll
2016-11-25 20:17 - 2016-11-25 20:17 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-2327121783147121459.dll
2016-11-17 20:28 - 2016-11-17 20:28 - 0019968 _____ (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-2859843362742910802.dll
2016-11-19 18:54 - 2016-11-19 18:54 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-314213117871483555.dll
2016-11-21 23:10 - 2016-11-21 23:10 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-3287025759278761825.dll
2016-11-20 12:59 - 2016-11-20 12:59 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-4556342549263829350.dll
2016-11-19 14:12 - 2016-11-19 14:12 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-4769065582020848494.dll
2016-11-17 20:37 - 2016-11-17 20:37 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-4817346334324609726.dll
2016-11-17 20:17 - 2016-11-17 20:17 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-6436619133521990434.dll
2016-11-20 13:41 - 2016-11-20 13:41 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-6575280681654297519.dll
2016-11-20 21:06 - 2016-11-20 21:06 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-6864529679243562907.dll
2016-11-17 20:02 - 2016-11-17 20:02 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-763841544680570380.dll
2016-11-17 20:46 - 2016-11-17 20:46 - 0019968 _____ (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8001003176861391178.dll
2016-11-18 17:21 - 2016-11-18 17:21 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8584633778148063546.dll
2016-11-17 20:32 - 2016-11-17 20:32 - 0019968 _____ (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8641771677966481799.dll
2016-11-21 23:23 - 2016-11-21 23:23 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8686262554347014959.dll
2016-11-17 22:37 - 2016-11-17 22:37 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8692038969805083519.dll
2016-11-19 20:44 - 2016-11-19 20:44 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8694685507507604050.dll
2016-11-20 13:43 - 2016-11-20 13:43 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8842117159055971564.dll
2016-11-20 12:31 - 2016-11-20 12:31 - 0019968 ____N (Red HatŪ, Inc.) C:\Users\keith\AppData\Local\Temp\jansi-64-8900895424075975958.dll
2016-11-21 10:28 - 2016-11-21 10:28 - 0737856 _____ (Oracle Corporation) C:\Users\keith\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-24 08:27 - 2017-01-24 08:27 - 0739904 _____ (Oracle Corporation) C:\Users\keith\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-08 16:39 - 2016-10-25 15:00 - 0747648 _____ (NVIDIA Corporation) C:\Users\keith\AppData\Local\Temp\nvSCPAPI.dll
2016-11-08 16:39 - 2016-10-25 15:00 - 0860776 _____ (NVIDIA Corporation) C:\Users\keith\AppData\Local\Temp\nvSCPAPI64.dll
2016-11-17 14:47 - 2016-10-25 15:00 - 0353336 _____ (NVIDIA Corporation) C:\Users\keith\AppData\Local\Temp\nvStInst.exe
2016-11-17 22:58 - 2016-11-30 23:22 - 43872728 _____ (Skype Technologies S.A.) C:\Users\keith\AppData\Local\Temp\SkypeSetup.exe
2016-12-06 22:13 - 2016-12-06 22:13 - 7573757 _____ () C:\Users\keith\AppData\Local\Temp\tmpDEB3.tmp.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-19 13:22

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (63.8 KB, 13 views)
cookiesnmilk is offline  
Old 01-26-2017, 06:36 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, cookiesnmilk. Good job!

It appears System Restore has been disabled. Did you intentionally disable it?

Please try to re-enable System Restore. Let me know.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721f1d436a0aff61278811e0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pi&pr=fr&d=2015-11-01 11:39:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\92558484.js [2016-11-29] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\92558484.cfg [2016-11-29] <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2017-01-24] (Enigma Software Group USA, LLC.)
    R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-01-24] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-01-24] ()
    2017-01-24 12:49 - 2017-01-24 12:49 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer (1).exe
    2017-01-24 12:49 - 2017-01-24 12:49 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2017-01-24 12:49 - 2017-01-24 12:49 - 00001139 _____ C:\Users\keith\Desktop\SpyHunter.lnk
    2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Enigma Software Group
    2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\sh4ldr
    2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Program Files\Enigma Software Group
    2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 _____ C:\autoexec.bat
    2017-01-24 12:46 - 2017-01-24 12:46 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer.exe
    2017-01-24 12:46 - 2017-01-24 12:46 - 01271624 _____ ( ) C:\Users\keith\Downloads\adobe_flash_setup.exe
    C:\Windows\SysWOW64\SIntf16.dll
    C:\Windows\SysWOW64\SIntf32.dll
    C:\Windows\SysWOW64\SIntfNT.dll
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-26-2017, 07:28 PM   #8
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by keith (26-01-2017 22:23:57) Run:1
Running from C:\Users\keith\Desktop\New folder
Loaded Profiles: keith (Available Profiles: keith)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={4E385335-C74C-4E30-A458-E0C28A2CF75E}&mid=dbb46500b62247cc9d28f15f9ecb87df-1af428cd128162f5721f1d436a0aff61278811e0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pi&pr=fr&d=2015-11-01 11:39:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\92558484.js [2016-11-29] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\92558484.cfg [2016-11-29] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2017-01-24] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-01-24] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-01-24] ()
2017-01-24 12:49 - 2017-01-24 12:49 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer (1).exe
2017-01-24 12:49 - 2017-01-24 12:49 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-01-24 12:49 - 2017-01-24 12:49 - 00001139 _____ C:\Users\keith\Desktop\SpyHunter.lnk
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Users\keith\AppData\Roaming\Enigma Software Group
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\sh4ldr
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-01-24 12:49 - 2017-01-24 12:49 - 00000000 _____ C:\autoexec.bat
2017-01-24 12:46 - 2017-01-24 12:46 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\keith\Downloads\SpyHunter-Installer.exe
2017-01-24 12:46 - 2017-01-24 12:46 - 01271624 _____ ( ) C:\Users\keith\Downloads\adobe_flash_setup.exe
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\92558484.js => moved successfully
C:\Program Files (x86)\mozilla firefox\92558484.cfg => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nogdfjjfhknacchjpiccacoimeelkajb => key removed successfully
SpyHunter 4 Service => service not found.
esgiguard => service not found.
EsgScanner => service not found.
C:\Users\keith\Downloads\SpyHunter-Installer (1).exe => moved successfully
"C:\WINDOWS\system32\Drivers\EsgScanner.sys" => not found.
"C:\Users\keith\Desktop\SpyHunter.lnk" => not found.
"C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => not found.
"C:\Users\keith\AppData\Roaming\Enigma Software Group" => not found.
"C:\sh4ldr" => not found.
C:\Program Files\Enigma Software Group => moved successfully
C:\autoexec.bat => moved successfully
C:\Users\keith\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Users\keith\Downloads\adobe_flash_setup.exe => moved successfully
C:\Windows\SysWOW64\SIntf16.dll => moved successfully
C:\Windows\SysWOW64\SIntf32.dll => moved successfully
C:\Windows\SysWOW64\SIntfNT.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26498052 B
Java, Flash, Steam htmlcache => 38739949 B
Windows/system/drivers => 10142445 B
Edge => 17403977 B
Chrome => 357059514 B
Firefox => 281783442 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 81920 B
NetworkService => 24158 B
keith => 364444382 B

RecycleBin => 7755892277 B
EmptyTemp: => 8.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:24:30 ====


I think I fixed the recovery thing too however it is hard to tell.
cookiesnmilk is offline  
Old 01-27-2017, 10:52 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, cookiesnmilk. Good job, again! You successfully re-enabled System Restore.

How is the machine behaving? Any improvement?

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-27-2017, 04:58 PM   #10
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/27/17
Scan Time: 3:01 PM
Logfile: Malwarebytes reportMalwarebytes report..txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1112
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-RLJ412S\keith

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386538
Time Elapsed: 1 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
PUP.Optional.SecureDownload, C:\PROGRAM FILES (X86)\SOFTPLANET SOFTWARE ASSISTANT\SPASSIST.EXE, Quarantined, [14762], [181161],1.0.1112

Module: 1
PUP.Optional.SecureDownload, C:\PROGRAM FILES (X86)\SOFTPLANET SOFTWARE ASSISTANT\SPASSIST.EXE, Quarantined, [14762], [181161],1.0.1112

Registry Key: 2
PUP.Optional.SecureDownload, HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\SOFTWARE\SOFTPLANET\Software Assistant, Quarantined, [14762], [251994],1.0.1112
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [133], [-1],0.0.0

Registry Value: 4
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{50FF7CA3-7B13-436F-808C-91A621B2066C}|AUTOCONFIGURL, Quarantined, [133], [347659],1.0.1112
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3814647098-2249820185-1439755522-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [133], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [133], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.SecureDownload, C:\PROGRAM FILES (X86)\SoftPlanet Software Assistant, Quarantined, [14762], [181161],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\USERS\KEITH\APPDATA\LOCAL\SOFTPLANET, Quarantined, [14762], [251888],1.0.1112

File: 9
PUP.Optional.SecureDownload, C:\PROGRAM FILES (X86)\SOFTPLANET SOFTWARE ASSISTANT\SPASSIST.EXE, Quarantined, [14762], [181161],1.0.1112
PUP.Optional.InstallCore, C:\USERS\KEITH\DOWNLOADS\CAMSTUDIO.EXE, Quarantined, [8], [301065],1.0.1112
PUP.Optional.SecureDownload, C:\USERS\KEITH\APPDATA\LOCAL\SOFTPLANET\SOFTWARE ASSISTANT\TABLE.HTML, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant\latest.xml, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant\lr.xml, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant\prev.xml, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant\recom.xml, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\Users\keith\AppData\Local\SoftPlanet\Software Assistant\template.html, Quarantined, [14762], [251888],1.0.1112
PUP.Optional.SecureDownload, C:\WINDOWS\SYSTEM32\TASKS\SOFTPLANET SOFTWARE ASSISTANT, Quarantined, [14762], [251889],1.0.1112

Physical Sector: 0
(No malicious items detected)


(end)



and here's the other one


C:\FRST\Quarantine\C\Users\keith\Downloads\adobe_flash_setup.exe.xBAD a variant of Win32/InstallCore.ARC potentially unwanted application cleaned by deleting

edit: Symptoms have yet to abate.
cookiesnmilk is offline  
Old 01-27-2017, 08:18 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Besides Bing being your search engine, what problems are you still experiencing?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-27-2017, 10:31 PM   #12
Registered Member
 
Join Date: Mar 2009
Posts: 394
OS: 64 bit operationg system,x64 based processor



ugh.... so just for giggles.... i plugged in another keyboard..... and bam, problems gone. everything is fixed. though i really did like the other keyboard. considering opening it up and seeing if things got misaligned or something. but that is something i think i can do on my own.
cookiesnmilk is offline  
Old 01-28-2017, 09:44 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, cookiesnmilk. Glad to hear it. If there are no other problems...

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-26-2017, 06:42 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:41 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts