Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got this same virus.


  • Please log in to reply
7 replies to this topic

#1 meltingshoe

meltingshoe

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 07:54 AM

I've got this same virus. After several passes of mbam I've finally gotten my computer to a point where it's usable so I'll go through the steps you listed and post the logs.



BC AdBot (Login to Remove)

 


#2 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 07:55 AM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
Malwarebytes       
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 60  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.3.183.90 Flash Player out of Date!  
 Mozilla Firefox 41.0.1 Firefox out of Date!  
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#3 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 07:57 AM

Farbar Service Scanner Version: 27-01-2016
Ran by Ryan (administrator) on 27-12-2016 at 04:55:45
Running from "C:\Users\Ryan\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#4 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 08:00 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ryan (administrator) on 27-12-2016 at 04:59:04
Running from "C:\Users\Ryan\Downloads"
Microsoft Windows 10 Home  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR938x Wireless Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Ryan-Desktop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Qualcomm Atheros AR938x Wireless Network Adapter
   Physical Address. . . . . . . . . : 14-CC-20-1B-24-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-CC-20-1B-24-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-3F-49-56-B4-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:301:7786:f0f0::3f2(Preferred) 
   Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2016 04:29:44
   Lease Expires . . . . . . . . . . : Thursday, January 26, 2017 04:29:44
   IPv6 Address. . . . . . . . . . . : 2602:301:7786:f0f0:21c8:8354:a780:457d(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:301:7786:f0f0:8dda:ac37:d0f5:6326(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::21c8:8354:a780:457d%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.79(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2016 04:29:22
   Lease Expires . . . . . . . . . . : Wednesday, December 28, 2016 04:29:22
   Default Gateway . . . . . . . . . : fe80::769d:dcff:fec1:18a9%4
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 81805129
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-5C-3F-B3-E0-3F-49-56-B4-57
   DNS Servers . . . . . . . . . . . : 2602:301:7786:f0f0::1
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24f4:3c75:e887:90f0(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24f4:3c75:e887:90f0%2(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 150994944
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-5C-3F-B3-E0-3F-49-56-B4-57
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2602:301:7786:f0f0::1
 
Name:    google.com
Addresses:  2607:f8b0:4000:803::200e
 216.58.194.78
 
 
Pinging google.com [2607:f8b0:4000:803::200e] with 32 bytes of data:
Reply from 2607:f8b0:4000:803::200e: time=66ms 
Reply from 2607:f8b0:4000:803::200e: time=66ms 
 
Ping statistics for 2607:f8b0:4000:803::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 66ms, Average = 66ms
Server:  UnKnown
Address:  2602:301:7786:f0f0::1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:58:c02::a9: time=100ms 
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 100ms, Maximum = 100ms, Average = 100ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...14 cc 20 1b 24 4a ......Qualcomm Atheros AR938x Wireless Network Adapter
  5...16 cc 20 1b 24 4a ......Microsoft Wi-Fi Direct Virtual Adapter
  4...e0 3f 49 56 b4 57 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.79     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.79    276
     192.168.1.79  255.255.255.255         On-link      192.168.1.79    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.79    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.79    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.79    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    276 ::/0                     fe80::769d:dcff:fec1:18a9
  1    306 ::1/128                  On-link
  2    306 2001::/32                On-link
  2    306 2001:0:9d38:6abd:24f4:3c75:e887:90f0/128
                                    On-link
  4    276 2602:301:7786:f0f0::/64  On-link
  4    276 2602:301:7786:f0f0::3f2/128
                                    On-link
  4    276 2602:301:7786:f0f0:21c8:8354:a780:457d/128
                                    On-link
  4    276 2602:301:7786:f0f0:8dda:ac37:d0f5:6326/128
                                    On-link
  4    276 fe80::/64                On-link
  2    306 fe80::/64                On-link
  4    276 fe80::21c8:8354:a780:457d/128
                                    On-link
  2    306 fe80::24f4:3c75:e887:90f0/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    276 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/27/2016 04:25:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: RYAN-DESKTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/27/2016 04:23:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: RYAN-DESKTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/27/2016 04:20:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.713, time stamp: 0x5833ee87
Faulting module name: eModel.dll, version: 11.0.10586.713, time stamp: 0x5833eb23
Exception code: 0xc0000409
Fault offset: 0x0000000000129bef
Faulting process id: 0x1964
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service PC Speed Up Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service NetUtils2016srv since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Web Key In since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/27/2016 04:17:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.713, time stamp: 0x5833ee87
Faulting module name: eModel.dll, version: 11.0.10586.713, time stamp: 0x5833eb23
Exception code: 0xc0000409
Fault offset: 0x0000000000129bef
Faulting process id: 0x2660
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
Error: (12/27/2016 03:55:23 AM) (Source: Application Hang) (User: )
Description: The program sllauncher.exe version 5.1.30514.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1ce4
 
Start Time: 01d2603814d54650
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
 
Report Id: 58870d9a-cc2b-11e6-9c39-e03f4956b457
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/27/2016 03:54:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.672, time stamp: 0x580ee8b2
Faulting module name: twinui.appcore.dll, version: 10.0.10586.672, time stamp: 0x580ef0a5
Exception code: 0x80270233
Fault offset: 0x0000000000166c44
Faulting process id: 0x26dc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
 
System errors:
=============
Error: (12/27/2016 04:29:23 AM) (Source: Service Control Manager) (User: )
Description: The Update service service failed to start due to the following error: 
%%5 = Access is denied.
 
 
Error: (12/27/2016 04:27:04 AM) (Source: Service Control Manager) (User: )
Description: The Update service service failed to start due to the following error: 
%%5 = Access is denied.
 
 
Error: (12/27/2016 04:26:40 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Sync Host_42ff8 service to connect.
 
Error: (12/27/2016 04:26:39 AM) (Source: DCOM) (User: RYAN-DESKTOP)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 
Error: (12/27/2016 04:26:38 AM) (Source: DCOM) (User: RYAN-DESKTOP)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
 
Error: (12/27/2016 04:26:30 AM) (Source: Service Control Manager) (User: )
Description: The Sync Host_42ff8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/27/2016 04:25:14 AM) (Source: DCOM) (User: RYAN-DESKTOP)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (12/27/2016 04:00:47 AM) (Source: Service Control Manager) (User: )
Description: The Update service service failed to start due to the following error: 
%%5 = Access is denied.
 
 
Error: (12/27/2016 04:00:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Sync Host_1c34fe service to connect.
 
Error: (12/27/2016 04:00:18 AM) (Source: DCOM) (User: RYAN-DESKTOP)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2016 04:25:14 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: RYAN-DESKTOP)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (12/27/2016 04:23:14 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: RYAN-DESKTOP)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147417836
 
Error: (12/27/2016 04:20:11 AM) (Source: Application Error)(User: )
Description: MicrosoftEdge.exe11.0.10586.7135833ee87eModel.dll11.0.10586.7135833eb23c00004090000000000129bef196401d2603b90cc1876C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dlld8665a15-a622-4a2a-92af-3961ecfb9f86Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service PC Speed Up Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service NetUtils2016srv since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Web Key In since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (12/27/2016 04:18:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/27/2016 04:17:05 AM) (Source: Application Error)(User: )
Description: MicrosoftEdge.exe11.0.10586.7135833ee87eModel.dll11.0.10586.7135833eb23c00004090000000000129bef266001d2603b214b9a9dC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll7e625033-2695-4928-bc29-1b921d02684aMicrosoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (12/27/2016 03:55:23 AM) (Source: Application Hang)(User: )
Description: sllauncher.exe5.1.30514.01ce401d2603814d546504294967295C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe58870d9a-cc2b-11e6-9c39-e03f4956b457
 
Error: (12/27/2016 03:54:59 AM) (Source: Application Error)(User: )
Description: Explorer.EXE10.0.10586.672580ee8b2twinui.appcore.dll10.0.10586.672580ef0a5802702330000000000166c4426dc01d260380c8267dbC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\twinui.appcore.dllbbe30d02-a82e-4df5-b3cc-1915977a6974
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-12-27 04:00:27.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-27 03:36:57.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-27 03:36:57.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-27 03:36:57.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-27 03:36:57.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 23:31:34.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 23:31:34.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-23 03:11:24.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-22 23:34:53.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-22 23:29:31.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
7-Zip 15.11 beta (x64) (HKLM\...\7-Zip) (Version: 15.11 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.90 - NVIDIA Corporation) Hidden
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.3.2.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.13.160818 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
ChessBase Reader (HKLM-x32\...\{52A3CA50-6E19-40B2-AD6D-2B7B2D89A8E4}) (Version: 12.44.0.0 - ChessBase)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
CLANNAD Full Voice 1.5 (HKLM-x32\...\{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1) (Version:  - Visual Art's / Key)
Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CSGO Demos Manager version 2.3.2 (HKLM-x32\...\{2CC5723B-69A1-4B82-AA32-34968284F9C3}_is1) (Version: 2.3.2 - AkiVer)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0221 - Disc Soft Ltd)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESEA Client (HKCU\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
EVE Online (HKCU\...\{9eac5299-40cb-401f-b6d4-9ea4c7113466}) (Version: 1.0.0 - CCP)
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.2 - EVEMon Development Team)
f.lux (HKCU\...\Flux) (Version:  - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FIFA 15 Ultimate Team Edition version 1.0 (HKLM-x32\...\{32C4CF13-4052-488F-90B0-C5A15C5E2E0E}_is1) (Version: 1.0 - )
Foldit (HKLM-x32\...\Foldit) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.2.3.0 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
G-senjou no Maou - The Devil on G-String (HKLM-x32\...\G-senjou no Maou - The Devil on G-String_is1) (Version:  - )
Gyazo 3.2.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICC for Windows 1.0 beta 9.6.15 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
iMazing 2.1.5.0 (HKLM\...\iMazing_is1) (Version: 2.1.5.0 - DigiDNA)
InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version:  - Steel Crate Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Max Payne (HKLM\...\Steam App 12140) (Version:  - Remedy Entertainment)
Metro 2033 (HKLM\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{CF38915C-0AFA-44BE-A656-B7E3BB40BED5}) (Version: 4.28.1.0 - Domit LTD)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
Muv-Luv DVD Ver. 1.0 (HKLM-x32\...\Muv-Luv DVD Ver.) (Version: 1.0 - Amaterasu Translations)
My Game Long Name (HKLM\...\UDK-c9cd425a-948c-4de0-b551-35dfdf575318) (Version:  - Epic Games, Inc.)
Node.js (HKLM\...\{B5FEC613-8EBC-43C3-A232-693D96E07CCF}) (Version: 4.5.0 - Node.js Foundation)
NotGTAV (HKLM\...\Steam App 369580) (Version:  - NotGames)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.6.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.6.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{7ed76154-a131-49bf-aa45-5d56ddcd1be3}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Papers, Please (HKLM\...\Steam App 239030) (Version:  - 3909)
PlayCatan Access Software (HKLM-x32\...\PlayCatan Client) (Version: 3.1200 - Catan GmbH)
Please Don’t Touch Anything version 1.5.0.0 (HKLM-x32\...\Please Don’t Touch Anything_is1) (Version: 1.5.0.0 - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.9.0 - Popcorn Time)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Python 3.5.2 (32-bit) (HKCU\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (Anaconda3 4.1.1 64-bit) (HKLM\...\Python 3.5.2 (Anaconda3 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit debug) (HKLM-x32\...\{8932C5F0-F562-4340-8AE8-EEB7215E3C01}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit symbols) (HKLM-x32\...\{5391D1DE-7B8E-47D3-B37D-F15E05781280}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit debug) (HKLM-x32\...\{4DB40743-04BD-46C5-9790-1E93ED1F6652}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit debug) (HKLM-x32\...\{FC52E479-A90B-4106-8E7E-05F9983807B3}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit symbols) (HKLM-x32\...\{19E6DB1B-84C4-4A88-900F-9C5E9810C012}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit debug) (HKLM-x32\...\{FC9F1213-740C-47E4-8D85-8D3C363278C7}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit symbols) (HKLM-x32\...\{A87A0A4A-2767-4772-8EA0-A85F2CF62D69}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit debug) (HKLM-x32\...\{22528ED8-4182-466B-858E-327560B4A8FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit symbols) (HKLM-x32\...\{8799377B-3840-43B7-BDB1-DDAC2F2907C7}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit debug) (HKLM-x32\...\{D8F7ECCF-8620-4F34-9B3C-19AF1B1F3408}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit symbols) (HKLM-x32\...\{A1FF45E3-453E-4411-B308-D6E93023423C}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RescueTime 2.12.5.1487 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Sakura Spirit (HKLM-x32\...\Steam App 313740) (Version:  - Winged Cloud)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Simple Port Tester (HKLM-x32\...\Simple Port Tester3.0.0) (Version: 3.0.0 - PcWinTech.com)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Spotify (HKCU\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Taiga (HKCU\...\Taiga) (Version: 1.2 - erengy)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\The Stanley Parable) (Version: 1.0 - Galactic Cafe)
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 8130.14 MB
Available physical RAM: 4225.18 MB
Total Virtual: 16834.14 MB
Available Virtual: 12465.35 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:223.08 GB) (Free:83.06 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:931.07 GB) (Free:394.71 GB) NTFS
4 Drive f: (MUVLUV EXTRA) (CDROM) (Total:1.18 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\RYAN-DESKTOP
 
Administrator            DefaultAccount           Guest                    
Ryan                     
 
========================= Restore Points ==================================
 
11-12-2016 14:06:28 Scheduled Checkpoint
21-12-2016 03:55:24 Scheduled Checkpoint
27-12-2016 12:18:21 Removed Microsoft Silverlight
 
**** End of log ****


#5 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 08:18 AM

Right now I'm unable to run another scan on MBAM 3. It's been stuck looking for updates for about 15 minutes now. Here are the logs of the scans I've already done. There are also literally 100s of website blocked reports in addition to this

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/27/16
Scan Time: 3:57 AM
Logfile: scan0.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RYAN-DESKTOP\Ryan
 
-Scan Summary-
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 2508
Time Elapsed: 2 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Disabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 1
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, Quarantined, [539], [311034],1.0.869
 
Module: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [863], [318108],1.0.869
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, Quarantined, [539], [311034],1.0.869
 
Registry Key: 2
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SCService, Quarantined, [7800], [117443],1.0.869
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Removal Failed, [863], [325509],1.0.869
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [863], [318108],1.0.869
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, Quarantined, [539], [311034],1.0.869
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\PC SPEED UP\SPEEDCHECKERSERVICE.EXE, Quarantined, [7800], [117443],1.0.869
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, Quarantined, [863], [325509],1.0.869
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/27/16
Scan Time: 4:04 AM
Logfile: scan1.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RYAN-DESKTOP\Ryan
 
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1733
Time Elapsed: 0 min, 25 sec
 
-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 3
PUP.Optional.ConvertAd, C:\Program Files (x86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [77], [262107],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService.exe, Quarantined, [7800], [254781],1.0.869
 
Module: 7
PUP.Optional.ConvertAd, C:\Program Files (x86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [77], [262107],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUHelper.dll, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService.exe, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PopupNotification.dll, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Sqlite3.dll, Quarantined, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Sqlite3.dll, Quarantined, [7800], [254781],1.0.869
 
Registry Key: 26
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HDWallPaper_is1, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\covevote, Delete-on-Reboot, [77], [262107],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.SysUtils.1, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C42038D-817A-472C-8C2A-EF46F1DA576D}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{873C7DA8-195D-4D5A-B830-C5E2831901EA}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3157E247-2784-4028-BF0F-52D6DDC70E1B}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.SYSUTILS, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry.1, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.REGISTRY, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}\InprocServer32, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}\InprocServer32, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUService, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCSU-SL_is1, Delete-on-Reboot, [7800], [254781],1.0.869
Adware.OptimizerEliteMax, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OneSystemCare, Delete-on-Reboot, [539], [311034],1.0.869
 
Registry Value: 1
PUP.Optional.PCSpeedUp, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCSpeedUp, Delete-on-Reboot, [7800], [254781],1.0.869
 
Data Stream: 0
(No malicious items detected)
 
Folder: 6
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.ConvertAd, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457, Delete-on-Reboot, [77], [262107],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\PC SPEED UP, Delete-on-Reboot, [7800], [254781],1.0.869
 
File: 70
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images\title_chinese.png, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images\title_english.png, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language\ChineseSimp.lng, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language\English.lng, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\autoUpdate.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\deInit.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\HDInstaller.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\promote.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\TaskSetter.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\unins000.dat, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\unins000.exe, Delete-on-Reboot, [170], [314832],1.0.869
PUP.Optional.ConvertAd, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\UNINSTALL.EXE, Delete-on-Reboot, [77], [262107],1.0.869
PUP.Optional.ConvertAd, C:\Program Files (x86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Delete-on-Reboot, [77], [262107],1.0.869
PUP.Optional.ConvertAd, C:\Program Files (x86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\vnssBDEE.tmp, Delete-on-Reboot, [77], [262107],1.0.869
PUP.Optional.PCSpeedUp, C:\PROGRAM FILES (X86)\PC SPEED UP\SPEEDCHECKERSERVICE.INSTALLLOG, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-ar.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-cs.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-da.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-de.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-en.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-es.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-fi.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-fr.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-hu.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-it.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-jp.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-nl.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-no.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-pl.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-pt.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-ro.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-ru.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-se.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-sk.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-sl.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\am-tr.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Images\probe-en.png, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\agsXMPP.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\App.config, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Common.Logging.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Icon.ico, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\InstallUtil.InstallLog, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Interop.SHDocVw.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\ManagedWifi.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSpeedUp.s3db, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSpeedUp.sys, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUBootTimes.log, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUHelper.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSULauncher.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUSD.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService-Timer.log, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService.conf, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUService.log, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUSpeedTest.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUSpeedTest.exe.config, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PCSUUCC.log, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\PopupNotification.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\SharpBrake.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\SpeedChecker.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe.config, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.InstallState, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\Sqlite3.dll, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\unins000.dat, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\unins000.exe, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\unins000.msg, Delete-on-Reboot, [7800], [254781],1.0.869
PUP.Optional.PCSpeedUp, C:\Program Files (x86)\PC Speed Up\uninstaller.dat, Delete-on-Reboot, [7800], [254781],1.0.869
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\UNINSTALLER.EXE, Delete-on-Reboot, [539], [311034],1.0.869
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/27/16
Scan Time: 4:04 AM
Logfile: scan2.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RYAN-DESKTOP\Ryan
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410416
Time Elapsed: 8 min, 17 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [10273], [257681],1.0.869
 
Module: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [10273], [257681],1.0.869
 
Registry Key: 49
PUP.Optional.YellowSend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YSPackage, Delete-on-Reboot, [6076], [182011],1.0.869
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [260991],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\36896889, Delete-on-Reboot, [1732], [183038],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\60122809, Delete-on-Reboot, [1732], [183038],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\66120757, Delete-on-Reboot, [1732], [183038],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga3689688936896889, Delete-on-Reboot, [1732], [183039],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga6012280960122809, Delete-on-Reboot, [1732], [183039],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ga6612075766120757, Delete-on-Reboot, [1732], [183039],1.0.869
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\HDWallPaper, Delete-on-Reboot, [170], [314836],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\k66120757, Delete-on-Reboot, [1732], [260960],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Monitor, Delete-on-Reboot, [580], [241385],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Run Delay, Delete-on-Reboot, [580], [241385],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Task, Delete-on-Reboot, [580], [241385],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC SpeedUp Service Deactivator, Delete-on-Reboot, [7800], [241620],1.0.869
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, Delete-on-Reboot, [436], [260243],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1829F014-5B90-489A-818E-357A7F2353AA}, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26AAB96A-0CDD-4817-BBEA-E161F40556C4}, Delete-on-Reboot, [170], [316538],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3D039C17-E63F-4E0F-8958-5D5F2EB91A5F}, Delete-on-Reboot, [580], [258294],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F2EE560-0724-4E46-B4F5-BBDEBF264510}, Delete-on-Reboot, [580], [258705],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A368B03-C716-495C-95E4-85A559BDB3F8}, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668951B7-92B2-4BC7-B294-649BD5A288DE}, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9F5CF4F4-CDC6-42D2-9FB2-CEB2D7DDABAC}, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C19E778D-E8EB-4DE0-917F-83044D70137C}, Delete-on-Reboot, [580], [258705],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DFD2790D-B558-4D5C-88FF-B2CBD8791584}, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB47E78C-64E3-4CE7-807B-3A5AB5AFC016}, Delete-on-Reboot, [7800], [258108],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7776880-C35B-4444-9973-1F7D445A41FB}, Delete-on-Reboot, [1732], [260959],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FAFDAC68-FAC8-44E8-9392-B6BF5948B043}, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF37C79C-9036-447E-B82A-BB09C56BC71B}, Delete-on-Reboot, [436], [260242],1.0.869
PUP.Optional.ProxyGate.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [14745], [-1],0.0.0
PUP.Optional.WinYahoo, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Delete-on-Reboot, [116], [262014],1.0.869
PUP.Optional.PCSpeedUp, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\SPEEDCHECKER LIMITED\PC Speed Up, Delete-on-Reboot, [7800], [241619],1.0.869
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [260991],1.0.869
PUP.Optional.Searching, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, Delete-on-Reboot, [14783], [186517],1.0.869
PUP.Optional.SearchManager, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [183362],1.0.869
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ACF09E7E-92C9-4D7E-942E-C7D259226F12}, Delete-on-Reboot, [17685], [256101],1.0.869
PUP.Optional.ProxyGate, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1, Delete-on-Reboot, [1169], [337556],1.0.869
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\Speedchecker Limited, Delete-on-Reboot, [11992], [188281],1.0.869
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Delete-on-Reboot, [863], [318109],1.0.869
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016srv, Delete-on-Reboot, [863], [325507],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Delete-on-Reboot, [7800], [241622],1.0.869
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, Delete-on-Reboot, [11992], [188281],1.0.869
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PopupProduct, Delete-on-Reboot, [191], [251421],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Delete-on-Reboot, [7800], [246229],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, Delete-on-Reboot, [7800], [246229],1.0.869
PUP.Optional.InstallCore, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\csastats, Delete-on-Reboot, [8], [260986],1.0.869
PUP.Optional.InterStat, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\Interstatnogui, Delete-on-Reboot, [1693], [333863],1.0.869
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\One System Care, Delete-on-Reboot, [580], [311038],1.0.869
PUP.Optional.SpeedChecker, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\Speedchecker Limited, Delete-on-Reboot, [1860], [246252],1.0.869
PUP.Optional.ProductSetup, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [16947], [242047],1.0.869
 
Registry Value: 33
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{93b89ded-9ab9-4b2b-a43e-ddeab0ad82e6}|NameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{93b89ded-9ab9-4b2b-a43e-ddeab0ad82e6}|DhcpNameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9d3aa841-11e0-498b-b349-ed503c5e870f}|NameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d8dda18d-726a-4ef3-b049-63b531e39f99}|NameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d8dda18d-726a-4ef3-b049-63b531e39f99}|DhcpNameServer, Replace-on-Reboot, [45], [-1],0.0.0
PUP.Optional.SpeedChecker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SPEEDCHECKERSERVICE.EXE, Delete-on-Reboot, [1860], [255290],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1829F014-5B90-489A-818E-357A7F2353AA}|PATH, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26AAB96A-0CDD-4817-BBEA-E161F40556C4}|PATH, Delete-on-Reboot, [170], [316538],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3D039C17-E63F-4E0F-8958-5D5F2EB91A5F}|PATH, Delete-on-Reboot, [580], [258294],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F2EE560-0724-4E46-B4F5-BBDEBF264510}|PATH, Delete-on-Reboot, [580], [258705],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A368B03-C716-495C-95E4-85A559BDB3F8}|PATH, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668951B7-92B2-4BC7-B294-649BD5A288DE}|PATH, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9F5CF4F4-CDC6-42D2-9FB2-CEB2D7DDABAC}|PATH, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C19E778D-E8EB-4DE0-917F-83044D70137C}|PATH, Delete-on-Reboot, [580], [258705],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DFD2790D-B558-4D5C-88FF-B2CBD8791584}|PATH, Delete-on-Reboot, [1732], [183035],1.0.869
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB47E78C-64E3-4CE7-807B-3A5AB5AFC016}|PATH, Delete-on-Reboot, [7800], [258108],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7776880-C35B-4444-9973-1F7D445A41FB}|PATH, Delete-on-Reboot, [1732], [260959],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FAFDAC68-FAC8-44E8-9392-B6BF5948B043}|PATH, Delete-on-Reboot, [1732], [183036],1.0.869
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF37C79C-9036-447E-B82A-BB09C56BC71B}|PATH, Delete-on-Reboot, [436], [260242],1.0.869
PUP.Optional.InterStat, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERSTATNOGUI, Delete-on-Reboot, [1693], [333870],1.0.869
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PROXYGATE, Delete-on-Reboot, [14745], [184419],1.0.869
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [14745], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [14745], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [14745], [-1],0.0.0
PUP.Optional.WinYahoo, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Delete-on-Reboot, [116], [262014],1.0.869
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ACF09E7E-92C9-4D7E-942E-C7D259226F12}|OSDFILEURL, Delete-on-Reboot, [17685], [256101],1.0.869
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ACF09E7E-92C9-4D7E-942E-C7D259226F12}|FAVICONURL, Delete-on-Reboot, [17685], [256101],1.0.869
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ACF09E7E-92C9-4D7E-942E-C7D259226F12}|URL, Delete-on-Reboot, [17685], [256101],1.0.869
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [17685], [291049],1.0.869
PUP.Optional.ProductSetup, HKU\S-1-5-21-1352967727-2372577544-1043273383-1001\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [16947], [242047],1.0.869
 
Data Stream: 0
(No malicious items detected)
 
Folder: 42
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6c58440b-3995-0, Delete-on-Reboot, [45], [182288],1.0.869
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6c58440b-64b3-1, Delete-on-Reboot, [45], [182288],1.0.869
PUP.Optional.HDWallPaper, C:\USERS\RYAN\APPDATA\ROAMING\HDWallPaper, Delete-on-Reboot, [170], [314888],1.0.869
PUP.Optional.InterStat, C:\USERS\RYAN\APPDATA\ROAMING\Interstatnogui, Delete-on-Reboot, [1693], [333846],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\USERS\RYAN\APPDATA\ROAMING\One System Care, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.YellowSend, C:\USERS\RYAN\APPDATA\ROAMING\YSPackage, Delete-on-Reboot, [6076], [182011],1.0.869
PUP.Optional.CleanBrowser, C:\PROGRAM FILES (X86)\CleanBrowser, Delete-on-Reboot, [1859], [181961],1.0.869
PUP.Optional.PCSpeedUp, C:\USERS\RYAN\APPDATA\LOCAL\MICROSOFT\SILVERLIGHT\OUTOFBROWSER\SPEEDCHECKER.PCSPEEDUP, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\RestorePoints, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\ScanResults, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\USERS\RYAN\DOCUMENTS\PCSPEEDUP, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC SPEED UP, Delete-on-Reboot, [7800], [178843],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLCGEHABOLCAKKJHGMGPKAGPOLBJLHFA, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.HDWallPaper, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HDWALLPAPER, Delete-on-Reboot, [170], [314831],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\external, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\external, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\fonts, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\_metadata, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\ocx, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\USERS\RYAN\APPDATA\ROAMING\PROXYGATE, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.BitCoinMiner, C:\USERS\RYAN\APPDATA\ROAMING\VNLGP, Delete-on-Reboot, [253], [261840],1.0.869
PUP.Optional.BundleInstaller, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562, Delete-on-Reboot, [38], [341983],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\USERS\RYAN\APPDATA\LOCAL\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE, Delete-on-Reboot, [580], [241379],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457, Delete-on-Reboot, [10273], [257681],1.0.869
 
File: 199
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\6c58440b-3995-0\6c58440b-3995-0.d, Delete-on-Reboot, [45], [182288],1.0.869
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{0A0E0847-7E05-090F-7911-040A0F79110A}, Delete-on-Reboot, [45], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\6c58440b-64b3-1\BITE77B.tmp, Delete-on-Reboot, [45], [182288],1.0.869
PUP.Optional.HDWallPaper, C:\Users\Ryan\AppData\Roaming\HDWallPaper\config.ini, Delete-on-Reboot, [170], [314888],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Danish.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Dutch.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\English.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\French.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\German.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Italian.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Norwegian.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Parameters.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Portuguese.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Spanish.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\Swedish.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\tmpLang.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.OneSystemCare, C:\Users\Ryan\AppData\Roaming\One System Care\Languages\tmpParam.json, Delete-on-Reboot, [580], [178764],1.0.869
PUP.Optional.YellowSend, C:\Users\Ryan\AppData\Roaming\YSPackage\Uninstall.exe, Delete-on-Reboot, [6076], [182011],1.0.869
PUP.Optional.YellowSend, C:\Users\Ryan\AppData\Roaming\YSPackage\YSPackage.exe, Delete-on-Reboot, [6076], [182011],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\appicon_48.png, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\Error.jpg, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\index.html, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\metadata, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\Speedchecker.PCSpeedUp.ico, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\SplashScreen.jpg, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\state, Delete-on-Reboot, [7800], [178840],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\ScanResults\FragmentedDisksCollection.log, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\ScanResults\JunkFilesCollection.log, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\App.log, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\Users\Ryan\Documents\PCSpeedUp\CallCenterPCSU.png, Delete-on-Reboot, [7800], [178841],1.0.869
PUP.Optional.PCSpeedUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\PC Speed Up.lnk, Delete-on-Reboot, [7800], [178843],1.0.869
PUP.Optional.PCSpeedUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up\Uninstall PC Speed Up.lnk, Delete-on-Reboot, [7800], [178843],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\background.js, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\newtab-hp.js, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\newtab-hp.html, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata\verified_contents.json, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\favicon.png, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.SearchModule, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\manifest.json, Delete-on-Reboot, [815], [179455],1.0.869
PUP.Optional.HDWallPaper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper\HDWallPaper.lnk, Delete-on-Reboot, [170], [314831],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome\common.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome\lifecycle.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome\settings.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome\setup.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\chrome\utils.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\abtest.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\conf-sys.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\conf.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\nt_ptr.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\prefs-sys.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\prefs.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\settings-dev.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\common\udata.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\external\jquery-2.1.1.min.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\external\md5.min.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\external\string.min.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\external\underscore-min.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\AutoSuggest.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\contentscript.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\newtab-base.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\newtab-msg.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\search-engines.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\search-form.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\search\search-redirect.js, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\background.html, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\favicon.ico, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\content\newtab.html, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css\newtab.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css\search.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css\search2.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css\styles.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\css\white_bg.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\external\normalize.css, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\fonts\HelveticaNeue-Thin.otf, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\fonts\neue-bold.woff, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\fonts\neue.woff, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\01d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\01n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\02d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\02n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\03d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\03n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\04d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\04n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\09d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\09n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\10d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\10n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\11d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\11n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\13d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\13n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\50d.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\weather\50n.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\128.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\16.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\48.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\icons\close.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\bing.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\bluesky-bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\brush.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\clock.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\cloud.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\cupcake-bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\desk-bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\doodle.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\down.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\google.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\just-the-box.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\mountain-bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\pointer2.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\sea-bg.jpg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\yahoo.png, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\skin\images\yahoo.svg, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\_metadata\verified_contents.json, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.SearchManager, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.10.42_1\manifest.json, Delete-on-Reboot, [647], [331417],1.0.869
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Delete-on-Reboot, [863], [325509],1.0.869
PUP.Optional.ConvertAd, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\FILESSTASH\C6ABA25D-749C-BDAF-B9F3-85D48DEFA0BD_1D260FFF9CBD093, Delete-on-Reboot, [77], [100459],1.0.869
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Delete-on-Reboot, [116], [254335],1.0.869
PUP.Optional.BitCoinMiner, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\FILESSTASH\8F8859F2-203E-1440-EA28-7483458516AF_1D2610007A2BA0A, Delete-on-Reboot, [253], [337827],1.0.869
PUP.Optional.Search.ShrtCln, C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWW76BQV.DEFAULT\PREFS.JS, Replaced, [17685], [301760],1.0.869
PUP.Optional.Search.ShrtCln, C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWW76BQV.DEFAULT\PREFS.JS, Replaced, [17685], [303316],1.0.869
PUP.Optional.ProxyGate, C:\USERS\RYAN\APPDATA\ROAMING\PROXYGATE\DNS.DAT, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\ocx\mscomctl.ocx, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\Cloud.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\conf.dat, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\Config.ini, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\dbghelp.dll, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\list.dat, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\msvbvm60.dll, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGChk.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGCommon.dll, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGHelp.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGLog.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGNet.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\PGUpd.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\ProxyGate.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\Skin.dll, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\Socket.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\TrafficMonitor.exe, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.ProxyGate, C:\Users\Ryan\AppData\Roaming\ProxyGate\TrafficMonitor.ini, Delete-on-Reboot, [1169], [314822],1.0.869
PUP.Optional.BitCoinMiner, C:\USERS\RYAN\APPDATA\ROAMING\VNLGP\CONFIG.JSON, Delete-on-Reboot, [253], [261840],1.0.869
PUP.Optional.BitCoinMiner, C:\Users\Ryan\AppData\Roaming\vnlgp\setup.bin, Delete-on-Reboot, [253], [261840],1.0.869
PUP.Optional.BitCoinMiner, C:\Users\Ryan\AppData\Roaming\vnlgp\vnlgp-setup.exe, Delete-on-Reboot, [253], [261840],1.0.869
PUP.Optional.BitCoinMiner, C:\Users\Ryan\AppData\Roaming\vnlgp\vnlgp.exe, Delete-on-Reboot, [253], [261840],1.0.869
PUP.Optional.HDWallPaper, C:\USERS\PUBLIC\DESKTOP\HDWALLPAPER.LNK, Delete-on-Reboot, [170], [314838],1.0.869
PUP.Optional.PCSpeedUp, C:\USERS\RYAN\DESKTOP\PC SPEED UP.LNK, Delete-on-Reboot, [7800], [241611],1.0.869
PUP.Optional.OneSystemCare, C:\USERS\PUBLIC\DESKTOP\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [580], [241377],1.0.869
Adware.DotDo, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\INSTALLER1.EXE, Delete-on-Reboot, [54], [347972],1.0.869
Adware.OptimizerEliteMax, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.4E1010DC9547FC.EXE, Delete-on-Reboot, [539], [311034],1.0.869
PUP.Optional.PCSpeedUp, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.9359410752D38.EXE, Delete-on-Reboot, [7800], [77043],1.0.869
PUP.Optional.UserMon, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.0811B95B9AFE8.EXE, Delete-on-Reboot, [1907], [337830],1.0.869
PUP.Optional.Bundler, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\FSD84E5.EXE, Delete-on-Reboot, [222], [8918],1.0.869
PUP.Optional.ConvertAd, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\NSJ7F68.TMP, Delete-on-Reboot, [77], [290930],1.0.869
PUP.Optional.Amonetize, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\SDF810D.EXE, Delete-on-Reboot, [13], [118034],1.0.869
PUP.Optional.CurveLayer, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.96EC438B3DC898.EXE, Delete-on-Reboot, [1831], [337839],1.0.869
PUP.Optional.HDWallPaper, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.0797BC912F77BC.EXE, Delete-on-Reboot, [170], [314890],1.0.869
PUP.Optional.BundleInstaller, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\14795562\IC-0.DFADBAD02E7378.EXE, Delete-on-Reboot, [38], [341983],1.0.869
PUP.Optional.BundleInstaller, C:\Users\Ryan\AppData\Local\Temp\14795562\dlreport, Delete-on-Reboot, [38], [341983],1.0.869
PUP.Optional.SilentInstaller, C:\USERS\RYAN\APPDATA\LOCAL\TEMP\F9626892-7A78-3199-ABD2-97BBCE96297B\OFFERINSTALLER.EXE, Delete-on-Reboot, [3971], [11846],1.0.869
PUP.Optional.ConvertAd, C:\USERS\RYAN\APPDATA\LOCAL\D55651E1-1482810072-3C91-0AA6-E03F4956B457\NSCA031.TMP, Delete-on-Reboot, [77], [100459],1.0.869
PUP.Optional.WinYahoo, C:\USERS\RYAN\APPDATA\LOCAL\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HOWTOREMOVE\HOWTOREMOVE.HTML, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\chromium-min.jpg, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\control panel-min-min.JPG, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\down.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\ff menu.JPG, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\ff search engine-min.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\hp-min ff.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\hp-min ie.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\search engine.gif, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\setup pages.gif, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\sp-min.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\start-min.jpg, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\HowToRemove\up.png, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\lari, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.WinYahoo, C:\Users\Ryan\AppData\Local\{764F4013-52E7-2CAB-3F7F-09431B17F5DB}\temi, Delete-on-Reboot, [116], [302717],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\36896889, Delete-on-Reboot, [1732], [183029],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\PROGRAMDATA\NTUSER.POL, Delete-on-Reboot, [1732], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Delete-on-Reboot, [1732], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\60122809, Delete-on-Reboot, [1732], [183029],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\66120757, Delete-on-Reboot, [1732], [183029],1.0.869
PUP.Optional.PCSpeedUp, C:\WINDOWS\SYSTEM32\TASKS\PC SPEEDUP SERVICE DEACTIVATOR, Delete-on-Reboot, [7800], [241614],1.0.869
PUP.Optional.SearchModule, C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWW76BQV.DEFAULT\SEARCHPLUGINS\SMOD.XML, Delete-on-Reboot, [815], [242730],1.0.869
PUP.Optional.Goobzo, C:\WINDOWS\SYSTEM32\TASKS\SMW_P, Delete-on-Reboot, [436], [260240],1.0.869
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSTEM32\TASKS\HDWALLPAPER, Delete-on-Reboot, [170], [314835],1.0.869
PUP.Optional.Search.ShrtCln, C:\USERS\RYAN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [17685], [303046],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\ga3689688936896889, Delete-on-Reboot, [1732], [183030],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\ga6012280960122809, Delete-on-Reboot, [1732], [183030],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\ga6612075766120757, Delete-on-Reboot, [1732], [183030],1.0.869
PUP.Optional.PCSpeedUp, C:\WINDOWS\TASKS\PC SPEEDUP SERVICE DEACTIVATOR.JOB, Delete-on-Reboot, [7800], [241615],1.0.869
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\k66120757, Delete-on-Reboot, [1732], [260957],1.0.869
PUP.Optional.WinYahoo, C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWW76BQV.DEFAULT\SEARCHPLUGINS\SEARCH PROVIDED BY YAHOO.XML, Delete-on-Reboot, [116], [302449],1.0.869
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [580], [241379],1.0.869
PUP.Optional.OneSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care\One System Care on the Web.url, Delete-on-Reboot, [580], [241379],1.0.869
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Monitor, Delete-on-Reboot, [580], [241381],1.0.869
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Run Delay, Delete-on-Reboot, [580], [241381],1.0.869
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, Delete-on-Reboot, [580], [241381],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Delete-on-Reboot, [10273], [257681],1.0.869
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/27/16
Scan Time: 4:15 AM
Logfile: scan3.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RYAN-DESKTOP\Ryan
 
-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/27/16
Scan Time: 4:16 AM
Logfile: scan4.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RYAN-DESKTOP\Ryan
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410106
Time Elapsed: 9 min, 11 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [10273], [257681],1.0.869
 
Module: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [10273], [257681],1.0.869
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457, Quarantined, [10273], [257681],1.0.869
 
File: 2
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.869
PUP.Optional.ConvertAd.Gen, C:\PROGRAM FILES (X86)\D55651E1-1482838817-3C91-0AA6-E03F4956B457\knspC439.tmpfs, Quarantined, [10273], [257681],1.0.869
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 08:32 AM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.12.27.03
  rootkit: v2016.11.20.01
 
Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
Ryan :: RYAN-DESKTOP [administrator]
 
12/27/2016 04:37:00
mbar-log-2016-12-27 (04-37-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 342552
Time elapsed: 11 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#7 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 08:33 AM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.713.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8525074432, free: 5528309760
 
Downloaded database version: v2016.12.27.03
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.12.16.01
Initializing...
======================
------------ Kernel report ------------
     12/27/2016 04:36:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\DUKEMS.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\udfs.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.12.27.03
  rootkit: v2016.11.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe00091e3c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00091e3cb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00091e3c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00091d17ac0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00091caa230, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00091ca1060, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00091e3e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00091e3d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00091e3e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00091cb2e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00091caacb0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00091cb0060, DeviceName: \Device\0000002e\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FD62904
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1952595968
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6C4FDD9F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 467832832
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.713.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8525074432, free: 4131540992
 
Downloaded database version: v2016.12.27.03
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.12.16.01
=======================================
Initializing...
------------ Kernel report ------------
     12/27/2016 05:19:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\DUKEMS.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\udfs.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.12.27.03
  rootkit: v2016.11.20.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FD62904
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1952595968
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6C4FDD9F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 467832832
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished


#8 meltingshoe

meltingshoe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 08:36 AM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/27/2016 05:35:02 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 12/27/2016 05:35:20 AM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users