Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"black screen of death" and other issues


  • This topic is locked This topic is locked
11 replies to this topic

#1 jabe8

jabe8

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 22 May 2017 - 11:27 AM

Hi

My son's computer got the "black screen of death" and I tried the fixes found on the internet.  the windows NT had the explorer file so that wasn't the issue.  I did virus scans and malware scans and found links hijacked and usual suspects but issues are still persisting. the black screen still appears but eventually goes away but desktop appears but the internet is still spotty.  Safe mode works reasonably  fine.

any thoughts/help appreciated

cheers

John

attached are required files..  If other info needed let me know

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Ran by pchome (administrator) on PCHOME-PC (22-05-2017 12:04:10)
Running from C:\Users\pchome\Downloads
Loaded Profiles: pchome (Available Profiles: pchome & Andrew & Angela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-09-22] (Softthinks)
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\MountPoints2: {28eb14f7-811f-11e2-ae12-180373e3f377} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\...\MountPoints2: {36933b48-171b-11e1-9451-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerNap.lnk [2016-03-30]
ShortcutTarget: PowerNap.lnk -> C:\Windows\Installer\{922A8108-6233-4AD6-AFBB-6404D8FA80AF}\_B552E3076F62FC36041E75.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerNapWatcher.lnk [2016-03-30]
ShortcutTarget: PowerNapWatcher.lnk -> C:\Windows\Installer\{922A8108-6233-4AD6-AFBB-6404D8FA80AF}\_099AACE9C9FEB2FC019E22.exe ()
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0FDA6229-7EA9-4348-B458-FDBCD00FCD19}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1031FA8C-1CDB-44E6-856A-705568FFE185}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{15742562-47A7-4ECD-A53B-660165E9F74A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{46A5D018-E2D2-4A98-9787-7B6EBAB56611}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9245A9D1-C4D6-4FA0-A985-928AC0782526}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9245A9D1-C4D6-4FA0-A985-928AC0782526}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/23
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000 -> {3A428A84-F83A-47DB-BF00-90BAEAF4BF71} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll [2011-12-05] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll [2012-12-24] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-02-28] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2015-02-13] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2016-03-14] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: itq2b20z.default
FF ProfilePath: C:\Users\pchome\AppData\Roaming\TomTom\HOME\Profiles\q4cnw2ka.default [2015-12-30]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\pchome\AppData\Roaming\Mozilla\Firefox\Profiles\itq2b20z.default [2017-05-21]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3206514593-1303034295-3114100808-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_1\npsoe.dll [No File]
FF Plugin HKU\S-1-5-21-3206514593-1303034295-3114100808-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pchome\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-11-02] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.google.ca/?gws_rd=ssl"
CHR Profile: C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Adobe Acrobat) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-25]
CHR Extension: (Don't Starve) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2013-12-12]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-26] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Sudoku) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknjmdhcdfnhedcghbjbklllbliheppm [2013-11-22]
CHR Extension: (Plants vs Zombies) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-12-30]
CHR Extension: (AddThis) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcjhcfedjeaigjdoemnbgkmboooipml [2012-07-01]
CHR Extension: (Print Friendly & PDF) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-03-25]
CHR Extension: (Chrome Media Router) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-21]
CHR Extension: (Fishdom) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkccdpiifjkmjpinpcmndkifhnjhooj [2013-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.Andrew - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.Angela - C:\Users\Angela\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.H3YMBQUP5K3RNFR4RPOIXMDQ6E - C:\Users\Angela\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-12-13] (Dell Inc.)
S2 dell_power_nap_service; C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe [11776 2011-06-14] () [File not signed]
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\Studio\14.0\InterBaseXE3\bin\ibguard.exe [636744 2014-03-24] (Embarcadero Technologies, Inc.)
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\Studio\14.0\InterBaseXE3\bin\ibserver.exe [5487944 2014-03-24] (Embarcadero Technologies, Inc.)
S2 InterBaseGuardian; C:\INTERBASE65\bin\ibguard.exe [32768 2001-11-28] (Borland Software Corporation) [File not signed]
S3 InterBaseServer; C:\INTERBASE65\bin\ibserver.exe [1769472 2001-11-28] (Borland Software Corporation) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-21] ()
S2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
S0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S1 se64a; C:\Windows\SysWOW64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-05-21] ()
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-22 12:04 - 2017-05-22 12:04 - 00021328 _____ C:\Users\pchome\Downloads\FRST.txt
2017-05-22 12:04 - 2017-05-22 12:04 - 00000000 ____D C:\FRST
2017-05-22 12:03 - 2017-05-22 12:03 - 02429952 _____ (Farbar) C:\Users\pchome\Downloads\FRST64.exe
2017-05-21 14:45 - 2017-05-21 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-21 14:45 - 2017-05-21 14:45 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-21 14:44 - 2017-05-21 14:45 - 35357312 _____ (Adlice Software ) C:\Users\pchome\Downloads\RogueKiller_setup.exe
2017-05-21 14:42 - 2017-05-21 14:43 - 00219894 _____ C:\TDSSKiller.3.1.0.15_21.05.2017_14.42.06_log.txt
2017-05-21 14:41 - 2017-05-21 14:42 - 04922400 _____ (AO Kaspersky Lab) C:\Users\pchome\Downloads\tdsskiller (1).exe
2017-05-21 10:21 - 2017-05-21 10:21 - 00000000 ____D C:\Users\pchome\AppData\Roaming\SUPERAntiSpyware.com
2017-05-21 10:20 - 2017-05-21 10:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-21 10:20 - 2017-05-21 10:20 - 30144432 _____ (SUPERAntiSpyware) C:\Users\pchome\Downloads\SUPERAntiSpyware.exe
2017-05-21 10:20 - 2017-05-21 10:20 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-05-21 10:20 - 2017-05-21 10:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-05-21 10:20 - 2017-05-21 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-05-13 16:35 - 2017-05-13 16:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\PopcornTime
2017-05-13 16:33 - 2017-05-13 16:33 - 51928469 _____ (Popcorn Time ) C:\Users\Andrew\Documents\PopcornTime-latest.exe
2017-05-12 06:54 - 2017-05-12 06:54 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Google
2017-05-10 03:38 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 03:38 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 03:38 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 03:38 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 03:38 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 03:38 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 03:38 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 03:38 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 03:38 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 03:38 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 03:38 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 03:38 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 03:38 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 03:38 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 03:38 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 03:38 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 03:38 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 03:38 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 03:38 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 03:38 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 03:38 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 03:38 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 03:38 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 03:38 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 03:38 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 03:38 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 03:38 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 03:38 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 03:38 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 03:38 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 03:38 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 03:38 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 03:38 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 03:38 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 03:38 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 03:38 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 03:38 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 03:38 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 03:38 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 03:38 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 03:38 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 03:38 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 03:38 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 03:38 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 03:38 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 03:38 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 03:38 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 03:38 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 03:38 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 03:38 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 03:38 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 03:38 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 03:38 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 03:38 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 03:38 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 03:38 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 03:38 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 03:38 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 03:38 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 03:38 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 03:38 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 03:38 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 03:38 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 03:38 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 03:38 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 03:38 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 03:38 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 03:38 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 03:38 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 03:38 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 03:38 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 03:38 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 03:38 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 03:38 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 03:38 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 03:38 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 03:38 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 03:38 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 03:38 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 03:38 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 03:38 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 03:38 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 03:38 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 03:38 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 03:38 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 03:38 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 03:38 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 03:38 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 03:38 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 03:38 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 03:38 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 03:38 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 03:38 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 03:38 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 03:38 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 03:38 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 03:38 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 03:38 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 03:38 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 03:38 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 03:38 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 03:38 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 03:38 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 03:38 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 03:38 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 03:38 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 03:38 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 03:38 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 03:38 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 03:38 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 03:38 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 03:38 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 03:38 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 03:38 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 03:38 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 03:38 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 03:38 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 03:38 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 03:38 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 03:38 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 03:38 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 03:38 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 03:38 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 03:38 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 03:38 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 03:38 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 03:38 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 03:38 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 03:38 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 03:38 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 03:38 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 03:38 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 03:38 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 03:38 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 03:38 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 03:38 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 03:38 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-09 18:17 - 2017-05-09 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-03 09:07 - 2017-05-03 09:07 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-05-03 09:07 - 2017-05-03 09:07 - 00000000 ____D C:\Program Files\Dell Support Center
2017-05-03 09:03 - 2017-05-03 09:05 - 00003208 _____ C:\Windows\System32\Tasks\BundleApplicationRepairToolLauncherTask
2017-05-02 20:45 - 2017-05-02 20:45 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-04-29 11:30 - 2017-04-29 11:30 - 00381571 _____ C:\Users\Andrew\Documents\AddLight-4.1.3.jar
2017-04-23 08:02 - 2017-04-23 08:03 - 25887189 _____ C:\Users\Andrew\Documents\WD2_Club_Reward_tracks.zip
2017-04-23 07:57 - 2017-04-23 07:57 - 00000000 ____D C:\Users\Andrew\Desktop\WD2_Uplay_tracks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-22 11:57 - 2013-12-22 14:51 - 01656994 _____ C:\Windows\ntbtlog.txt
2017-05-22 10:59 - 2014-07-05 16:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-22 10:00 - 2011-12-02 22:12 - 00000000 ____D C:\ProgramData\MFAData
2017-05-22 07:37 - 2015-08-31 14:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\.minecraft
2017-05-22 07:19 - 2016-11-26 16:48 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2017-05-22 06:46 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-22 06:46 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-22 06:35 - 2016-11-11 15:35 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-22 06:31 - 2011-12-07 19:57 - 00000000 ____D C:\ProgramData\Embarcadero
2017-05-22 06:29 - 2011-11-24 22:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-05-22 06:27 - 2016-04-08 20:43 - 00000000 ____D C:\ProgramData\VMware
2017-05-22 06:27 - 2011-11-24 22:46 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-05-22 06:27 - 2011-11-24 22:46 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-05-22 06:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 22:19 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-21 22:14 - 2011-12-03 10:07 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 21:09 - 2011-11-24 22:42 - 00000000 ____D C:\ProgramData\Sonic
2017-05-21 16:58 - 2016-03-18 20:07 - 00001153 _____ C:\Users\Andrew\Desktop\Mozilla Firefox.lnk
2017-05-21 16:58 - 2015-08-29 13:19 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-21 16:57 - 2015-04-26 17:19 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-21 16:57 - 2015-03-03 20:05 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-21 16:57 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-21 14:46 - 2015-06-30 06:46 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-21 09:27 - 2011-12-07 08:27 - 00141168 _____ C:\Users\Angela\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-21 09:26 - 2012-01-14 09:38 - 00002319 _____ C:\Users\Angela\Desktop\Google Chrome.lnk
2017-05-20 21:35 - 2015-07-01 20:53 - 00000000 ____D C:\ProgramData\PCDr
2017-05-20 15:24 - 2015-07-31 09:17 - 00000000 ____D C:\Users\pchome\AppData\Local\Avg
2017-05-20 15:24 - 2015-07-22 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-20 15:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-20 10:42 - 2016-08-20 20:07 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\discord
2017-05-17 19:02 - 2016-07-21 01:19 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-17 19:02 - 2015-03-07 10:00 - 00001358 _____ C:\Users\Andrew\Desktop\ROBLOX Player.lnk
2017-05-17 19:02 - 2015-03-07 10:00 - 00001177 _____ C:\Users\Andrew\Desktop\ROBLOX Studio.lnk
2017-05-15 06:58 - 2011-12-17 12:43 - 00002487 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-14 03:00 - 2011-12-10 01:04 - 00000302 _____ C:\Windows\Tasks\InstallAware 2012 Updates.job
2017-05-13 20:09 - 2009-07-14 01:13 - 00785510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 20:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-11 23:54 - 2015-04-26 17:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 19:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-11 06:37 - 2009-07-14 00:45 - 00491248 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 22:12 - 2011-02-10 12:10 - 00761968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-10 19:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-09 18:17 - 2015-12-29 12:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-09 18:17 - 2015-12-29 12:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 18:17 - 2011-11-24 22:31 - 00000000 ____D C:\ProgramData\Skype
2017-05-07 21:50 - 2011-12-27 11:30 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-04 16:12 - 2014-12-26 16:36 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 09:07 - 2017-03-26 09:37 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-05-03 09:07 - 2011-11-24 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-05-03 09:03 - 2015-07-02 18:14 - 00000000 ____D C:\Users\pchome\AppData\Roaming\PCDr
2017-04-28 04:48 - 2015-04-26 17:19 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 04:48 - 2015-04-26 17:19 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2013-02-13 19:36 - 2013-10-21 18:51 - 0000100 _____ () C:\Users\pchome\AppData\Roaming\Camdata.ini
2013-02-13 19:36 - 2013-10-21 18:51 - 0000408 _____ () C:\Users\pchome\AppData\Roaming\CamLayout.ini
2013-02-13 19:36 - 2013-10-21 18:51 - 0000408 _____ () C:\Users\pchome\AppData\Roaming\CamShapes.ini
2013-02-13 19:36 - 2013-10-21 18:51 - 0004519 _____ () C:\Users\pchome\AppData\Roaming\CamStudio.cfg
2013-04-06 15:09 - 2013-04-06 15:09 - 0026900 _____ () C:\Users\pchome\AppData\Local\dt.dat
2016-08-08 17:38 - 2016-08-08 17:38 - 0000296 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Andrew\Roblox-Tool.exe
C:\Users\Public\AlexaNSISPlugin.12212.dll
 
 
Some files in TEMP:
====================
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\3oxevcm2.dll
2016-05-31 14:56 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081215556865.exe
2016-04-19 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081794353469.exe
2016-05-11 10:19 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_08661173869.exe
2016-02-02 20:22 - 2015-08-24 20:47 - 0192512 _____ () C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll
2017-02-12 10:20 - 2017-02-12 10:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Andrew\AppData\Local\Temp\jansi-64-877782393872881035.dll
2016-08-25 12:48 - 2016-08-25 12:48 - 0080114 _____ () C:\Users\Andrew\AppData\Local\Temp\JNativeHook-2.0.2.dll
2016-12-21 22:36 - 2016-12-21 22:36 - 0737856 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-04-21 03:15 - 2017-04-21 03:15 - 0739904 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-05-20 10:02 - 2017-05-20 10:02 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\rvhdfsep.dll
2016-05-13 20:49 - 2017-05-09 18:16 - 57906656 _____ (Skype Technologies S.A.) C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
2016-08-27 15:06 - 2016-08-27 15:03 - 0067130 _____ () C:\Users\Andrew\AppData\Local\Temp\Uninstall.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 0118784 _____ () C:\Users\Andrew\AppData\Local\Temp\xmlUpdater.exe
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\zfoqtlmd.dll
2017-05-20 21:23 - 2017-05-20 21:23 - 0011776 _____ () C:\Users\pchome\AppData\Local\Temp\282fmcpr.dll
2017-05-20 11:19 - 2017-05-20 11:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\5zy6qy5i.dll
2017-05-20 21:29 - 2017-05-20 21:29 - 0009216 _____ () C:\Users\pchome\AppData\Local\Temp\9mhnvenn.dll
2017-05-20 15:19 - 2017-05-20 15:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\cpbadlft.dll
2017-05-21 14:46 - 2017-04-27 21:11 - 1732864 _____ (Microsoft Corporation) C:\Users\pchome\AppData\Local\Temp\dllnt_dump.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\egkldpxa.dll
2017-05-20 11:20 - 2017-05-20 11:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\g8pyyhsy.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\no5dzyqt.dll
2017-05-20 15:20 - 2017-05-20 15:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\rj71bnn8.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-13 00:02
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 22 May 2017 - 08:02 PM

Welcome :)

 

Please remove this program:

Popcorn Time

 

There are two Faulty Device Manager Devices:

 

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

 

I would either update the driver, or uninstall these devices so can Windows may reinstall these on a reboot.

 

 

  • Highlight the entire content of the quote box below.

Start::  
FirewallRules: [{BC742A48-590A-4810-B367-6D3024EC25B1}] => (Allow) LPort=2869
FirewallRules: [{FEC29BF8-0F27-4779-9FA7-8A1BF898CA65}] => (Allow) LPort=1900
FirewallRules: [{79C74667-45F3-490E-BECB-0A7BFC6855DD}] => (Allow) LPort=25565
FirewallRules: [{07CE1B67-C5EC-402B-ABEC-EEF96344AC94}] => (Allow) LPort=56552
FirewallRules: [{2EB36F9A-6256-40D1-9620-E4F847C6857B}] => (Allow) LPort=80
C:\ProgramData\fontcacheev1.dat
C:\Users\Andrew\Roblox-Tool.exe
C:\Users\Public\AlexaNSISPlugin.12212.dll
Task: {1714F1FB-CC90-4913-A32F-82F8DDE1CEE9} - System32\Tasks\OHFPZMMSIB => C:\ProgramData\a453d201fe4d47bb99d9c2f5e7b0086a\a453d201fe4d47bb99d9c2f5e7b0086a.exe  <==== ATTENTION
Task: {3725E8AB-ABC6-4DA8-A973-4400AAEE5CCF} - System32\Tasks\QVBFFEWBVE => C:\ProgramData\8c99bf97ecc04c359cb2f43032bfc2bb\8c99bf97ecc04c359cb2f43032bfc2bb.exe  <==== ATTENTION
Task: {64710F98-FA97-4599-A13B-EEF09910EEDE} - \Windows Update Check - 0x0D1402B8 -> No File <==== ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1003\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-26] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {64710F98-FA97-4599-A13B-EEF09910EEDE} - \Windows Update Check - 0x0D1402B8 -> No File <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3206514593-1303034295-3114100808-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_1\npsoe.dll [No File]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [386]
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\3oxevcm2.dll
2016-05-31 14:56 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081215556865.exe
2016-04-19 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081794353469.exe
2016-05-11 10:19 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_08661173869.exe
2016-02-02 20:22 - 2015-08-24 20:47 - 0192512 _____ () C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll
2017-02-12 10:20 - 2017-02-12 10:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Andrew\AppData\Local\Temp\jansi-64-877782393872881035.dll
2016-08-25 12:48 - 2016-08-25 12:48 - 0080114 _____ () C:\Users\Andrew\AppData\Local\Temp\JNativeHook-2.0.2.dll
2016-12-21 22:36 - 2016-12-21 22:36 - 0737856 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-04-21 03:15 - 2017-04-21 03:15 - 0739904 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-05-20 10:02 - 2017-05-20 10:02 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\rvhdfsep.dll
2016-05-13 20:49 - 2017-05-09 18:16 - 57906656 _____ (Skype Technologies S.A.) C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
2016-08-27 15:06 - 2016-08-27 15:03 - 0067130 _____ () C:\Users\Andrew\AppData\Local\Temp\Uninstall.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 0118784 _____ () C:\Users\Andrew\AppData\Local\Temp\xmlUpdater.exe
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\zfoqtlmd.dll
2017-05-20 21:23 - 2017-05-20 21:23 - 0011776 _____ () C:\Users\pchome\AppData\Local\Temp\282fmcpr.dll
2017-05-20 11:19 - 2017-05-20 11:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\5zy6qy5i.dll
2017-05-20 21:29 - 2017-05-20 21:29 - 0009216 _____ () C:\Users\pchome\AppData\Local\Temp\9mhnvenn.dll
2017-05-20 15:19 - 2017-05-20 15:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\cpbadlft.dll
2017-05-21 14:46 - 2017-04-27 21:11 - 1732864 _____ (Microsoft Corporation) C:\Users\pchome\AppData\Local\Temp\dllnt_dump.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\egkldpxa.dll
2017-05-20 11:20 - 2017-05-20 11:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\g8pyyhsy.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\no5dzyqt.dll
2017-05-20 15:20 - 2017-05-20 15:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\rj71bnn8.dll
2016-02-02 20:22 - 2015-08-24 20:47 - 0192512 _____ () C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll
FirewallRules: [{807601E6-042F-4543-BA09-124FF53B579F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5702A97B-49B7-4143-A796-98DAAEFB00F1}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{86D70DE0-B86A-4FF3-902A-72E5F1DA08E8}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2AD46B2A-BB99-403E-890A-2E7DCD277632}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7535A877-A206-4094-9971-71354247F101}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{06014B80-E002-4417-8E97-0EB5D8A9C35C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
2017-05-13 16:35 - 2017-05-13 16:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\PopcornTime
2017-05-13 16:33 - 2017-05-13 16:33 - 51928469 _____ (Popcorn Time ) C:\Users\Andrew\Documents\PopcornTime-latest.exe
HOSTS:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 jabe8

jabe8
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 23 May 2017 - 05:11 PM

So far so good

 I copied and pasted the quoted text in FRST then hit fix.. I believe that is what i was to do :)

seems to be running smoother but explorer seems twitchy..any way here are the pasted results..

let me know if i missed anything

cheers

john

fixlog 1st

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by pchome (23-05-2017 16:57:01) Run:1
Running from C:\Users\pchome\Downloads
Loaded Profiles: pchome (Available Profiles: pchome & Andrew & Angela)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
  
FirewallRules: [{BC742A48-590A-4810-B367-6D3024EC25B1}] => (Allow) LPort=2869
FirewallRules: [{FEC29BF8-0F27-4779-9FA7-8A1BF898CA65}] => (Allow) LPort=1900
FirewallRules: [{79C74667-45F3-490E-BECB-0A7BFC6855DD}] => (Allow) LPort=25565
FirewallRules: [{07CE1B67-C5EC-402B-ABEC-EEF96344AC94}] => (Allow) LPort=56552
FirewallRules: [{2EB36F9A-6256-40D1-9620-E4F847C6857B}] => (Allow) LPort=80
C:\ProgramData\fontcacheev1.dat
C:\Users\Andrew\Roblox-Tool.exe
C:\Users\Public\AlexaNSISPlugin.12212.dll
Task: {1714F1FB-CC90-4913-A32F-82F8DDE1CEE9} - System32\Tasks\OHFPZMMSIB => C:\ProgramData\a453d201fe4d47bb99d9c2f5e7b0086a\a453d201fe4d47bb99d9c2f5e7b0086a.exe  <==== ATTENTION
Task: {3725E8AB-ABC6-4DA8-A973-4400AAEE5CCF} - System32\Tasks\QVBFFEWBVE => C:\ProgramData\8c99bf97ecc04c359cb2f43032bfc2bb\8c99bf97ecc04c359cb2f43032bfc2bb.exe  <==== ATTENTION
Task: {64710F98-FA97-4599-A13B-EEF09910EEDE} - \Windows Update Check - 0x0D1402B8 -> No File <==== ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1003\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-26] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\pchome\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {64710F98-FA97-4599-A13B-EEF09910EEDE} - \Windows Update Check - 0x0D1402B8 -> No File <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3206514593-1303034295-3114100808-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_1\npsoe.dll [No File]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [386]
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\3oxevcm2.dll
2016-05-31 14:56 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081215556865.exe
2016-04-19 16:03 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_081794353469.exe
2016-05-11 10:19 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\AppData\Local\Temp\avguirn_08661173869.exe
2016-02-02 20:22 - 2015-08-24 20:47 - 0192512 _____ () C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll
2017-02-12 10:20 - 2017-02-12 10:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Andrew\AppData\Local\Temp\jansi-64-877782393872881035.dll
2016-08-25 12:48 - 2016-08-25 12:48 - 0080114 _____ () C:\Users\Andrew\AppData\Local\Temp\JNativeHook-2.0.2.dll
2016-12-21 22:36 - 2016-12-21 22:36 - 0737856 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-04-21 03:15 - 2017-04-21 03:15 - 0739904 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-05-20 10:02 - 2017-05-20 10:02 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\rvhdfsep.dll
2016-05-13 20:49 - 2017-05-09 18:16 - 57906656 _____ (Skype Technologies S.A.) C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
2016-08-27 15:06 - 2016-08-27 15:03 - 0067130 _____ () C:\Users\Andrew\AppData\Local\Temp\Uninstall.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 0118784 _____ () C:\Users\Andrew\AppData\Local\Temp\xmlUpdater.exe
2017-05-20 06:22 - 2017-05-20 06:22 - 0000000 _____ () C:\Users\Andrew\AppData\Local\Temp\zfoqtlmd.dll
2017-05-20 21:23 - 2017-05-20 21:23 - 0011776 _____ () C:\Users\pchome\AppData\Local\Temp\282fmcpr.dll
2017-05-20 11:19 - 2017-05-20 11:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\5zy6qy5i.dll
2017-05-20 21:29 - 2017-05-20 21:29 - 0009216 _____ () C:\Users\pchome\AppData\Local\Temp\9mhnvenn.dll
2017-05-20 15:19 - 2017-05-20 15:19 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\cpbadlft.dll
2017-05-21 14:46 - 2017-04-27 21:11 - 1732864 _____ (Microsoft Corporation) C:\Users\pchome\AppData\Local\Temp\dllnt_dump.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\egkldpxa.dll
2017-05-20 11:20 - 2017-05-20 11:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\g8pyyhsy.dll
2017-05-20 21:44 - 2017-05-20 21:44 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\no5dzyqt.dll
2017-05-20 15:20 - 2017-05-20 15:20 - 0000000 _____ () C:\Users\pchome\AppData\Local\Temp\rj71bnn8.dll
2016-02-02 20:22 - 2015-08-24 20:47 - 0192512 _____ () C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll
FirewallRules: [{807601E6-042F-4543-BA09-124FF53B579F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5702A97B-49B7-4143-A796-98DAAEFB00F1}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{86D70DE0-B86A-4FF3-902A-72E5F1DA08E8}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2AD46B2A-BB99-403E-890A-2E7DCD277632}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7535A877-A206-4094-9971-71354247F101}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{06014B80-E002-4417-8E97-0EB5D8A9C35C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
2017-05-13 16:35 - 2017-05-13 16:35 - 00000000 ____D C:\Users\Andrew\AppData\Local\PopcornTime
2017-05-13 16:33 - 2017-05-13 16:33 - 51928469 _____ (Popcorn Time ) C:\Users\Andrew\Documents\PopcornTime-latest.exe
HOSTS:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC742A48-590A-4810-B367-6D3024EC25B1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEC29BF8-0F27-4779-9FA7-8A1BF898CA65} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79C74667-45F3-490E-BECB-0A7BFC6855DD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07CE1B67-C5EC-402B-ABEC-EEF96344AC94} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EB36F9A-6256-40D1-9620-E4F847C6857B} => value removed successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
C:\Users\Andrew\Roblox-Tool.exe => moved successfully
C:\Users\Public\AlexaNSISPlugin.12212.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1714F1FB-CC90-4913-A32F-82F8DDE1CEE9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1714F1FB-CC90-4913-A32F-82F8DDE1CEE9} => key removed successfully
C:\Windows\System32\Tasks\OHFPZMMSIB => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OHFPZMMSIB => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3725E8AB-ABC6-4DA8-A973-4400AAEE5CCF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3725E8AB-ABC6-4DA8-A973-4400AAEE5CCF} => key removed successfully
C:\Windows\System32\Tasks\QVBFFEWBVE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QVBFFEWBVE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64710F98-FA97-4599-A13B-EEF09910EEDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64710F98-FA97-4599-A13B-EEF09910EEDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x0D1402B8 => key not found. 
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1004\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3206514593-1303034295-3114100808-1003\User => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak <==== ATTENTION => not found
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64710F98-FA97-4599-A13B-EEF09910EEDE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x0D1402B8 => key not found. 
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f9bbf004-6e40-4019-8214-c43a37e1d058} => value removed successfully
HKCR\PROTOCOLS\Handler\linkscanner => key not found. 
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3 => key removed successfully
C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_1\npsoe.dll => not found.
C:\ProgramData\Temp => ":B1FBBD09" ADS removed successfully.
C:\Users\Andrew\AppData\Local\Temp\3oxevcm2.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\avguirn_081215556865.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\avguirn_081794353469.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\avguirn_08661173869.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\jansi-64-877782393872881035.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\JNativeHook-2.0.2.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\rvhdfsep.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\xmlUpdater.exe => moved successfully
C:\Users\Andrew\AppData\Local\Temp\zfoqtlmd.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\282fmcpr.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\5zy6qy5i.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\9mhnvenn.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\cpbadlft.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\egkldpxa.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\g8pyyhsy.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\no5dzyqt.dll => moved successfully
C:\Users\pchome\AppData\Local\Temp\rj71bnn8.dll => moved successfully
"C:\Users\Andrew\AppData\Local\Temp\GLFCA8B.tmp.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{807601E6-042F-4543-BA09-124FF53B579F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5702A97B-49B7-4143-A796-98DAAEFB00F1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86D70DE0-B86A-4FF3-902A-72E5F1DA08E8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AD46B2A-BB99-403E-890A-2E7DCD277632} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7535A877-A206-4094-9971-71354247F101} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06014B80-E002-4417-8E97-0EB5D8A9C35C} => value removed successfully
HKLM\System\CurrentControlSet\Services\Update service => key removed successfully
Update service => service removed successfully
C:\Users\Andrew\AppData\Local\PopcornTime => moved successfully
C:\Users\Andrew\Documents\PopcornTime-latest.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49312488 B
Java, Flash, Steam htmlcache => 41255114 B
Windows/system/drivers => 1521766983 B
Edge => 0 B
Chrome => 872159766 B
Firefox => 5947587 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 21970 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 49699 B
LocalService => 0 B
NetworkService => 2670 B
pchome => 196567554 B
Andrew => 16534237479 B
Angela => 269565881 B
 
RecycleBin => 13862874 B
EmptyTemp: => 18.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:08:16 ====
no jrt text
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by pchome (Administrator) on 23/05/2017 at 17:24:40.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\pchome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CZH3XW4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\pchome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZQ1LUHQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\pchome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1P8GOMF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\pchome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO4BXWKH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CZH3XW4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZQ1LUHQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1P8GOMF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO4BXWKH (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A428A84-F83A-47DB-BF00-90BAEAF4BF71} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/05/2017 at 17:36:17.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and last..adwcleaner
# AdwCleaner v6.047 - Logfile created 23/05/2017 at 18:43:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : pchome - PCHOME-PC
# Running from : C:\Users\pchome\Downloads\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dimpomefjdddhjmkjgjdokhidjkcmhhn
[-] Folder deleted: C:\Users\Andrew\AppData\Local\VirtualStore\Program Files (x86)\Movies Toolbar
[#] Folder deleted on reboot: C:\Users\Andrew\AppData\Local\VirtualStore\Program Files (x86)\movies toolbar
[-] Folder deleted: C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abhcboegnnahoblgogedeahdhhlbilmh
[-] Folder deleted: C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abhcboegnnahoblgogedeahdhhlbilmh
[-] Folder deleted: C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkopijddpkmggacdghppacglggodkcod
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.spigotmc.org_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.spigotmc.org_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adblock-pro.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adblock-pro.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_safesurfs.net_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_safesurfs.net_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchinsocial.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchinsocial.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_slender.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_slender.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.isanalyze.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.isanalyze.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage
[-] File deleted: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage-journal
[-] File deleted: C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File deleted: C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts\Star Wars Knights of the Old Republic II - The Sith Lords\ Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[-] Shortcut disinfected: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\Classes\bndle
[#] Key deleted on reboot: HKCU\Software\Classes\bndle
[-] Key deleted: HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\bndle
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\OutfoxTV
[-] Key deleted: HKU\S-1-5-21-3206514593-1303034295-3114100808-1000\Software\Auslogics
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\OutfoxTV
[#] Key deleted on reboot: HKCU\Software\Auslogics
[-] Key deleted: HKLM\SOFTWARE\RrFilter
[-] Key deleted: HKLM\SOFTWARE\SprgFiles
[#] Key deleted on reboot: [x64] HKCU\Software\OutfoxTV
[#] Key deleted on reboot: [x64] HKCU\Software\Auslogics
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.portaldosites.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.portaldosites.com
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: 
[-] Firefox preferences cleaned: 
[-] Firefox preferences cleaned: 
[-] [C:\Users\pchome\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: slender.en.softonic.com
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: eooncjejnppfjjklapaamhcdmjbilmde
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ieakfmpjhljbpbfpldjkddkjmmgjmgon
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mphpbdjcljebbcnfopfngmfdackbbdgf
[-] [C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: abhcboegnnahoblgogedeahdhhlbilmh
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [8586 Bytes] - [23/05/2017 18:43:25]
C:\AdwCleaner\AdwCleaner[R0].txt - [22448 Bytes] - [30/06/2015 09:04:49]
C:\AdwCleaner\AdwCleaner[R1].txt - [21452 Bytes] - [01/07/2015 18:22:27]
C:\AdwCleaner\AdwCleaner[R2].txt - [18004 Bytes] - [02/07/2015 12:18:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [23894 Bytes] - [30/06/2015 09:18:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [17943 Bytes] - [02/07/2015 12:20:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [10094 Bytes] - [23/05/2017 17:59:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9103 Bytes] ##########
 
 
 
 


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 23 May 2017 - 05:41 PM

You did great. Lets perform another scan.

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg


  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 jabe8

jabe8
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 23 May 2017 - 08:12 PM

an interesting, to me, thing happened while malware is doing its thing..  

I have avg running in background and avg has had several alerts 

here is one of them..all in the malware directory..thoughts??

 

"";"Trojan horse MSIL11.AGZD, c:\ProgramData\Malwarebytes\MBAMService\91c50122-4025-11e7-ac96-180373e3f377";"Unresolved"
 
malware still running..about half way done...
john


#6 jabe8

jabe8
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 23 May 2017 - 08:33 PM

from scan

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/23/17
Scan Time: 8:56 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2007
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pchome-PC\pchome
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 526721
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 34 min, 12 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Somoto, C:\USERS\ANDREW\DOCUMENTS\MINECRAFT_MOD_SETUP.ZIP, No Action By User, [367], [300911],1.0.2007
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
avg also detected
"";"Trojan horse ILHeur.CTL, c:\PROGRAMDATA\Malwarebytes\MBAMService\f9c72174-4025-11e7-85bb-180373e3f377";"Reboot is required to finish the action"
"";"Trojan horse MSIL10.BBEH, c:\PROGRAMDATA\Malwarebytes\MBAMService\9faa5634-4025-11e7-a939-180373e3f377";"Reboot is required to finish the action"
 
 


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 23 May 2017 - 09:59 PM

Those are false positives. The program defends itself by creating agresive drivers, which in turn may be detected as malware.

How is it doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jabe8

jabe8
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 May 2017 - 06:30 AM

ALOT better... thanks.. logged in fast.. will do more later on it to see how it goes.. 

what do you think the main culprit was to the issue?  

side note..one issue last night before reboot the only thing displayed was desktop..hopefully that won't happen again!!

this site is awesome!!

thanks tonnes

john


Edited by jabe8, 24 May 2017 - 06:41 AM.


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 24 May 2017 - 01:49 PM

Lots of adware.

 

Congratulations.

 

Lets remove the diagnostics tools:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 jabe8

jabe8
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 May 2017 - 04:01 PM

and tada

# DelFix v1.013 - Logfile created 24/05/2017 at 18:00:26
# Updated 17/04/2016 by Xplode
# Username : pchome - PCHOME-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\pchome\Downloads\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.44_01.07.2015_13.09.22_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_01.07.2015_18.36.36_log.txt
Deleted : C:\TDSSKiller.3.1.0.15_21.05.2017_14.42.06_log.txt
Deleted : C:\Users\pchome\Desktop\JRT.txt
Deleted : C:\Users\pchome\Downloads\Addition.txt
Deleted : C:\Users\pchome\Downloads\AdwCleaner.exe
Deleted : C:\Users\pchome\Downloads\adwcleaner_6.047 (1).exe
Deleted : C:\Users\pchome\Downloads\adwcleaner_6.047 (2).exe
Deleted : C:\Users\pchome\Downloads\adwcleaner_6.047.exe
Deleted : C:\Users\pchome\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\pchome\Downloads\Fixlog.txt
Deleted : C:\Users\pchome\Downloads\FRST.txt
Deleted : C:\Users\pchome\Downloads\FRST64.exe
Deleted : C:\Users\pchome\Downloads\JRT (1).exe
Deleted : C:\Users\pchome\Downloads\JRT.exe
Deleted : C:\Users\pchome\Downloads\MiniToolBox.exe
Deleted : C:\Users\pchome\Downloads\Result.txt
Deleted : C:\Users\pchome\Downloads\RogueKiller.exe
Deleted : C:\Users\pchome\Downloads\RogueKiller_setup.exe
Deleted : C:\Users\pchome\Downloads\tdsskiller (1).exe
Deleted : C:\Users\pchome\Downloads\tdsskiller.exe
Deleted : C:\Users\pchome\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
########## - EOF - ##########


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 24 May 2017 - 06:15 PM

Be safe. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 PM

Posted 24 May 2017 - 06:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users