Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to create a new folder anywhere windows 10 and bsod


  • Please log in to reply
12 replies to this topic

#1 thatoneguyyep101

thatoneguyyep101

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 June 2017 - 04:36 AM

I have a Windows 10 home, version 1703, os build 15063.413 64bit os x64 based processor.

6/15/17 is when I installed the current build of windows 10 I have now.

CPU: AMD A64400M with Radeon HD Graphics 2.70 GHz

 

Anyways I have an android phone and I was trying to free up files on the internal memory... and under the internal sd card there was a folder named "emulated" or something well I meant to click the folder next to it and delete it. But I deleted the emulated one. Now all my files such as music, pictures, some apps, etc I had on the phone are gone.

So I took the sd card out and was going to run some data recovery programs on it.

So I hooked the sd card up to my computer, and wanted to create a new folder to save the recovered files from the phones sd card to.

So I right clicked, the highlighted new and well... something weird happens. Instead of giving me options to create a new folder and whatnot it just blanks out on my desktop background, then windows quickly reloads all the desktop icons, notification area, taskbar, etc.

I tried creating a new folder on the desktop but am unable to.

I even tried creating a new folder within a folder. I can't get the "New" menu to open. When I try to open it everything goes blank except my desktop background, then quickly reloads.

Also lately I randomly get a BSOD saying something about "whea uncorrectable error" however I have a separate topic about that. But maybe they are related?

I didn't notice either of the problems until I recently upgraded to the build I'm on now. But build 1607 worked fine.

But I deleted it so I couldn't go back or whatever. Dumb I know.

Anyways I attached some screenshots of the issue. Thank you.

 

NOTE: When making this topic I could not find the file uploader anywhere, so I used postimage so I could share the screenshots.

I know where it's at but for some reason I can't find it while under "Am I infected? What do I do?" area.

I was going to use tinypic but couldn't ever get the "captcha" thing to show up.

 

Anyways here are the screenshots...

 

new_not_opening_1.png

 

new_not_opening_2.png

 

new_not_opening_3.png

 

new_not_opening_4.png

 

UPDATE 6/20/17 I logged into my mom's account (standard user not an admin) and I can create new folders just fine on her account. But when I switch back to mine I can't. Also when on tinypic the "captcha" thing never shows up. Same on some other websites such as the androidcentral website. Not sure if it's a firefox problem, or an issue with the computer?

 

UPDATE 6/27/17 When using CCleaner I noticed when I click "Tools" then "Uninstall" at the top of the list there is a thing in the list with no name and no publisher. Says it was installed 6/15/17. I don't remember what I did on my laptop that day.... I haven't downloaded anything to jeopardize the laptop or anything. I don't torrent or any of that. I don't even download music from the internet on my laptop. I use my phone for that. Anyways how do I find out what it is? I think I'll try running spybot and see if it finds anything. I apologize for all the updates. Just trying to be specific about the issues I've been noticing, maybe it'll help pinpoint the issue.

 

ccleaner_no_name.png


Edited by thatoneguyyep101, 21 June 2017 - 03:44 AM.


BC AdBot (Login to Remove)

 


#2 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 21 June 2017 - 05:07 AM

I said "UPDATE 6/27/17" but I meant 6/21/17... as it's not even the 27th yet.

I tried installing spybot and this happens, not sure what it means....

spybot_fail.png

 

It does install and run afterwards, but it says something about it has files missing to run scans or something, then I use the update feature, and it says it downloaded like 130 files or some huge number, but then when I try to run a scan after the update thing finished it still says it's missing files. It's like something is blocking it.

 

This is the logfile from adwcleaner...

# AdwCleaner v6.047 - Logfile created 21/06/2017 at 06:15:03
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-20.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : that1 - BRADNLN
# Running from : C:\Users\that1\Desktop\New Files\Run By Themselves\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Program Files (x86)\MalwareProtectionLive


***** [ Files ] *****

File Found:  C:\Users\that1\Desktop\ReimageRepair.exe
File Found:  C:\WINDOWS\Reimage.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found:  HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Reimage
Key Found:  HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKCU\Software\Reimage
Key Found:  HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKLM\SOFTWARE\WISECLEANER
Key Found:  [x64] HKCU\Software\Reimage
Key Found:  [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  [x64] HKLM\SOFTWARE\Reimage
Key Found:  HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3115 Bytes] - [27/01/2017 01:11:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [2608 Bytes] - [21/01/2017 09:36:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [3029 Bytes] - [27/01/2017 01:09:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [2617 Bytes] - [21/06/2017 06:15:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2690 Bytes] ##########


Edited by thatoneguyyep101, 21 June 2017 - 06:25 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:13 AM

Posted 25 June 2017 - 08:24 PM

Remove what ADW found

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner. -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista/Windows7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • [/list]
  • Do not reboot the computer, you will need to run the application again.

  • 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.
    [/list]
  • Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
  • [/list]

Edited by boopme, 25 June 2017 - 08:26 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 25 June 2017 - 11:28 PM

Thank you for your response boopme I have ran tdsskiller by kaspersky and it didn't find anything. I even had it reboot my computer so it could do the "loaded modules" thing. I am currently running adwcleaner then will follow the rest of the steps you provided (thank you again).

In the meantime I noticed I get a lot more errors saying "windows smartscreen can't be reached right now"

And I'm trying to root my mom's phone as I'm missing a file off of there I want. And I noticed I'm unable to run "oneclickroot.exe" as it says "No internet connection"

But I am connected to the internet.... and I got it to run fine to root my phone a few days ago.

But I uninstalled it because I didn't think I'd need it again. So I downloaded it from the official website, but it won't install because I'm apparently not connected to the internet even though I am.

 

Also in task manager under details there is something running named "AnonymizerLauncher.exe" with PID of 3576. When I right click it and select "go to services" there is nothing with a PID of 3576. I can right click it and end the task successfully. But it just shows up again later on. I even changed it to where under "startup" it says disabled.... yet it still keeps starting up with the computer.... not right away though.

When I go to file location it says it's located at "C:\Users\that1\AppData\Roaming\AGData\bin"

But I have deleted it before and it just keeps coming back. There are other files there also named "AnonymizerGadget.dll" and "AGLoader"

I strongly feel these files/processes are being shady and I don't believe I need them for anything.....

How do I get rid of them or find out what they are?

 

Anyways adwcleaner just finished and I see anonymizergadget is listed, so maybe that will fix it, there is also something named malwareprotectionlive and some stuff under the files and registry section. So I'll just select them all and see if it helps.

I did attach screenshots, hopefully they help.

 

AL1.png

 

AL2.png

 

This is the logfile you asked for from adwcleaner that was under the "cleaning" tab....

# AdwCleaner v6.047 - Logfile created 25/06/2017 at 23:29:28
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : that1 - BRADNLN
# Running from : C:\Users\that1\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\MalwareProtectionLive
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Users\that1\AppData\Roaming\AGData


***** [ Files ] *****

[-] File deleted: C:\Users\that1\Desktop\ReimageRepair.exe
[-] File deleted: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: HKCU\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: HKLM\SOFTWARE\WISECLEANER
[#] Key deleted on reboot: [x64] HKCU\Software\Reimage
[#] Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnonymizerGadget]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3115 Bytes] - [27/01/2017 01:11:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [2785 Bytes] - [25/06/2017 23:29:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [2608 Bytes] - [21/01/2017 09:36:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [3029 Bytes] - [27/01/2017 01:09:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [2789 Bytes] - [21/06/2017 06:15:03]
C:\AdwCleaner\AdwCleaner[S3].txt - [3141 Bytes] - [25/06/2017 23:20:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3150 Bytes] ##########
 

 

 

I will now run rkill and malwarebytes as instructed.

 

Here is the log from rkill......

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/25/2017 11:40:47 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/25/2017 11:42:36 PM
Execution time: 0 hours(s), 1 minute(s), and 49 seconds(s)
 

Now running malwarebytes.


Edited by thatoneguyyep101, 25 June 2017 - 11:44 PM.


#5 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 26 June 2017 - 12:34 AM

Here is the last log you asked for from mbam...

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/25/17
Scan Time: 11:57 PM
Log File: mbam log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2232
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BRADNLN\that1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 485729
Threats Detected: 151
Threats Quarantined: 151
Time Elapsed: 20 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1072], [327206],1.0.2232
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1072], [327205],1.0.2232
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AGProxyCheck, Quarantined, [1165], [356698],1.0.2232
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{719F5FA6-3298-4A69-B062-7AF469FCA238}, Quarantined, [1165], [356684],1.0.2232

Registry Value: 7
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1443068222-4010678181-1465487224-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1443068222-4010678181-1465487224-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1165], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{719F5FA6-3298-4A69-B062-7AF469FCA238}|PATH, Quarantined, [1165], [356684],1.0.2232

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 64
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\es_419, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en_US, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\zh_CN, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt_PT, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en_GB, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt_BR, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\zh_TW, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fil, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\am, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ar, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\be, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\bg, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\bn, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ca, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\cs, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\da, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\de, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\el, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\es, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\et, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fa, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fi, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fr, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\gu, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\he, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hr, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hu, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\id, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\it, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ja, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\kn, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ko, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\lt, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\lv, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\mk, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ml, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\mr, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ms, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\nl, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\no, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pl, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ro, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ru, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sk, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sl, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sq, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sr, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sv, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sw, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ta, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\te, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\th, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\tr, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\uk, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\vi, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hi, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\icons, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\files, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}, Quarantined, [1965], [352438],1.0.2232

File: 75
PUP.Optional.InstallCore, C:\USERS\THAT1\DESKTOP\BOOTICE.EXE, Quarantined, [3], [377459],1.0.2232
PUP.Optional.InstallCore, C:\USERS\THAT1\DESKTOP\CAMSTUDIO.EXE, Quarantined, [3], [301065],1.0.2232
PUP.Optional.InstallCore, C:\USERS\THAT1\DESKTOP\KINGOROOT.EXE, Quarantined, [3], [409722],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\files\main.css, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\icons\icon19.png, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\icons\icon48.png, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\icons\icon64.png, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin\arrow.png, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin\background.png, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin\bindings.css, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin\bindings.xml, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\skin\styles.css, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hi\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\am\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ar\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\be\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\bg\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\bn\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ca\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\cs\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\da\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\de\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\el\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en_GB\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\en_US\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\es\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\es_419\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\et\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fa\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fi\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fil\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\fr\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\gu\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\he\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hr\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\hu\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\id\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\it\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ja\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\kn\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ko\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\lt\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\lv\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\mk\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ml\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\mr\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ms\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\nl\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\no\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pl\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt_BR\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\pt_PT\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ro\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ru\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sk\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sl\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sq\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sr\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sv\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\sw\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\ta\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\te\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\th\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\tr\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\uk\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\vi\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\zh_CN\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\_locales\zh_TW\messages.json, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\background.html, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\chrome\background.xul, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.YTAdBlocker, C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}\install.rdf, Quarantined, [1965], [352438],1.0.2232
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\AGPROXYCHECK, Quarantined, [1165], [356709],1.0.2232
PUP.Optional.Babylon, C:\USERS\THAT1\DESKTOP\NEW FILES\SETUP FILES\UNLOCKER1.9.2.EXE, Quarantined, [1810], [76260],1.0.2232

Physical Sector: 0
(No malicious items detected)


(end)

 

I even ran sfc /scannow and it says "Windows Resource Protection did not find any integrity violations."

wrp.png


Edited by thatoneguyyep101, 26 June 2017 - 01:41 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:13 AM

Posted 26 June 2017 - 08:57 AM

You're Welcome!

restart the Machine,

If you still see Anonymizer then do this..

https://www.bleepingcomputer.com/startups/AnonymizerLauncher.exe-29113.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 26 June 2017 - 11:27 PM

I no longer see "AnonymizerLauncher.exe" running or booting up with the computer.

It still does have other issues that I mentioned which are... I'm still unable to create a new folder when right clicking on the desktop and bringing up the context menus.. when I hover over "New" it's like explorer.exe crashes the restarts or something. I posted screenshots of this in my first post.

I can however open "This PC" and click Desktop then "New folder" and make on that way without issues...

 

When using CCleaner I still notice when I click "Tools" then "Uninstall" at the top of the list there is a thing in the list with no name and no publisher. Says it was installed 6/15/17, not sure what it is. (screenshots in post #1)

 

When trying to install "oneclickroot.exe" as it says "No internet connection" even though I am clearly connected to the internet.... as I'm using the same computer to make this post...

 

Issues I was having that seem to be resolved are below...

It's been a few days since I've had the BSOD saying "whea uncorrectable error"

tinypic loads the "captcha" things now, slowly... but they do load.

spybot installed without issues that I mentioned in post #2 so I will run a scan with it and see what it says, will post the results later.

Has also been a few days since I got a window saying "windows smartscreen can't be reached right now" when I try to run a .exe file

This is just an update so things don't feel so unorganized for me or the person helping me :)



#8 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 27 June 2017 - 01:15 AM

Here is the log from spybot, now that it decided to install without issues. This is from a system scan.

Also "whea uncorrectable error" is still an issue again. I got the BSOD this morning around 1:30.

 

[i]    17-06-27 00:49:46        
[i]    17-06-27 00:49:46    Product    Fraud.Foxit.daws
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsbB4B0.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nseEC8D.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsg652D.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsiD359.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsn3012.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsr6BE0.tmp\registry.dll
[+]    17-06-27 00:49:46    Moving into quarantine    C:\Users\that1\AppData\Local\Temp\nsv77DE.tmp\registry.dll
[+]    17-06-27 00:49:46    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsbB4B0.tmp\registry.dll
[+]    17-06-27 00:49:46    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nseEC8D.tmp\registry.dll
[+]    17-06-27 00:49:46    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsg652D.tmp\registry.dll
[+]    17-06-27 00:49:46    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsiD359.tmp\registry.dll
[+]    17-06-27 00:49:46    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsn3012.tmp\registry.dll
[+]    17-06-27 00:49:47    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsr6BE0.tmp\registry.dll
[+]    17-06-27 00:49:47    Successfully cleaned    C:\Users\that1\AppData\Local\Temp\nsv77DE.tmp\registry.dll
[i]    17-06-27 00:49:47        
[i]    17-06-27 00:49:47    Product    Statcounter
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).statcounter.com/ (__cfduid)
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).statcounter.com/ (is_unique)
[+]    17-06-27 00:49:47    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).statcounter.com/ (__cfduid)
[+]    17-06-27 00:49:47    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).statcounter.com/ (is_unique)
[i]    17-06-27 00:49:47        
[i]    17-06-27 00:49:47    Product    DoubleClick
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (id)
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).survey.g.doubleclick.net/ (PAIDCONTENT)
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (IDE)
[+]    17-06-27 00:49:47    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (DSID)
[+]    17-06-27 00:49:47    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (id)
[+]    17-06-27 00:49:47    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).survey.g.doubleclick.net/ (PAIDCONTENT)
[+]    17-06-27 00:49:48    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (IDE)
[+]    17-06-27 00:49:48    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).doubleclick.net/ (DSID)
[i]    17-06-27 00:49:48        
[i]    17-06-27 00:49:48    Product    LinkSynergy
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).linksynergy.com/ (rmuid)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).dsp.linksynergy.com/ (__df_v5)
[+]    17-06-27 00:49:48    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).linksynergy.com/ (rmuid)
[+]    17-06-27 00:49:48    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).dsp.linksynergy.com/ (__df_v5)
[i]    17-06-27 00:49:48        
[i]    17-06-27 00:49:48    Product    Zedo
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFgb)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (ZEDOIDA)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFIDA)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFgip)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (zusr)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFcat)
[+]    17-06-27 00:49:48    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFad)
[+]    17-06-27 00:49:48    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFgb)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (ZEDOIDA)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFIDA)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFgip)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (zusr)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFcat)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).zedo.com/ (FFad)
[i]    17-06-27 00:49:49        
[i]    17-06-27 00:49:49    Product    CasaleMedia
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMDD)
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMRUM3)
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMST)
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMID)
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMPS)
[+]    17-06-27 00:49:49    Moving into quarantine    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMPRO)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMDD)
[+]    17-06-27 00:49:49    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMRUM3)
[+]    17-06-27 00:49:50    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMST)
[+]    17-06-27 00:49:50    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMID)
[+]    17-06-27 00:49:50    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMPS)
[+]    17-06-27 00:49:50    Successfully cleaned    Cookie (Firefox: defaultuser0 (default)).casalemedia.com/ (CMPRO)
[i]    17-06-27 00:49:50        
[i]    17-06-27 00:49:50    Product    Internet Explorer
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-500\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-500\Software\Microsoft\Internet Explorer\TypedURLs
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]    17-06-27 00:49:50    Successfully cleaned    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i]    17-06-27 00:49:50        
[i]    17-06-27 00:49:50    Product    MS Management Console
[+]    17-06-27 00:49:50    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[i]    17-06-27 00:49:51        
[i]    17-06-27 00:49:51    Product    MS Media Player
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i]    17-06-27 00:49:51        
[i]    17-06-27 00:49:51    Product    MS DirectDraw
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i]    17-06-27 00:49:51        
[i]    17-06-27 00:49:51    Product    MS DirectInput
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
[i]    17-06-27 00:49:51        
[i]    17-06-27 00:49:51    Product    MS Paint
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[+]    17-06-27 00:49:51    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i]    17-06-27 00:49:51        
[i]    17-06-27 00:49:51    Product    MS Wordpad
[+]    17-06-27 00:49:51    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i]    17-06-27 00:49:52        
[i]    17-06-27 00:49:52    Product    Windows.OpenWith
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[i]    17-06-27 00:49:52        
[i]    17-06-27 00:49:52    Product    Windows Explorer
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i]    17-06-27 00:49:52        
[i]    17-06-27 00:49:52    Product    WinRAR
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\ArcHistory
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\General\LastFolder
[+]    17-06-27 00:49:52    Moving into quarantine    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\DialogEditHistory\ExtrPath
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\ArcHistory
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\General\LastFolder
[+]    17-06-27 00:49:52    Successfully cleaned    HKEY_USERS\S-1-5-21-1443068222-4010678181-1465487224-1002\Software\WinRAR\DialogEditHistory\ExtrPath
[i]    17-06-27 00:49:52        
[i]    17-06-27 00:49:52    Product    Cookie
[+]    17-06-27 00:49:52    Moving into quarantine    Internet Explorer (User) (that1)Cookies
[+]    17-06-27 00:49:52    Moving into quarantine    Firefox (defaultuser0 (default))Cookies
[+]    17-06-27 00:49:53    Successfully cleaned    Internet Explorer (User) (that1)Cookies
[+]    17-06-27 00:49:53    Successfully cleaned    Firefox (defaultuser0 (default))Cookies
[i]    17-06-27 00:49:53        
[i]    17-06-27 00:49:53    Product    Cache
[+]    17-06-27 00:49:53    Moving into quarantine    Internet Explorer (User) (that1)Cache
[+]    17-06-27 00:49:53    Successfully cleaned    Internet Explorer (User) (that1)Cache
[i]    17-06-27 00:49:53        
[i]    17-06-27 00:49:53    Product    History
[+]    17-06-27 00:49:53    Moving into quarantine    Internet Explorer (User) (that1)History
[+]    17-06-27 00:49:53    Successfully cleaned    Internet Explorer (User) (that1)History
[i]    17-06-27 00:49:54        
[i]    17-06-27 00:49:54    Summary    
[i]    17-06-27 00:49:54    Errors while cleaning    0
[i]    17-06-27 00:49:54    Files moved into quarantine    67
[i]    17-06-27 00:49:54    Files successfully cleaned    67
 

 

I'm now running the rootkit scan and will update this post if it finds anything


Edited by thatoneguyyep101, 27 June 2017 - 02:00 AM.


#9 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 27 June 2017 - 04:12 AM

Here is the log from spybot after doing a deep scan for rootkits...

 

// info: Rootkit removal help file
// copyright: © 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\008BB29E5CCB52C41820CAC2B3C7C7E1:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\141695A05D79AF54291889FDFA845D97:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\that1\Desktop\New Files\msert.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\that1\Desktop\New Files\Setup Files\ccsetup527.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\that1\AppData\Roaming\Microsoft\IdentityCRL\production:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\ksu\DataRoot:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Kingo ROOT:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Application Virtualization Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\UndeleteMyFiles:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Zemana AntiMalware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Wise\Wise Data Recovery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NeoSmart Technologies\EasyBCD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14\OneNote:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe:AGC:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Java\jre1.8.0_111:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Java\jre1.8.0_131:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\File Recovery\undelete360:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Java\Java Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Core-Static:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD Quick Stream:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\ATI Technologies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\iTunes:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\MiniTool Partition Wizard 10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\PeerBlock:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Puran File Recovery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\SUPERAntiSpyware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune\en-US:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\LSoft Technologies\Active@ KillDisk 10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\CPUID\CPU-Z:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\ATI Technologies\ATI.ACE\Fuel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD Quick Stream\AMDQuickStream.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\ATI.ACE\Fuel:Win32App_1:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\BRADNLN_20170620-000002\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\BRADNLN_20170619-000001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0015376.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0016016.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0016272.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0017680.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0018192.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0018640.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0018960.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0019600.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0019728.phh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0019792.phh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0020048.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0020624.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0252816.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0259472.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0263376.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0263568.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0263760.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0263888.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264016.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264144.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264272.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264400.trmjuf"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264528.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264592.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264656.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264720.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264784.g"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0264912.g"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0265168.i"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0265360.i"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0265488.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0265552.ynm"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0265872.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266000.hjg"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266064.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266128.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266256.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266320.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266384.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266448.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266512.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266576.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266640.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266704.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266768.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266832.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0266896.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0270544.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0270608.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0270672.qoh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0270800.i"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0270992.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0274832.ynm"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0274960.uug"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0275216.ynm"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0275600.uug"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0302224.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0305488.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0323152.uyu"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0329232.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0330960.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0332560.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0334160.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0335760.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0337488.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0340176.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0342928.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0347344.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0376464.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0383056.ecg"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0383824.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0386960.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0393168.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0400144.kqh"
File:"No admin in ACL","C:\Old Windows Folder\Users\that1\AppData\Roaming\asoftech\DataRecovery\data\temp.1\f0403408.kqh"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Ssh\Sftp\","DevToolsUser"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Ssh\Sftp\","DevToolsUser"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:13 AM

Posted 27 June 2017 - 04:37 PM

I'd prefer you use this rootkit scan..

a6csRll.pngMalwarebytes Anti-Rootkit Beta

  • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;
    [/list

Edited by boopme, 27 June 2017 - 04:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 28 June 2017 - 05:32 AM

Thank you, here is the log from Malwarebytes Anti-Rootkit Beta

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.06.28.04
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.413.15063.0
that1 :: BRADNLN [administrator]

6/28/2017 4:43:36 AM
mbar-log-2017-06-28 (04-43-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 401019
Time elapsed: 40 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:13 AM

Posted 28 June 2017 - 09:28 AM

Looks good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 29 June 2017 - 01:36 AM

Okay, so then what's the deal with me not being able right click on the desktop to make a new folder?

Or the thing with no name when I open ccleaner?

Or the "whea uncorrectable error" that I'm now still getting?

All the other issues went away. Thank you for your continued help by the way!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users