Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill wont run... Cpx & svcvmx in startup: cant get rid of.. Shuts down all exes


  • This topic is locked This topic is locked
31 replies to this topic

#1 Instrumental_Palace

Instrumental_Palace

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 02 August 2017 - 05:21 PM

Good evening I hope everyone is doing great. Was looking for a little insight as to whats going on with my computer. 

 

Obviously, it has a virus, and I cannot execute any installations to get rid of these things it has also locked up my Windows defender, it has put a lock on rkill (even while renaming it). No malware bytes etc. etc. etc. 

 

I can run the computer (Im on it right now) but it lags and has other memory issues I would assume that are in direct correlation with the viruses. 

 

CCleaner doesnt even run :(

 

Hopefully someone can point me in the right direction

 

Regards,

 

IP


Edited by britechguy, 02 August 2017 - 06:27 PM.
Moved from Am I Infected to MRL at request of Aura.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 02 August 2017 - 06:21 PM

Hi Instrumental_Palace :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

Edited by Aura, 02 August 2017 - 06:22 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 11:49 AM

I have done all steps and unfortunately around 20-25 mins MBAR stops responding :/



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 11:57 AM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 12:17 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Omari (administrator) on LAPTOP-CFREU3UE (04-08-2017 13:12:45)
Running from C:\Users\Omari\Downloads
Loaded Profiles: Omari (Available Profiles: Omari & Dada)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\TieringEngineService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
() C:\Windows\System32\tprdpw64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Flux Software LLC) C:\Users\Omari\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PortableAppZ.blogspot.com) C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\PhotoshopCS6.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\App\PhotoshopCS6\Photoshop.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2017-02-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2016-04-18] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Users\Omari\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9914584 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\...\Run: [f.lux] => C:\Users\Omari\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3f208ec3-7d75-40a7-b589-744555dc9673}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b999b37c-889c-47f1-8fc6-5bb0a9d1566b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ec3f4308-bd9b-4d81-bdce-ce8cf0f1371d}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Omari\AppData\Roaming\Mozilla\Firefox\Profiles\dFNXSYpE.default [2016-12-25]
FF Extension: (Avira Browser Safety) - C:\Users\Omari\AppData\Roaming\Mozilla\Firefox\Profiles\dFNXSYpE.default\Extensions\abs@avira.com [2016-12-25]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Omari\AppData\Roaming\Mozilla\Firefox\Profiles\dFNXSYpE.default\Extensions\safesearchplus2@avira.com [2016-12-25]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Slides) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-24]
CHR Extension: (Google Docs) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-24]
CHR Extension: (Google Drive) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-24]
CHR Extension: (Native HLS Playback) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdekjhniododjcobllghembkdpdkea [2017-06-04]
CHR Extension: (YouTube) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-24]
CHR Extension: (vidIQ for Chrome) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppnjmdljhemhdachecffocboniemifa [2017-05-29]
CHR Extension: (Google Sheets) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-08-03]
CHR Extension: (Gmail) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\Omari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 Dataup; C:\Users\Omari\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-04-18] (ELAN Microelectronics Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-02-13] (Realtek Semiconductor)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-24] ()
S2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [54808 2016-04-06] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-17] (Microsoft Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
S2 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
S2 SpyHunter 4 Service; "C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe" [X]
S2 windowsmanagementservice; C:\Users\Omari\AppData\Local\vsvrhb\tdbzvot\ct.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27384 2016-04-06] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-06] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [73976 2016-04-06] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [277240 2016-04-06] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111120 2016-04-06] (Advanced Micro Devices)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [22704 2017-07-21] ()
R3 ETDSMBus; C:\windows\System32\drivers\ETDSMBus.sys [31832 2016-04-18] (ELAN Microelectronic Corp.)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-08-04] (Malwarebytes)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [936192 2016-03-04] (Realtek                                            )
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [413912 2016-04-18] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 rzendpt; C:\windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-07-21] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-04 13:12 - 2017-08-04 13:13 - 000016750 _____ C:\Users\Omari\Downloads\FRST.txt
2017-08-04 13:11 - 2017-08-04 13:12 - 000000000 ____D C:\FRST
2017-08-04 13:11 - 2017-08-04 13:11 - 002381312 _____ (Farbar) C:\Users\Omari\Downloads\FRST64.exe
2017-08-04 12:55 - 2017-08-04 12:55 - 000000000 ____D C:\Users\Omari\AppData\Roaming\Adobe
2017-08-04 12:55 - 2017-08-04 12:55 - 000000000 ____D C:\Users\Omari\AppData\Local\Adobe
2017-08-04 12:55 - 2017-08-04 12:55 - 000000000 ____D C:\ProgramData\Adobe
2017-08-04 11:24 - 2017-08-04 11:24 - 000000000 ____D C:\Users\Omari\Desktop\mbar
2017-08-04 09:18 - 2017-08-04 12:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-04 09:18 - 2017-08-04 11:24 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-04 09:18 - 2017-08-04 09:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-04 09:17 - 2017-08-04 09:17 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Omari\Desktop\mbar-1.09.4.1001.exe
2017-08-03 21:35 - 2017-08-03 21:36 - 004461318 _____ C:\Users\Omari\Downloads\edlysmtfpp_sample.pdf
2017-08-03 20:22 - 2017-08-03 20:22 - 008100432 _____ C:\Users\Omari\Desktop\flip-this-screen-template.psd
2017-08-03 20:22 - 2017-08-03 20:22 - 005309839 _____ C:\Users\Omari\Desktop\flip-this-thumbnail-template.psd
2017-08-03 20:21 - 2017-08-03 20:21 - 004356590 _____ C:\Users\Omari\Desktop\flip-this-cd-template.psd
2017-08-03 12:10 - 2017-08-03 12:10 - 000001037 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-08-03 12:10 - 2017-08-03 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-08-03 10:15 - 2017-08-04 10:01 - 000000424 _____ C:\Users\Omari\Desktop\feedback.txt
2017-08-02 17:46 - 2017-08-02 18:05 - 000000000 ____D C:\AdwCleaner
2017-07-30 01:11 - 2017-07-30 01:11 - 000000000 ____D C:\Users\Omari\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2017-07-30 01:11 - 2017-07-30 01:11 - 000000000 ____D C:\Users\Omari\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2017-07-30 01:11 - 2017-07-30 01:11 - 000000000 ____D C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2017-07-29 22:46 - 2017-07-30 00:50 - 000000000 ___HD C:\_acestream_cache_
2017-07-29 22:45 - 2017-07-31 12:18 - 000000000 ____D C:\Users\Omari\AppData\Roaming\.ACEStream
2017-07-29 22:44 - 2017-08-01 22:18 - 000000000 ____D C:\Users\Omari\AppData\Roaming\ACEStream
2017-07-29 22:44 - 2017-07-29 22:44 - 000000000 ____D C:\Users\Omari\AppData\LocalLow\.ACEStream
2017-07-28 11:48 - 2017-07-28 11:48 - 021873053 _____ C:\Users\Omari\Desktop\temp.psd
2017-07-26 11:26 - 2017-07-27 10:39 - 000000000 ____D C:\Users\Omari\AppData\Local\llssoft
2017-07-25 10:02 - 2017-08-03 04:22 - 000000000 ____D C:\windows\AppReadiness
2017-07-24 17:28 - 2017-07-24 17:28 - 000000000 ____D C:\Users\Omari\Documents\FabFilter
2017-07-24 17:28 - 2017-07-24 17:28 - 000000000 ____D C:\Users\Omari\AppData\Roaming\FabFilter
2017-07-24 15:35 - 2017-07-24 15:35 - 000000000 ____D C:\Program Files\FabFilter
2017-07-24 15:35 - 2017-07-24 15:35 - 000000000 ____D C:\Program Files\Common Files\VST3
2017-07-24 00:24 - 2017-07-24 00:24 - 000000000 ____D C:\Users\Dada\AppData\Local\Publishers
2017-07-24 00:23 - 2017-07-24 00:24 - 000000000 ____D C:\Users\Dada\AppData\Local\Packages
2017-07-24 00:23 - 2017-07-24 00:23 - 000000258 __RSH C:\Users\Dada\ntuser.pol
2017-07-24 00:23 - 2017-07-24 00:23 - 000000020 ___SH C:\Users\Dada\ntuser.ini
2017-07-24 00:23 - 2017-07-24 00:23 - 000000000 ____D C:\Users\Dada\AppData\Roaming\Adobe
2017-07-24 00:23 - 2017-07-24 00:23 - 000000000 ____D C:\Users\Dada\AppData\Local\VirtualStore
2017-07-24 00:23 - 2017-07-24 00:23 - 000000000 ____D C:\Users\Dada\AppData\Local\TileDataLayer
2017-07-24 00:23 - 2017-07-24 00:23 - 000000000 ____D C:\Users\Dada\AppData\Local\Google
2017-07-24 00:23 - 2017-07-24 00:23 - 000000000 ____D C:\Users\Dada
2017-07-24 00:23 - 2017-03-11 17:29 - 000000000 ____D C:\Users\Dada\AppData\Roaming\Macromedia
2017-07-24 00:23 - 2016-05-20 17:14 - 000000000 ___HD C:\Users\Dada\Documents\hp.system.package.metadata
2017-07-24 00:23 - 2016-05-20 17:14 - 000000000 ___HD C:\Users\Dada\Documents\hp.applications.package.appdata
2017-07-22 18:50 - 2017-07-22 19:45 - 000000214 _____ C:\windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-22 18:15 - 2017-07-22 18:15 - 000001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-07-22 18:15 - 2017-07-22 18:15 - 000000000 ____D C:\Users\Omari\AppData\Local\VS Revo Group
2017-07-22 18:15 - 2017-07-22 18:15 - 000000000 ____D C:\ProgramData\VS Revo Group
2017-07-22 18:15 - 2017-07-22 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-07-22 18:15 - 2017-07-22 18:15 - 000000000 ____D C:\Program Files\VS Revo Group
2017-07-22 18:15 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2017-07-21 16:32 - 2017-07-21 16:32 - 000003794 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-07-21 16:30 - 2017-07-21 16:30 - 000047733 _____ C:\ProgramData\agent.1500669044.bdinstall.bin
2017-07-21 16:23 - 2017-07-21 16:23 - 000012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2017-07-21 16:12 - 2017-07-21 16:12 - 000003442 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2017-07-21 16:11 - 2017-07-21 16:11 - 000022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2017-07-21 15:32 - 2017-07-21 23:28 - 000000250 _____ C:\windows\SysWOW64\PARTIZAN.TXT
2017-07-21 15:12 - 2017-07-21 16:32 - 000000000 ____D C:\ProgramData\RegRun
2017-07-21 15:11 - 2017-07-22 17:38 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-07-21 15:11 - 2017-07-22 13:42 - 000000000 ____D C:\Users\Omari\Documents\RegRun2
2017-07-21 15:11 - 2017-07-21 15:11 - 000000002 RSHOT C:\windows\winstart.bat
2017-07-21 15:11 - 2017-07-21 15:11 - 000000002 RSHOT C:\windows\SysWOW64\CONFIG.NT
2017-07-21 15:11 - 2017-07-21 15:11 - 000000002 RSHOT C:\windows\SysWOW64\AUTOEXEC.NT
2017-07-21 14:45 - 2017-08-04 10:35 - 000000000 ____D C:\Program Files\rempl
2017-07-21 14:36 - 2017-07-21 14:36 - 000029163 _____ C:\ProgramData\agent.1500662175.bdinstall.bin
2017-07-21 14:18 - 2017-08-04 13:12 - 000581901 _____ C:\windows\ZAM_Guard.krnl.trace
2017-07-21 14:18 - 2017-07-21 17:05 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-21 14:18 - 2017-07-21 16:27 - 000090827 _____ C:\windows\ZAM.krnl.trace
2017-07-21 14:18 - 2017-07-21 14:18 - 000203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2017-07-21 13:46 - 2017-07-21 13:46 - 000031758 _____ C:\Users\Omari\Documents\cc_20170721_134627.reg
2017-07-21 13:24 - 2017-07-21 13:24 - 000048117 _____ C:\ProgramData\agent.1500657851.bdinstall.bin
2017-07-21 12:28 - 2017-07-21 12:28 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-07-21 12:08 - 2017-07-21 16:25 - 000000000 ____D C:\Users\Omari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-07-21 12:08 - 2017-07-21 12:08 - 000000000 ____D C:\Users\Omari\AppData\Roaming\discord
2017-07-20 22:45 - 2017-07-27 10:47 - 000000000 ____D C:\Users\Omari\AppData\Local\ntuserlitelist
2017-07-20 22:45 - 2017-07-20 22:45 - 000000000 ____D C:\Users\Omari\AppData\Local\zenfo
2017-07-20 15:09 - 2017-07-20 15:09 - 000000874 _____ C:\Users\Omari\Documents\document 2.txt
2017-07-17 23:19 - 2017-07-25 22:55 - 000001159 _____ C:\Users\Omari\Desktop\do list.txt
2017-07-11 16:28 - 2017-07-07 05:16 - 000700880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2017-07-11 16:28 - 2017-07-07 05:09 - 002945648 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-07-11 16:28 - 2017-07-07 05:09 - 000703840 _____ (Microsoft Corporation) C:\windows\SysWOW64\WWAHost.exe
2017-07-11 16:28 - 2017-07-07 05:05 - 000465760 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2017-07-11 16:28 - 2017-07-07 04:57 - 000295776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-07-11 16:28 - 2017-07-07 03:33 - 000337920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-11 16:28 - 2017-07-07 03:27 - 000092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\IdCtrls.dll
2017-07-11 16:28 - 2017-07-07 03:21 - 000320000 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-11 16:28 - 2017-07-07 03:08 - 000788992 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-11 16:28 - 2017-07-07 03:07 - 000501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-11 16:28 - 2017-07-07 03:07 - 000400896 _____ (Microsoft Corporation) C:\windows\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-11 16:28 - 2017-07-07 03:03 - 001586176 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-07-11 16:28 - 2017-07-07 02:59 - 001309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-11 16:28 - 2017-07-07 02:36 - 001501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-11 16:28 - 2017-07-07 02:34 - 004412928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-11 16:28 - 2017-07-07 02:33 - 002878976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-11 16:28 - 2017-07-07 02:31 - 001557504 _____ (Microsoft Corporation) C:\windows\SysWOW64\OpcServices.dll
2017-07-11 16:28 - 2017-07-07 02:11 - 005326848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 16:28 - 2017-06-17 05:52 - 001862008 _____ C:\windows\SysWOW64\CoreUIComponents.dll
2017-07-11 16:28 - 2017-06-17 03:19 - 000089088 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2017-07-11 16:28 - 2017-06-17 03:11 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\odbcconf.dll
2017-07-11 16:28 - 2017-06-17 02:54 - 000496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVP9DEC.dll
2017-07-11 16:28 - 2017-06-17 02:54 - 000256512 _____ (Microsoft Corporation) C:\windows\SysWOW64\unimdm.tsp
2017-07-11 16:28 - 2017-06-17 02:53 - 000205312 _____ (Microsoft Corporation) C:\windows\SysWOW64\oemlicense.dll
2017-07-11 16:28 - 2017-06-17 02:44 - 000260096 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2017-07-11 16:28 - 2017-06-17 02:42 - 000190464 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2017-07-11 16:28 - 2017-06-17 02:39 - 000541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\GamePanel.exe
2017-07-11 16:28 - 2017-06-17 02:34 - 000250880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-07-11 16:28 - 2017-06-17 02:30 - 000153088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2017-07-11 16:28 - 2017-06-17 02:23 - 000805888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2017-07-11 16:28 - 2017-06-17 02:20 - 003695104 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-07-11 16:28 - 2017-06-17 02:20 - 000667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 16:28 - 2017-06-17 02:19 - 000207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\licensingdiag.exe
2017-07-11 16:28 - 2017-06-17 02:15 - 002597888 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-07-11 16:28 - 2017-06-17 02:05 - 004078080 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2017-07-11 16:28 - 2017-06-17 01:56 - 001984000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-07-11 16:28 - 2017-06-17 01:53 - 006296064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mos.dll
2017-07-11 16:28 - 2017-06-17 01:41 - 002770432 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-07-11 16:28 - 2017-06-17 01:35 - 004404736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2017-07-11 16:28 - 2017-06-17 01:30 - 002604032 _____ (Microsoft Corporation) C:\windows\SysWOW64\CertEnroll.dll
2017-07-11 16:28 - 2017-06-17 01:27 - 000339456 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-07-11 16:28 - 2017-06-17 01:16 - 003574272 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-07-11 16:28 - 2017-06-17 01:02 - 000461824 _____ (Microsoft Corporation) C:\windows\SysWOW64\CoreMessaging.dll
2017-07-11 16:28 - 2017-03-18 12:41 - 001799680 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Logon.dll
2017-07-11 16:27 - 2017-07-07 07:07 - 000100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2017-07-11 16:27 - 2017-07-07 06:51 - 000465248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-11 16:27 - 2017-07-07 06:11 - 000858992 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2017-07-11 16:27 - 2017-07-07 06:04 - 000808280 _____ (Microsoft Corporation) C:\windows\system32\WWAHost.exe
2017-07-11 16:27 - 2017-07-07 06:00 - 022560744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-07-11 16:27 - 2017-07-07 05:08 - 000057912 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-07-11 16:27 - 2017-07-07 04:28 - 000376320 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-11 16:27 - 2017-07-07 03:49 - 000381952 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2017-07-11 16:27 - 2017-07-07 03:48 - 000286208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-07-11 16:27 - 2017-07-07 03:17 - 002279936 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-07-11 16:27 - 2017-07-07 02:47 - 000957952 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2017-07-11 16:27 - 2017-07-07 02:15 - 018675200 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2017-07-11 16:27 - 2017-06-17 05:09 - 006536256 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2017-07-11 16:27 - 2017-06-17 04:04 - 000388896 _____ (Microsoft Corporation) C:\windows\system32\wmpps.dll
2017-07-11 16:27 - 2017-06-17 03:58 - 000084480 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2017-07-11 16:27 - 2017-06-17 03:51 - 000824320 _____ (Microsoft Corporation) C:\windows\system32\WpcWebFilter.dll
2017-07-11 16:27 - 2017-06-17 03:12 - 000572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WpcWebFilter.dll
2017-07-11 16:27 - 2017-06-17 03:07 - 000330240 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-07-11 16:27 - 2017-06-17 02:48 - 000865792 _____ (Microsoft Corporation) C:\windows\system32\AzureSettingSyncProvider.dll
2017-07-11 16:27 - 2017-06-17 02:29 - 005123072 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2017-07-11 16:27 - 2017-06-17 02:12 - 007977984 _____ (Microsoft Corporation) C:\windows\system32\mos.dll
2017-07-11 16:27 - 2017-06-17 01:42 - 002911744 _____ (Microsoft Corporation) C:\windows\system32\CertEnroll.dll
2017-07-11 16:26 - 2017-07-07 07:06 - 007463264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-07-11 16:26 - 2017-07-07 07:04 - 002149216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-11 16:26 - 2017-07-07 07:04 - 000384864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2017-07-11 16:26 - 2017-07-07 06:03 - 003699280 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-07-11 16:26 - 2017-07-07 05:52 - 000360288 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-07-11 16:26 - 2017-07-07 05:21 - 000216416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-07-11 16:26 - 2017-07-07 05:08 - 001090400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-11 16:26 - 2017-07-07 04:15 - 000764928 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2017-07-11 16:26 - 2017-07-07 04:13 - 000352256 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-11 16:26 - 2017-07-07 03:58 - 000967168 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-11 16:26 - 2017-07-07 03:57 - 000784384 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-11 16:26 - 2017-07-07 03:56 - 000601088 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-11 16:26 - 2017-07-07 03:51 - 001900544 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-07-11 16:26 - 2017-07-07 03:50 - 001752576 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-11 16:26 - 2017-07-07 03:45 - 001424384 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-11 16:26 - 2017-07-07 03:17 - 001729024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-11 16:26 - 2017-07-07 03:13 - 003404800 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-11 16:26 - 2017-07-07 03:10 - 002055680 _____ (Microsoft Corporation) C:\windows\system32\OpcServices.dll
2017-07-11 16:26 - 2017-07-07 03:07 - 000687616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-11 16:26 - 2017-07-07 03:02 - 001526272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-11 16:26 - 2017-07-07 02:44 - 016985600 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2017-07-11 16:26 - 2017-07-07 02:41 - 004891136 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-11 16:26 - 2017-07-07 02:37 - 022376960 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2017-07-11 16:26 - 2017-07-07 02:27 - 024604672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-11 16:26 - 2017-07-07 02:27 - 013394432 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-11 16:26 - 2017-07-07 02:15 - 003661312 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-11 16:26 - 2017-07-07 02:13 - 019345408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-11 16:26 - 2017-07-07 02:13 - 012139008 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-11 16:26 - 2017-07-07 02:13 - 007848448 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2017-07-11 16:26 - 2017-07-07 01:58 - 005666816 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2017-07-11 16:26 - 2017-06-17 06:13 - 002656952 _____ C:\windows\system32\CoreUIComponents.dll
2017-07-11 16:26 - 2017-06-17 05:52 - 003449168 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2017-07-11 16:26 - 2017-06-17 03:50 - 000031232 _____ (Microsoft Corporation) C:\windows\system32\odbcconf.dll
2017-07-11 16:26 - 2017-06-17 03:32 - 000523264 _____ (Microsoft Corporation) C:\windows\system32\MSVP9DEC.dll
2017-07-11 16:26 - 2017-06-17 03:31 - 000297472 _____ (Microsoft Corporation) C:\windows\system32\unimdm.tsp
2017-07-11 16:26 - 2017-06-17 03:20 - 000200192 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2017-07-11 16:26 - 2017-06-17 03:13 - 000715776 _____ (Microsoft Corporation) C:\windows\system32\GamePanel.exe
2017-07-11 16:26 - 2017-06-17 03:02 - 000183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2017-07-11 16:26 - 2017-06-17 03:01 - 002125312 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_Bluetooth.dll
2017-07-11 16:26 - 2017-06-17 02:55 - 000853504 _____ (Microsoft Corporation) C:\windows\system32\aadtb.dll
2017-07-11 16:26 - 2017-06-17 02:52 - 000961536 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2017-07-11 16:26 - 2017-06-17 01:34 - 006312448 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2017-07-11 16:26 - 2017-06-11 11:10 - 000448629 _____ C:\windows\system32\ApnDatabase.xml
2017-07-11 16:25 - 2017-07-07 06:00 - 000566112 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2017-07-11 16:25 - 2017-07-07 05:58 - 001540224 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2017-07-11 16:25 - 2017-07-07 05:58 - 000692136 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2017-07-11 16:25 - 2017-07-07 04:37 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\omadmclient.exe
2017-07-11 16:25 - 2017-07-07 04:22 - 000110080 _____ (Microsoft Corporation) C:\windows\system32\IdCtrls.dll
2017-07-11 16:25 - 2017-07-07 04:19 - 000198144 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-07-11 16:25 - 2017-07-07 03:57 - 000515072 _____ (Microsoft Corporation) C:\windows\system32\OneDriveSettingSyncProvider.dll
2017-07-11 16:25 - 2017-07-07 03:54 - 001385472 _____ (Microsoft Corporation) C:\windows\system32\win32kbase.sys
2017-07-11 16:25 - 2017-07-07 03:29 - 003587584 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2017-07-11 16:25 - 2017-07-07 03:12 - 004827136 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-11 16:25 - 2017-07-07 02:27 - 006977024 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-07-11 16:25 - 2017-06-17 06:16 - 001030408 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-07-11 16:25 - 2017-06-17 06:11 - 000754664 _____ (Microsoft Corporation) C:\windows\system32\CoreMessaging.dll
2017-07-11 16:25 - 2017-06-17 05:07 - 001128104 _____ (Microsoft Corporation) C:\windows\system32\ClipUp.exe
2017-07-11 16:25 - 2017-06-17 05:07 - 000625000 _____ (Microsoft Corporation) C:\windows\system32\ClipSVC.dll
2017-07-11 16:25 - 2017-06-17 03:50 - 000061952 _____ (Microsoft Corporation) C:\windows\system32\vss_ps.dll
2017-07-11 16:25 - 2017-06-17 03:41 - 000584704 _____ (Microsoft Corporation) C:\windows\system32\UIRibbonRes.dll
2017-07-11 16:25 - 2017-06-17 03:30 - 000285184 _____ (Microsoft Corporation) C:\windows\system32\oemlicense.dll
2017-07-11 16:25 - 2017-06-17 03:19 - 000381952 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2017-07-11 16:25 - 2017-06-17 03:17 - 000287744 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2017-07-11 16:25 - 2017-06-17 03:03 - 000584704 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIRibbonRes.dll
2017-07-11 16:25 - 2017-06-17 02:49 - 004456448 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-07-11 16:25 - 2017-06-17 02:47 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\licensingdiag.exe
2017-07-11 16:25 - 2017-06-17 02:11 - 002635776 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2017-07-11 16:25 - 2017-06-17 01:40 - 000459776 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-07-11 16:25 - 2017-06-17 01:11 - 001087488 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2017-07-06 23:03 - 2017-07-06 23:03 - 000000000 ____D C:\Users\Omari\AppData\Local\UNP
2017-07-06 22:37 - 2017-07-06 22:38 - 000000000 ____D C:\Program Files\UNP
2017-07-06 22:37 - 2017-07-06 22:37 - 000000000 ____D C:\windows\system32\UNP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-04 09:17 - 2017-01-08 11:11 - 000004166 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CBBC4F48-DD07-4A60-B4CF-841349DEC3A5}
2017-08-03 17:54 - 2016-12-29 14:32 - 000064625 _____ C:\Users\Omari\Documents\starburn.txt
2017-08-03 12:19 - 2016-12-24 12:31 - 000000000 ____D C:\Users\Omari\AppData\Roaming\.minecraft
2017-08-03 12:10 - 2016-12-24 13:34 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-08-02 22:46 - 2017-07-03 18:50 - 000000000 ____D C:\Users\Omari\AppData\Roaming\Mp3tag
2017-08-02 20:35 - 2017-04-05 19:32 - 000000000 ____D C:\Users\Omari\AppData\Local\CrashDumps
2017-08-02 18:13 - 2015-11-03 02:05 - 000972168 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-02 18:13 - 2015-10-30 03:21 - 000000000 ____D C:\windows\INF
2017-08-02 18:06 - 2016-10-12 16:57 - 001779157 _____ C:\windows\SysWOW64\rootpa.e2e
2017-08-02 18:06 - 2016-10-12 15:04 - 000065536 _____ C:\windows\system32\spu_storage.bin
2017-08-02 18:06 - 2015-11-02 14:02 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-02 18:06 - 2015-10-30 02:28 - 000524288 ___SH C:\windows\system32\config\BBI
2017-08-01 23:01 - 2016-12-24 12:11 - 000000000 ____D C:\Users\Omari
2017-08-01 20:34 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-29 17:45 - 2015-11-02 14:01 - 005140448 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-28 15:05 - 2017-01-02 18:34 - 000000132 _____ C:\Users\Omari\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-07-28 13:23 - 2017-01-01 21:00 - 000003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForOmari
2017-07-28 13:23 - 2017-01-01 21:00 - 000000364 _____ C:\windows\Tasks\HPCeeScheduleForOmari.job
2017-07-24 12:29 - 2016-12-24 14:04 - 000000000 ____D C:\ProgramData\Oracle
2017-07-24 12:28 - 2017-06-28 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 12:28 - 2017-06-28 20:28 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-24 12:27 - 2017-06-28 20:29 - 000097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-24 00:23 - 2015-11-02 14:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-22 19:10 - 2016-12-24 12:14 - 000000000 ____D C:\Users\Omari\AppData\Roaming\Hewlett-Packard
2017-07-22 19:10 - 2016-05-20 17:14 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-07-22 18:26 - 2016-05-20 17:12 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-07-21 23:11 - 2016-10-12 16:58 - 000004252 _____ C:\windows\System32\Tasks\avast! SL Update
2017-07-21 16:30 - 2016-12-24 12:22 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-21 13:43 - 2017-03-30 21:23 - 000000000 ____D C:\Users\Omari\AppData\Roaming\FileZilla
2017-07-12 16:33 - 2015-10-30 03:24 - 000000000 ____D C:\windows\rescache
2017-07-11 22:34 - 2015-10-30 03:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2017-07-11 22:34 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-11 22:34 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-07-11 22:34 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-11 22:34 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-11 16:40 - 2015-10-30 03:11 - 000000000 ____D C:\windows\CbsTemp
2017-07-11 16:34 - 2016-12-25 13:57 - 000000000 ____D C:\windows\system32\MRT
2017-07-11 16:31 - 2016-12-25 13:57 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-08 11:37 - 2017-06-22 21:02 - 000000000 ____D C:\Users\Omari\AppData\Roaming\obs-studio
2017-07-05 09:48 - 2016-12-29 14:31 - 000000000 ____D C:\Users\Omari\Documents\Wondershare Filmora
 
==================== Files in the root of some directories =======
 
2017-01-02 18:34 - 2017-07-28 15:05 - 000000132 _____ () C:\Users\Omari\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-07-21 13:24 - 2017-07-21 13:24 - 000048117 _____ () C:\ProgramData\agent.1500657851.bdinstall.bin
2017-07-21 14:36 - 2017-07-21 14:36 - 000029163 _____ () C:\ProgramData\agent.1500662175.bdinstall.bin
2017-07-21 16:30 - 2017-07-21 16:30 - 000047733 _____ () C:\ProgramData\agent.1500669044.bdinstall.bin
 
Some files in TEMP:
====================
2014-03-02 16:39 - 2014-07-17 14:23 - 000384143 _____ () C:\Users\Omari\AppData\Local\Temp\Quarantine.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-11-02 14:01
 
==================== End of FRST.txt ============================

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Omari (04-08-2017 13:14:32)
Running from C:\Users\Omari\Downloads
Windows 10 Home Version 1511 (X64) (2016-12-24 16:04:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2057437698-384231978-3115143002-500 - Administrator - Disabled)
Dada (S-1-5-21-2057437698-384231978-3115143002-1002 - Administrator - Enabled) => C:\Users\Dada
DefaultAccount (S-1-5-21-2057437698-384231978-3115143002-503 - Limited - Disabled)
Guest (S-1-5-21-2057437698-384231978-3115143002-501 - Limited - Disabled)
Omari (S-1-5-21-2057437698-384231978-3115143002-1001 - Administrator - Enabled) => C:\Users\Omari
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ELAN Touchpad 15.2.8.4_X64_WHQL (HKLM\...\Elantech) (Version: 15.2.8.4 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
f.lux (HKU\S-1-5-21-2057437698-384231978-3115143002-1001\...\Flux) (Version:  - )
FabFilter Pro-Q 2.11 (64-bit) (HKLM-x32\...\FabFilter Pro-Q 2.11 (64-bit)) (Version:  - )
FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7922 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04F5AE16-AF01-48C4-89F0-F9F449B36CE5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {06A28E0F-89E0-4BAB-BF91-18BF58AC3B84} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {1DDF1E8B-D0B0-4295-972D-D72574E1D9E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-24] (Google Inc.)
Task: {28F55BCB-43B6-450F-984E-299C710E1743} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-12-24] (AVAST Software)
Task: {2B1291EC-F23D-4D71-8104-F33FC0F087C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {32FF757C-17DC-4CF9-8295-3E921C250C67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3B634F54-C5BA-4FAF-A1CB-6567641EA965} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {4C858FAF-D65E-4A2B-B2AF-CE530FBE480F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {53DD09E7-11F8-44F9-AECC-D51AC5E96AC2} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {58828141-8F76-4731-AD41-3A95F55E1F63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {8A2C5D9B-12AC-45BC-826F-AE454FAEEACB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {8BBC0271-E305-4B41-9E2D-B6621263AF58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A74D78D6-E36C-4E49-8019-84C05957400A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-24] (Google Inc.)
Task: {B2571E0C-7626-44C1-91AA-1283C9522279} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-12-24] (AVAST Software)
Task: {E1F48708-6FEF-4646-9986-436A9FC40908} - System32\Tasks\HPCeeScheduleForOmari => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E5A75553-2126-4D85-82F4-E35F0F60F963} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {F8D2C89B-E8F2-4086-A592-6CDBAFD94B10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {FE1BD2A7-68F2-488C-9AC4-8928D672F1EC} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\windows\explorer.exe
Task: C:\windows\Tasks\HPCeeScheduleForOmari.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-15 22:08 - 2017-03-04 01:31 - 000185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2017-07-11 16:26 - 2017-06-17 06:13 - 002656952 _____ () c:\windows\system32\CoreUIComponents.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-09-24 18:20 - 2016-09-24 18:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-05-09 03:22 - 2016-05-09 03:22 - 000052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2016-05-20 14:46 - 2016-05-20 14:46 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-12-24 15:25 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-04-12 10:41 - 2017-03-28 03:19 - 000674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 000884224 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2016-12-24 13:17 - 2016-12-24 13:18 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-03-15 22:08 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 22:08 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-30 21:30 - 2017-04-27 19:46 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-11 16:26 - 2017-06-17 01:15 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-15 22:08 - 2017-03-03 23:15 - 000936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2014-03-19 04:21 - 2014-03-19 04:21 - 019000952 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp_x64.dll
2013-03-13 04:46 - 2013-03-13 04:46 - 000806520 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache_x64.dll
2012-09-25 04:20 - 2012-09-25 04:20 - 000607352 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype_x64.dll
2017-07-21 14:47 - 2017-07-21 14:48 - 024054272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-07-21 14:47 - 2017-07-21 14:48 - 009161728 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-07-13 10:41 - 2017-07-13 10:41 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-12-24 15:19 - 2016-09-07 01:35 - 002100576 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 001080832 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-06-26 21:44 - 2017-06-22 23:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 21:44 - 2017-06-22 23:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-04 11:13 - 2017-05-04 11:13 - 000235520 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-05-09 03:22 - 2016-05-09 03:22 - 000048816 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-12-24 13:17 - 2016-12-24 13:18 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-12-24 13:17 - 2016-12-24 13:18 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 053460992 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2017-08-04 12:55 - 2017-08-04 12:55 - 000016384 _____ () C:\Users\Omari\AppData\Local\Temp\nswC4BE.tmp\Registry.dll
2017-08-04 12:55 - 2017-08-04 12:55 - 000008704 _____ () C:\Users\Omari\AppData\Local\Temp\nswC4BE.tmp\newadvsplash.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Omari\Desktop\Untitled-2.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "HPRadioMgr"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "YourClassifiedsNow"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0DFA7C9CCCEB48F207D6B029A54D9392"
HKU\S-1-5-21-2057437698-384231978-3115143002-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{756ECA8E-C963-4CA6-967C-F2460C2360CC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DE8157C0-2933-4EE1-ADAF-7900F1D5C580}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8634A996-13D3-4810-AF06-2CF37E25AC61}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{E8AF1643-F6FF-4F63-A925-1968CAE14599}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8CC17F0A-62ED-4675-B20B-6B0518906022}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
FirewallRules: [{E1066DE1-3DB3-4D1A-9B50-9B42D2E52381}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{E5A39985-49F0-47BB-A3B5-189E27AA17F9}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
FirewallRules: [{11309896-A4C7-42DB-8298-183C80801671}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [TCP Query User{3630ACD1-2165-4F49-8DC9-34591CCA9A10}C:\users\omari\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\omari\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{7FC9A13D-14C8-49EB-BA94-B60F3D78B4E8}C:\users\omari\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\omari\appdata\roaming\acestream\engine\ace_engine.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: AudioBox USB
Description: AudioBox USB
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2017 12:47:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: f20
 
Start Time: 01d30d35bd408aa5
 
Termination Time: 5
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: a62a8e88-7934-11e7-b952-98e7f4f6631b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/04/2017 11:22:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2204
 
Start Time: 01d30d300112af64
 
Termination Time: 17
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: c3efa5ef-7928-11e7-b952-98e7f4f6631b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/04/2017 10:38:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 19e8
 
Start Time: 01d30d2a108efac7
 
Termination Time: 23
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: 9e7e18c7-7922-11e7-b952-98e7f4f6631b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/04/2017 10:35:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/04/2017 10:00:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 21e8
 
Start Time: 01d30d241cb5aa2e
 
Termination Time: 18
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: 36b080af-791d-11e7-b952-98e7f4f6631b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/03/2017 12:09:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/02/2017 08:35:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FL.exe, version: 1.1.3.0, time stamp: 0x5208b287
Faulting module name: combase.dll, version: 10.0.10586.916, time stamp: 0x59028b2e
Exception code: 0xc0000602
Fault offset: 0x00080e5a
Faulting process id: 0x1530
Faulting application start time: 0x01d30befe82a786c
Faulting application path: C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
Faulting module path: C:\windows\SYSTEM32\combase.dll
Report Id: 8bae0317-c82c-48a6-8473-497e809e666c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/02/2017 08:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x960
Faulting application start time: 0x01d30befe3f55adb
Faulting application path: C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Omari\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 57376940-f657-429f-a17c-e5209b6c9766
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/02/2017 06:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0, time stamp: 0x56b4dcb7
Faulting module name: KERNELBASE.dll, version: 10.0.10586.916, time stamp: 0x59029fc3
Exception code: 0xe0434352
Fault offset: 0x000bdbe8
Faulting process id: 0x518
Faulting application start time: 0x01d30bdb9d434f41
Faulting application path: C:\windows\SysWOW64\tbaseprovisioning.exe
Faulting module path: C:\windows\SYSTEM32\KERNELBASE.dll
Report Id: f8e0d00f-a1fe-4475-9189-865be4ed6c7d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/02/2017 06:06:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: tbaseprovisioning.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress)
   at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
   at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
   at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1<System.ServiceModel.Configuration.BehaviorExtensionElement>, System.Collections.Generic.KeyedByTypeCollection`1<System.__Canon>, Boolean)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1<System.Uri>, Boolean)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHost.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[])
   at RootPaApp.RootPaWindowsService.startThread()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
 
System errors:
=============
Error: (08/04/2017 01:09:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.249.682.0).
 
Error: (08/04/2017 01:09:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (08/04/2017 11:48:49 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/04/2017 10:42:57 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.
 
Error: (08/04/2017 10:35:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.249.682.0).
 
Error: (08/04/2017 10:35:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (08/04/2017 10:35:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (08/04/2017 10:35:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (08/04/2017 10:35:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (08/04/2017 10:35:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-13 10:40:32.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 09:15:09.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-10 18:09:18.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Minecraft\MinecraftLauncher.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2017-06-16 18:13:52.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-06-16 03:21:45.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-06-15 17:18:20.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-06-01 07:37:00.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-05-11 07:21:15.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-16 19:47:48.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-14 17:55:54.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics 
Percentage of memory in use: 71%
Total physical RAM: 3546.01 MB
Available physical RAM: 997.8 MB
Total Virtual: 5402.01 MB
Available Virtual: 1699.91 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:27.89 GB) (Free:1.95 GB) NTFS
Drive d: (OS) (Fixed) (Total:111.44 GB) (Free:8.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (DATA) (Fixed) (Total:111.44 GB) (Free:110.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 9842C6AA)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 12:23 PM

Alright. Run MBAR again, but this time, leave only the Drivers checkbox checked. Uncheck Sector and System.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 12:26 PM

Ok. Scanning now. 



#8 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 12:27 PM

Malware detected. Cleanup I assume? 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 12:39 PM

Yes. Once done, provide me the "mbar-log-TODAY'S-DATE.txt" that will be in the MBAR folder.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 12:41 PM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.08.04.10
  rootkit: v2017.08.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1007.10586.0
Omari :: LAPTOP-CFREU3UE [administrator]
 
8/4/2017 1:25:03 PM
mbar-log-2017-08-04 (13-25-03).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 36
Time elapsed: 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 12:42 PM

Now, are you able to install and run a scan with Malwarebytes, or do you still get the "Requested resource is in use" message?

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 12:46 PM

I am able to run Malwarebytes.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 12:46 PM

Awesome :) Please run a scan like instructed and provide me the log afterwards.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Instrumental_Palace

Instrumental_Palace
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 04 August 2017 - 02:25 PM

It is going through quarantine stage right now and has been for a while now! 3500 out of 19500 quarantined



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 04 August 2017 - 02:27 PM

Yes. There's 19,500 files to quarantine, so it can take Malwarebytes a while to process them all.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users