Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

contracted softonic.com, please help remove


  • This topic is locked This topic is locked
14 replies to this topic

#1 gib65

gib65

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 13 November 2017 - 10:47 AM

Hello,
 
I recently seem to have contracted en.softonic.com (that's the best name I can give it). It's a popup that comes up in the lower right of my computer screen with random adverts:
 
en.softonic.com.png
 
I can't find it in the list of installed programs in the control panel (though it might be under a name I don't recognize), so I'm not sure how to remove it. I did a quick virus scan but it found nothing. I'll be doing a more intensive virus scan after I post this, but if anyone knows this program and knows how to remove it, I would very much appreciate your feedback anyway.
 
Thanks very much for your help.

Sorry, forgot to mention: I'm running Windows 10 home.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 14 November 2017 - 07:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 20 November 2017 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:43 PM

Posted 29 November 2017 - 12:46 PM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 29 November 2017 - 01:28 PM

gib65 i'm listening.

Please post the logs for my review.

#6 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 29 November 2017 - 02:46 PM

I will post the logs below, but I encountered a problem when trying to run Farbar. I'm running Windows 10 Home which comes with Windows Defender. WD did not allow me to run it. I was not able to turn off WD despite the many Google hits that explained how. I did run MBAM and AdwCleaner, but the softonic.com popup still comes up in Chrome.

 

I'm guessing if I run these programs (MBAM, AdwCleaner, Farbar) in Safe Mode, WD will not interfere. Would you recommend that?

 

Here are the logs. First, MBAM:

 

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 11/27/17
Scan Time: 7:17 PM
Log File: 3e0ac458-d3e2-11e7-9b53-f0761c7b7a61.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3361
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: DESKTOP-TTVDCSL\junkm
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 516138
Threats Detected: 22
Threats Quarantined: 22
Time Elapsed: 32 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 8
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Delete-on-Reboot, [529], [260991],1.0.3361
PUP.Optional.SearchManager, HKU\S-1-5-21-2739249774-338417867-2325837049-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Delete-on-Reboot, [529], [260991],1.0.3361
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [529], [260991],1.0.3361
PUP.Optional.WinYahoo, HKU\S-1-5-21-2739249774-338417867-2325837049-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [63], [182758],1.0.3361
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [63], [182758],1.0.3361
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [63], [182758],1.0.3361
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Delete-on-Reboot, [529], [440037],1.0.3361
PUP.Optional.SearchManager, HKU\S-1-5-21-2739249774-338417867-2325837049-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Delete-on-Reboot, [529], [440037],1.0.3361
 
Registry Value: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [63], [182758],1.0.3361
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [63], [182758],1.0.3361
 
Registry Data: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [63], [293461],1.0.3361
PUP.Optional.WinYahoo, HKU\S-1-5-21-2739249774-338417867-2325837049-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [63], [293459],1.0.3361
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [63], [293461],1.0.3361
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 9
PUP.Optional.SearchManager, C:\USERS\JUNKM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [529], [260991],1.0.3361
PUP.Optional.SearchManager, C:\USERS\JUNKM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [529], [440037],1.0.3361
PUP.Optional.WinYahoo, C:\USERS\JUNKM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZYW3Y5TU.DEFAULT\PREFS.JS, Replaced, [63], [303324],1.0.3361
PUP.Optional.383Media, C:\$RECYCLE.BIN\S-1-5-21-2739249774-338417867-2325837049-1001\$RJUPBXF.EXE, Delete-on-Reboot, [7321], [120647],1.0.3361
PUP.Optional.DriverAgent, C:\$RECYCLE.BIN\S-1-5-21-2739249774-338417867-2325837049-1001\$R7H3009.DLL, Delete-on-Reboot, [2297], [345593],1.0.3361
PUP.Optional.InstallCore, C:\USERS\JUNKM\APPDATA\LOCAL\TEMP\DMGR1.25\DMGR1.25_0N1F1C1T1B1B1L1P1.25.EXE, Delete-on-Reboot, [2], [450623],1.0.3361
PUP.Optional.ByteFence, C:\USERS\JUNKM\APPDATA\LOCAL\TEMP\TMPSEC2649358\BYTEFENCE-INSTALLER_3.14.0.EXE, Delete-on-Reboot, [635], [389016],1.0.3361
PUP.Optional.383Media, C:\USERS\JUNKM\APPDATA\LOCAL\TEMP\DRHELPER_INSTALLSTART.EXE, Delete-on-Reboot, [7321], [120647],1.0.3361
PUP.Optional.383Media, C:\USERS\JUNKM\APPDATA\LOCAL\TEMP\DRHELPER_INSTALLFINISH.EXE, Delete-on-Reboot, [7321], [120647],1.0.3361
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

Now AdwCleaner (Scan):

 

 

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 28 03:04:14 2017

# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-27-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.ByteFence, [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store | C:\Program Files\ByteFence\Uninstall.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

Finally, AdwCleaner (Clean):

 

 

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 28 03:04:56 2017

# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\ByteFence\Uninstall.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/11/28 3:4:14]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 30 November 2017 - 07:28 AM

Hi,

Some virus protection program object to run non signed software and the file is quarantined.

Navigate to this page. You will probably be able to enable the program.

http://www.thewindowsclub.com/manage-quarantined-exclusions-windows-defender-security-center

Run it as suggested.

#8 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 30 November 2017 - 11:22 PM

Thank you nasdaq,

 

I will run through your full set of instructions again, and I will use the guide you linked me to if WD gives me any trouble again.



#9 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 03 December 2017 - 10:55 PM

Ok, I was able to run all programs this time. Here are the logs.

 

MBAM:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/3/17
Scan Time: 6:45 PM
Log File: c04ddb6a-d894-11e7-ada0-f0761c7b7a61.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3402
License: Trial

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: DESKTOP-TTVDCSL\junkm

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420961
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 32 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

AdwCleaner, first scan:

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 04 03:01:37 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 11-29-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1614 B] - [2017/11/28 3:4:56]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/11/28 3:4:14]


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

AdwCleaner, first clean:

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 04 03:06:34 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1614 B] - [2017/11/28 3:4:56]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/11/28 3:4:14]
C:/AdwCleaner/AdwCleaner[S4].txt - [1463 B] - [2017/12/4 3:1:37]


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

AdwCleaner, second scan:

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 04 03:18:17 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 11-29-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1614 B] - [2017/11/28 3:4:56]
C:/AdwCleaner/AdwCleaner[C3].txt - [1629 B] - [2017/12/4 3:6:34]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/11/28 3:4:14]
C:/AdwCleaner/AdwCleaner[S4].txt - [1463 B] - [2017/12/4 3:1:37]


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########

AdwCleaner, second clean:

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 04 03:20:11 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1234 B] - [2016/8/13 16:57:39]
C:/AdwCleaner/AdwCleaner[C1].txt - [2712 B] - [2017/11/20 0:32:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1614 B] - [2017/11/28 3:4:56]
C:/AdwCleaner/AdwCleaner[C3].txt - [1629 B] - [2017/12/4 3:6:34]
C:/AdwCleaner/AdwCleaner[S0].txt - [1351 B] - [2016/8/13 16:55:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1333 B] - [2016/11/6 18:5:43]
C:/AdwCleaner/AdwCleaner[S2].txt - [3053 B] - [2017/11/20 0:29:34]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/11/28 3:4:14]
C:/AdwCleaner/AdwCleaner[S4].txt - [1463 B] - [2017/12/4 3:1:37]
C:/AdwCleaner/AdwCleaner[S5].txt - [1595 B] - [2017/12/4 3:18:18]


########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt ##########

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by junkm (administrator) on DESKTOP-TTVDCSL (03-12-2017 20:33:05)
Running from C:\Users\junkm\Downloads
Loaded Profiles: junkm (Available Profiles: junkm & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(FSL) C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-19] (SUPERAntiSpyware)
HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\Run: [Chromium] => "c:\users\junkm\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
Startup: C:\Users\junkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2017-01-12]
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0786a5a6-2125-4eff-bf48-4b5be182d2ab}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0786a5a6-2125-4eff-bf48-4b5be182d2ab}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3619585-425d-4abb-8b4d-e7c045f53612}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{b3619585-425d-4abb-8b4d-e7c045f53612}: [DhcpNameServer] 192.168.75.218 172.16.0.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2739249774-338417867-2325837049-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zyw3y5tu.default
FF ProfilePath: C:\Users\junkm\AppData\Roaming\Mozilla\Firefox\Profiles\zyw3y5tu.default [2017-09-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-24] [Lagacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2739249774-338417867-2325837049-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\junkm\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-25] (Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Slides) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Adobe Acrobat) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Sheets) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Power Thesaurus) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjkanigjoiglnlopahbbjdbfhkndjk [2017-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\junkm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-12] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [29424 2012-05-05] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-03] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 20:33 - 2017-12-03 20:34 - 000016691 _____ C:\Users\junkm\Downloads\FRST.txt
2017-12-03 20:32 - 2017-12-03 20:32 - 002391552 _____ (Farbar) C:\Users\junkm\Downloads\FRST64.exe
2017-12-03 19:59 - 2017-12-03 19:59 - 008187336 _____ (Malwarebytes) C:\Users\junkm\Downloads\adwcleaner_7.0.5.0.exe
2017-12-03 18:43 - 2017-12-03 20:21 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-03 18:43 - 2017-12-03 20:21 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-03 18:43 - 2017-12-03 20:21 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-03 18:43 - 2017-12-03 20:21 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-03 18:43 - 2017-12-03 18:43 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-03 18:43 - 2017-12-03 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-03 18:42 - 2017-12-03 18:42 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-03 18:41 - 2017-12-03 18:41 - 078346672 _____ (Malwarebytes ) C:\Users\junkm\Downloads\mb3-setup-consumer-3.3.1.2183 (2).exe
2017-12-03 17:56 - 2017-12-03 17:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-03 17:53 - 2017-12-03 17:53 - 000000000 ____D C:\WINDOWS\pss
2017-12-01 17:26 - 2017-12-01 17:29 - 000000000 ____D C:\Users\junkm\OneDrive\Documents\poem
2017-11-30 21:20 - 2017-12-03 20:33 - 000000000 ____D C:\FRST
2017-11-30 21:20 - 2017-11-30 21:20 - 000000000 ____D C:\Users\junkm\Downloads\FRST-OlderVersion
2017-11-27 20:16 - 2017-11-30 21:20 - 002391552 _____ (Farbar) C:\Users\junkm\Downloads\FRST64 (1).exe
2017-11-27 20:01 - 2017-11-27 20:01 - 008261584 _____ (Malwarebytes) C:\Users\junkm\Downloads\adwcleaner_7.0.4.0.exe
2017-11-27 19:59 - 2017-11-27 20:00 - 078346672 _____ (Malwarebytes ) C:\Users\junkm\Downloads\mb3-setup-consumer-3.3.1.2183 (1).exe
2017-11-27 19:13 - 2017-12-03 18:43 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-27 19:13 - 2017-11-27 19:13 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-27 19:13 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-27 19:11 - 2017-11-27 19:11 - 078346672 _____ (Malwarebytes ) C:\Users\junkm\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-19 17:22 - 2017-11-19 17:22 - 008261584 _____ (Malwarebytes) C:\Users\junkm\Downloads\AdwCleaner.exe
2017-11-15 19:26 - 2017-11-15 19:26 - 000013728 _____ C:\Users\junkm\Downloads\tf00000005.xlsx
2017-11-14 22:19 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 22:19 - 2017-11-01 21:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 22:19 - 2017-11-01 21:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 22:19 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 22:19 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 22:19 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 22:19 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 22:19 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 22:19 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 22:19 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 22:19 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 22:19 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 22:19 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 22:19 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 22:19 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 22:19 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 22:19 - 2017-11-01 21:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 22:19 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 22:19 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 22:19 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 22:19 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 22:19 - 2017-10-15 08:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 22:19 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 22:19 - 2017-10-15 07:46 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-11-14 22:19 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 22:19 - 2017-10-15 07:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 22:19 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 22:18 - 2017-11-01 22:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-14 22:18 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 22:18 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 22:18 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 22:18 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 22:18 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 22:18 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 22:18 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 22:18 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 22:18 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 22:18 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 22:18 - 2017-11-01 21:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 22:18 - 2017-11-01 21:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 22:18 - 2017-11-01 21:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 22:18 - 2017-11-01 21:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 22:18 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 22:18 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 22:18 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 22:18 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 22:18 - 2017-11-01 21:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 22:18 - 2017-11-01 21:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 22:18 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 22:18 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 22:18 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 22:18 - 2017-11-01 21:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 22:18 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 22:18 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 22:18 - 2017-11-01 21:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 22:18 - 2017-11-01 21:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 22:18 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 22:18 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 22:18 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 22:18 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 22:18 - 2017-10-15 07:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 22:18 - 2017-10-15 07:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 22:18 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 22:18 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 22:18 - 2017-10-15 07:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 22:12 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 22:12 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 22:12 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 22:12 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 22:12 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 22:12 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 22:12 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 22:11 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 22:11 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 22:11 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 22:11 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 22:11 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 22:11 - 2017-11-01 22:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-14 22:11 - 2017-11-01 22:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 22:11 - 2017-11-01 21:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 22:11 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 22:11 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 22:11 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 22:11 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 22:11 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 22:11 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 22:11 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 22:11 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 22:11 - 2017-11-01 21:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 22:11 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 22:11 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 22:11 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 22:11 - 2017-11-01 21:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-14 22:11 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 22:11 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 22:11 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 22:11 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 22:11 - 2017-11-01 21:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 22:11 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 22:11 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 22:11 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 22:11 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 22:11 - 2017-11-01 21:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 22:11 - 2017-11-01 21:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 22:11 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 22:11 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 22:11 - 2017-11-01 21:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 22:11 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 22:11 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 22:11 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 22:11 - 2017-10-15 07:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 22:11 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 22:11 - 2017-10-15 07:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 22:11 - 2017-10-15 07:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 22:11 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 22:11 - 2017-10-15 07:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 22:11 - 2017-10-15 07:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 22:11 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-14 22:10 - 2017-11-01 22:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 22:10 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 22:10 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 22:10 - 2017-11-01 22:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-14 22:10 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 22:10 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 22:10 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 22:10 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 22:10 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 22:10 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 22:10 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 22:10 - 2017-11-01 21:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-14 22:10 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 22:10 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 22:10 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 22:10 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 22:10 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 22:10 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 22:10 - 2017-10-15 07:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 22:09 - 2017-11-01 22:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-14 22:09 - 2017-11-01 22:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-14 22:09 - 2017-11-01 22:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-14 22:09 - 2017-11-01 22:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-14 22:09 - 2017-11-01 22:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-14 22:09 - 2017-11-01 22:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-14 22:09 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 22:09 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 22:09 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 22:09 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 22:09 - 2017-11-01 22:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 22:09 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 22:09 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 22:09 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 22:09 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 22:09 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 22:09 - 2017-11-01 21:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 22:09 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 22:09 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 22:09 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 22:09 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 22:09 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 22:09 - 2017-11-01 21:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 22:09 - 2017-11-01 21:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 22:09 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 22:09 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 22:09 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 22:09 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 22:09 - 2017-11-01 21:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 22:09 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 22:09 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 22:09 - 2017-11-01 21:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 22:09 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 22:09 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 22:09 - 2017-11-01 21:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 22:09 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 22:09 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 22:09 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 22:09 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 22:09 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 22:09 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 22:09 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 22:09 - 2017-10-15 07:07 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-11-14 22:09 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 22:09 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 22:08 - 2017-11-01 22:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 22:08 - 2017-11-01 22:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-14 22:08 - 2017-11-01 22:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-14 22:08 - 2017-11-01 22:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 22:08 - 2017-11-01 22:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 22:08 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 22:08 - 2017-11-01 22:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-14 22:08 - 2017-11-01 22:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 22:08 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 22:08 - 2017-11-01 22:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-14 22:08 - 2017-11-01 22:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-14 22:08 - 2017-11-01 22:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-14 22:08 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 22:08 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 22:08 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 22:08 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 22:08 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 22:08 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 22:08 - 2017-11-01 21:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 22:08 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 22:08 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 22:08 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-12 22:16 - 2017-11-12 22:16 - 000032768 ___SH C:\Users\junkm\Downloads\Thumbs.db
2017-11-12 22:05 - 2017-11-12 22:06 - 232712828 _____ C:\Users\junkm\Downloads\Meet My Alters _ Personalities _ Dissociative Identity Disorder (DID).mp4
2017-11-12 07:44 - 2017-11-12 07:44 - 000018400 _____ C:\Users\junkm\Downloads\4f566180-9746-0135-1d6a-00163e18bcee (3).ics
2017-11-12 07:44 - 2017-11-12 07:44 - 000018400 _____ C:\Users\junkm\Downloads\4f566180-9746-0135-1d6a-00163e18bcee (2).ics
2017-11-11 20:29 - 2017-11-11 20:29 - 000018400 _____ C:\Users\junkm\Downloads\4f566180-9746-0135-1d6a-00163e18bcee (1).ics
2017-11-11 14:49 - 2017-11-11 14:49 - 000018400 _____ C:\Users\junkm\Downloads\4f566180-9746-0135-1d6a-00163e18bcee.ics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 20:25 - 2017-06-04 13:34 - 001318478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-03 20:23 - 2017-06-04 13:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-03 20:23 - 2016-05-15 15:51 - 000000000 __SHD C:\Users\junkm\IntelGraphicsProfiles
2017-12-03 20:21 - 2017-06-04 14:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-03 20:20 - 2017-03-18 04:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-03 20:20 - 2016-08-13 09:53 - 000000000 ____D C:\AdwCleaner
2017-12-03 19:54 - 2017-06-04 13:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-03 18:54 - 2017-06-04 14:09 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{92542CC5-302C-43F9-8271-0D6269DD8CD4}
2017-12-03 18:42 - 2016-08-13 08:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-03 17:31 - 2016-12-13 21:30 - 000013229 _____ C:\WINDOWS\BRRBCOM.INI
2017-12-03 12:47 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-03 12:47 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-01 16:17 - 2016-06-24 22:16 - 000000000 ____D C:\Users\junkm\AppData\Roaming\Audacity
2017-11-29 15:48 - 2016-05-18 19:17 - 000002300 ____H C:\Users\junkm\OneDrive\Documents\Default.rdp
2017-11-27 19:54 - 2017-06-04 13:35 - 000000000 ____D C:\Users\junkm
2017-11-27 19:53 - 2017-06-21 18:31 - 000000000 ____D C:\Users\junkm\Desktop\temp
2017-11-27 18:21 - 2016-05-16 18:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-27 18:16 - 2017-10-10 18:20 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 18:16 - 2016-05-16 18:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-26 20:39 - 2016-05-15 16:03 - 000000000 ____D C:\Users\junkm\Desktop\zipped
2017-11-26 19:05 - 2016-05-22 20:11 - 000000000 ____D C:\Users\junkm\Desktop\vault
2017-11-20 19:21 - 2016-05-15 19:08 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 10:07 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-18 10:08 - 2016-07-10 10:05 - 000000000 ____D C:\Users\junkm\OneDrive\Documents\Outlook Files
2017-11-16 18:12 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-16 17:23 - 2016-05-15 15:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-16 07:33 - 2017-06-04 13:29 - 000417424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 07:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 07:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-16 07:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-16 07:21 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-16 07:21 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 22:31 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 18:19 - 2017-06-04 14:09 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 18:19 - 2017-06-04 14:09 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 13:33 - 2016-08-11 21:53 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 13:33 - 2016-08-11 21:53 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-13 09:07 - 2017-10-23 21:03 - 000036352 ___SH C:\Users\junkm\Desktop\Thumbs.db
2017-11-12 22:16 - 2016-08-24 17:12 - 000000000 ____D C:\Users\junkm\AppData\Roaming\Skype
2017-11-11 00:24 - 2016-08-13 21:35 - 000000000 ____D C:\Users\junkm\Desktop\Rick & Morty
2017-11-08 20:09 - 2016-08-05 13:28 - 000014398 _____ C:\Users\junkm\Desktop\ILP.txt
2017-11-05 11:39 - 2017-04-18 20:06 - 000001478 _____ C:\Users\junkm\Desktop\Roblox Player.lnk
2017-11-05 11:39 - 2017-04-18 20:05 - 000001293 _____ C:\Users\junkm\Desktop\Roblox Studio.lnk
2017-11-05 11:39 - 2017-04-18 20:05 - 000000000 ____D C:\Users\junkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-04 18:40 - 2017-03-18 14:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 18:40 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 08:59 - 2017-07-25 17:50 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2739249774-338417867-2325837049-1001
2017-11-04 08:59 - 2016-05-15 15:55 - 000002412 _____ C:\Users\junkm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-04 08:59 - 2016-05-15 15:55 - 000000000 ___RD C:\Users\junkm\OneDrive

==================== Files in the root of some directories =======

2017-10-13 16:34 - 2017-10-13 16:34 - 000002853 _____ () C:\Users\junkm\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-07-11 09:51 - 2017-07-11 09:51 - 003051288 _____ () C:\Users\junkm\AppData\Local\Temp\npp.7.4.2.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-27 18:15

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by junkm (03-12-2017 20:35:20)
Running from C:\Users\junkm\Downloads
Windows 10 Home Version 1703 15063.726 (X64) (2017-06-04 21:21:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2739249774-338417867-2325837049-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2739249774-338417867-2325837049-503 - Limited - Disabled)
Guest (S-1-5-21-2739249774-338417867-2325837049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2739249774-338417867-2325837049-1003 - Limited - Enabled)
junkm (S-1-5-21-2739249774-338417867-2325837049-1001 - Administrator - Enabled) => C:\Users\junkm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
iExplorer (HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.2 (x64 en-US)) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Protected Music Converter version 1.9.7.5 (HKLM-x32\...\Protected Music Converter_is1) (Version: 1.9.7.5 - WMA-MP3.com)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7589 - Realtek Semiconductor Corp.)
Roblox Player for junkm (HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Splashtop Business (HKLM-x32\...\{6A4CA92E-2579-4C4D-9C8B-44735449C64E}) (Version: 3.1.6.0 - Splashtop Inc.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Super Finder XT 1.6.3.2 (HKLM-x32\...\Super Finder XT_is1) (Version:  - FSL - FreeSoftLand)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Zoom (HKU\S-1-5-21-2739249774-338417867-2325837049-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2379F5FE-43C5-4931-A692-4824275283A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {23E050C2-B5B1-4C28-86F3-4673EEF6FA17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-11] (Google Inc.)
Task: {7C0F6E99-798E-40B0-ABFA-355CA8B24939} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => Powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\junkm\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {97623B8D-9BE0-475E-9202-99BFBB94C8F9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D205B396-73E3-4A0F-AF94-C8ADF2B2E922} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D9E08373-5879-4BA3-AD37-6999661E1D5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-11] (Google Inc.)
Task: {F3D9F13E-1FB5-4403-B4B8-463A69D25168} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\junkm\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-27 19:13 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-27 19:13 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-13 16:30 - 2015-10-13 16:30 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-29 15:01 - 2017-11-29 15:01 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-29 15:01 - 2017-11-29 15:01 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-29 15:01 - 2017-11-29 15:01 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-29 15:01 - 2017-11-29 15:01 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-29 15:01 - 2017-11-29 15:01 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-11-13 13:33 - 2017-11-10 02:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 13:33 - 2017-11-10 02:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-08-09 19:41 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-08-09 19:41 - 2016-06-20 14:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5 [164]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-15 16:54 - 2017-09-24 15:12 - 000000930 _____ C:\WINDOWS\system32\Drivers\etc\hosts

192.168.0.13	www.mm-theory.com
192.168.0.13	www.surrealsource.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2739249774-338417867-2325837049-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\junkm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{28C03609-D558-447E-8B65-95BD7B98F2A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0337707A-D326-47DE-9C35-06D8F6C1FCA3}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{93A59207-51B9-4458-854E-E810A30BFE34}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{34E219C1-FB19-47B5-936A-24F296F000B1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{2C514AD6-51D4-4238-9A6C-5419ECD4DBA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ADDAE11F-E155-41A0-B016-3BF36E9334FF}] => (Allow) LPort=2869
FirewallRules: [{FC373A9C-9E02-4B39-B479-A8705AB8E01C}] => (Allow) LPort=1900
FirewallRules: [{A57584E5-2E24-4556-8F3A-DCA315880988}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BA2BF10-0B38-4C15-ABB3-B26420405C70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F82E902-5AF0-4F69-8B97-0A474C90312F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210EDD8F-9BC5-4DB6-B8EF-FEDB3DBC60EF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9AC65705-07FB-48A2-AE19-065F5EA0EB75}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{F89F7FC0-FFD2-4982-B821-54B56F7CC7EF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B8BFF61C-DEFA-4966-8B45-D73CC9F1216B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FCB2CFD2-3681-4260-9B75-6EF7908C4990}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{37F31B67-A75A-4AD0-9FCD-AE49789456F3}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Client for STB\wbs-agent\projects\m360+\wbs_agent.exe
FirewallRules: [TCP Query User{A1ABEA19-13AA-4F89-9AB4-8CC0847A6C52}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C10D445C-6C49-4700-B530-BF7A36A88459}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D864C5CD-710F-46B0-ADD9-4E897FE626FE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8F149A1B-65A5-44C7-B7DB-FDFFDEDC28D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-11-2017 20:35:23 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 08:07:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-TTVDCSL.local already in use; will try DESKTOP-TTVDCSL-2.local instead

Error: (12/03/2017 08:07:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 DESKTOP-TTVDCSL.local. Addr 192.168.0.14

Error: (12/03/2017 08:07:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.14:5353   16 DESKTOP-TTVDCSL.local. AAAA FD00:00FC:8DDB:BAB2:10E4:3110:81F3:470F

Error: (12/03/2017 06:34:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/03/2017 01:20:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4266

Error: (12/03/2017 01:20:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4266

Error: (12/03/2017 01:20:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2017 04:01:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3984

Error: (12/03/2017 04:01:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3984

Error: (12/03/2017 04:01:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/03/2017 08:22:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 08:22:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 08:21:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/03/2017 08:20:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-12-03 20:32:12.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 20:32:12.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 20:14:08.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 20:14:07.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 19:02:40.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 19:02:40.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 18:43:39.648
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-03 18:43:24.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-03 12:53:51.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 12:53:51.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8106.33 MB
Available physical RAM: 5313.5 MB
Total Virtual: 9386.33 MB
Available Virtual: 6689.72 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.54 GB) (Free:686.71 GB) NTFS
Drive d: () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8AEC3653)

Partition: GPT.

==================== End of Addition.txt ============================

It's hard to say whether it got rid of the softonic thing. I'll have to use Chrome for a few days before I can say for sure whether it's gone or not.

 

Anything you can tell/recommend based on the logs?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 04 December 2017 - 08:17 AM

Hi

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {97623B8D-9BE0-475E-9202-99BFBB94C8F9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5 [164]

GroupPolicy: Restriction - Chrome <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know in a few days it all is well or not.ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {97623B8D-9BE0-475E-9202-99BFBB94C8F9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5 [164]

#11 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 04 December 2017 - 09:07 PM

Thanks Nasdaq,

 

I will try that soon and get back to you.



#12 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 04 December 2017 - 11:24 PM

Here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by junkm (04-12-2017 20:50:53) Run:1
Running from C:\Users\junkm\Downloads
Loaded Profiles: junkm (Available Profiles: junkm & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {97623B8D-9BE0-475E-9202-99BFBB94C8F9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5 [164]

GroupPolicy: Restriction - Chrome <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97623B8D-9BE0-475E-9202-99BFBB94C8F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97623B8D-9BE0-475E-9202-99BFBB94C8F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
C:\ProgramData\TEMP => ":C39E55C5" ADS removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42687318 B
Java, Flash, Steam htmlcache => 1646 B
Windows/system/drivers => 47325362 B
Edge => 238892248 B
Chrome => 767639984 B
Firefox => 28284123 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1488534 B
junkm => 2176812957 B
DefaultAppPool => 6656 B

RecycleBin => 50393182056 B
EmptyTemp: => 50 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:55:28 ====

softonic is still on my computer.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 05 December 2017 - 07:29 AM

Hi,

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
---

If the problem persists run this search.

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
softonic
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;

Edited by nasdaq, 05 December 2017 - 08:27 AM.


#14 gib65

gib65
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 07 December 2017 - 10:00 PM

Ever since resetting Chrome, I haven't seen the softonic popup. I went ahead and scanned the registry with FRST anyway. The log is below.
 
On a side note, MBAM is now behaving like softonic. Ever since installing and running it, I've been getting these popups at the bottom right corner of my screen (even without a browser up):
 
mbam.png
 
But it's only for 5 more days, so I can tolerate it.
 
Anyway, here's the log:
 
Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by junkm (06-12-2017 18:11:55)
Running from C:\Users\junkm\Downloads
Boot Mode: Normal

================== Search Registry: "softonic" ===========

[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\Users\junkm\Desktop\temp\en.softonic.com\MBAM acting like Softonic (but just for 5 more days).png"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B0A8A2D8-B1EA-4182-B54C-EDCE6D2EC31F}\RecentItems\{4F4F5E9D-0187-4DDD-AC94-05A0269F19EB}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\MBAM acting like Softonic (but just for 5 more days).png"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B0A8A2D8-B1EA-4182-B54C-EDCE6D2EC31F}\RecentItems\{4F4F5E9D-0187-4DDD-AC94-05A0269F19EB}]
"DisplayName"="MBAM acting like Softonic (but just for 5 more days).png"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{2B15E498-6A6B-42D6-8035-F7D44340937C}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\AdwCleaner[C3] 2.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{54AB5A1A-1B25-46A6-A951-5EF6BE47D568}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\AdwCleaner[S4] 2.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{5CC2668C-2187-4A09-8C85-02FD98BC93AE}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\FRST.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{D2AF5763-5231-4B5C-BDEC-9F64CB39CE71}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\mbam 2.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{DC817A34-0199-4CA1-AEC6-3F2BC8E8E0E0}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\AdwCleaner[C4] 2.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{DDF791BC-F4FA-4908-9BCE-112B436D68DE}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\Addition.txt"
[HKEY_USERS\S-1-5-21-2739249774-338417867-2325837049-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BEC57E6E-BE5B-4150-B569-239CC1E415AD}\RecentItems\{FCC3F237-0DD1-4AA7-9D9F-B0C4DE8F0817}]
"Path"="C:\Users\junkm\Desktop\temp\en.softonic.com\AdwCleaner[S5] 2.txt"

====== End of Search ======


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 08 December 2017 - 08:37 AM



Hi,

The registry entries are created by the operating syistem and are not active or causing any damage.

You can clean the list is you want.

Read this article.
How to clear the Recent items list in Windows 10
https://www.techrepublic.com/article/how-to-clear-the-recent-items-list-in-windows-10/

It's you call if you want to do it.

If present delete the folder in bold from the computer.
C:\Users\junkm\Desktop\temp\[b]en.softonic.com

p.s.
The notice from MBAM will no longer be shown when the date expires.

If you want to keep MBAM active and get the online protection you need to Active it and buy the license.
If not you will loose the online protection and will have to run the program as and when you see fit.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users