Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit virus malewarebytes cant remove


  • This topic is locked This topic is locked
1 reply to this topic

#1 wmb1961

wmb1961

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 12 December 2017 - 04:18 PM

These are the two files Malwarebytes keeps finding even after quarentineing them...
 
Registry Key: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR, No Action By User, [1228], [466343],1.0.3473
 
Registry Value: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR|IMAGEPATH, No Action By User, [1228], [466343],1.0.3473
 
 
Followed recommendations and ran the following 
 
Security Check
Farbar
MiniToolBox
malwarebytes
Malwarebytes Anti-rootkit (crashes when i run this)
RKill
Temp File Remover
ADW Remover
Sofos free Virus Remover
 
and here are the two farbar 64 bt Log reports
 
have to post  em separate cause the forum wont allow both at the same time
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-12-2017
Ran by admin24 (administrator) on ADMIN2 (12-12-2017 15:46:48)
Running from C:\Users\admin24\Downloads
Loaded Profiles: admin24 (Available Profiles: admin24)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\nviamxesvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\admin24\AppData\Local\wmcaxro\wmcaxro.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> explorer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\Run: [HP ENVY 5540 series (NET)] => C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\MountPoints2: {1bfa7de2-83e1-11e5-825f-4cbb58875084} - "D:\SISetup.exe" 
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\MountPoints2: {d7695744-9c07-11e7-828a-4cbb58875084} - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner.lnk [2016-02-12]
ShortcutTarget: MassPlanner.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner2.lnk [2016-02-05]
ShortcutTarget: MassPlanner2.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Check Writer Backup.lnk [2015-11-11]
ShortcutTarget: Check Writer Backup.lnk -> C:\Program Files\CheckWriter6\b\CWbackup.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{32eb1e66-d1f1-403d-a96d-90e933eb5fe0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{32eb1e66-d1f1-403d-a96d-90e933eb5fe0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f4b05ada-eeb1-417d-8ab6-9d0411bfc803}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f4b05ada-eeb1-417d-8ab6-9d0411bfc803}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001 -> DefaultScope {4B880F7A-D02C-4DBF-BAC4-5608C1AD9BB5} URL = 
SearchScopes: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001 -> {C49A6ABE-C1FC-486C-B0B3-6BBE21205947} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: mcw9ssjn.default
FF ProfilePath: C:\Users\admin24\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9ssjn.default [2017-12-11]
FF Homepage: Mozilla\Firefox\Profiles\mcw9ssjn.default -> hxxps://www.google.com
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3609396728-1424491989-2649479348-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin24\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-15] (Citrix Online)
 
Chrome: 
=======
CHR Profile: C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default [2017-12-12]
CHR Extension: (Slides) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (YouTube) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-28]
CHR Extension: (Sheets) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Google Play) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-02-03]
CHR Extension: (Skype) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (Google Hangouts) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
U2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 avgVmm; C:\Windows\System32\Drivers\avgVmm.sys [355856 2017-11-09] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S4 geemllc; C:\WINDOWS\System32\drivers\djpk.sys [79064 2017-11-08] (Malwarebytes)
S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] ()
S4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [119000 2017-12-12] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-04] (Malwarebytes)
R1 MpKsl85890b89; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A0243FA2-9F3C-4A05-B12D-9E1823677389}\MpKsl85890b89.sys [58120 2017-12-08] (Microsoft Corporation)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-08] (Zemana Ltd.)
U0 Partizan; system32\drivers\Partizan.sys [X]
R3 udiskMgr; system32\drivers\osvybf.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-12 15:46 - 2017-12-12 15:49 - 000022854 _____ C:\Users\admin24\Downloads\FRST.txt
2017-12-12 15:46 - 2017-12-12 15:46 - 000000000 ____D C:\FRST
2017-12-12 15:39 - 2017-12-12 15:39 - 000099404 _____ C:\Users\admin24\Downloads\d68ab740-a321-4d07-bff6-739beb106dd0.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000064035 _____ C:\Users\admin24\Downloads\eb38ba37-4d47-400e-b98d-aa67631a234b.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000063906 _____ C:\Users\admin24\Downloads\ad252900-61de-439f-bdb4-a4006e8e54c2.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000062842 _____ C:\Users\admin24\Downloads\e0b6137f-2206-4f05-b520-9ef0cdc3d012.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000040311 _____ C:\Users\admin24\Downloads\b3c65a16-6f54-4612-9cad-ee187495660f.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000036022 _____ C:\Users\admin24\Downloads\8940172d-f1cc-4d79-9cae-15a924b8e8d8.tmp
2017-12-12 15:35 - 2017-12-12 15:39 - 002392064 _____ (Farbar) C:\Users\admin24\Downloads\FRST64.exe
2017-12-12 15:25 - 2017-12-12 15:29 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001 (2).exe
2017-12-12 15:22 - 2017-12-12 15:22 - 000001378 _____ C:\Users\admin24\Desktop\Rkill.txt
2017-12-12 14:57 - 2017-12-12 14:57 - 000003136 _____ C:\WINDOWS\SysWOW64\System
2017-12-12 13:12 - 2017-12-12 13:12 - 000063087 _____ C:\Users\admin24\Downloads\Lorenzo.manderson-Auth_sig1.jpeg
2017-12-12 11:11 - 2017-12-12 11:11 - 000001335 _____ C:\Users\admin24\Desktop\mb 12-12-17.txt
2017-12-12 11:10 - 2017-12-12 11:10 - 000001378 _____ C:\Users\admin24\Desktop\MB Rootkit 12-12-17.txt
2017-12-09 19:37 - 2017-12-09 19:37 - 000316032 _____ C:\Users\admin24\Downloads\authorizationform100.pdf
2017-12-08 18:02 - 2017-12-08 18:02 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42334722.sys
2017-12-08 18:01 - 2017-12-08 18:01 - 000000000 ____D C:\Users\admin24\Desktop\mbar
2017-12-08 18:00 - 2017-12-08 18:01 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001 (1).exe
2017-12-08 17:43 - 2017-12-08 17:43 - 000140624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\snhnruxa.sys
2017-12-08 11:34 - 2017-12-08 11:35 - 001790024 _____ (Malwarebytes) C:\Users\admin24\Downloads\JRT.exe
2017-12-07 16:33 - 2017-12-07 16:33 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-07 16:30 - 2017-12-07 16:33 - 000001028 _____ C:\DelFix.txt
2017-12-07 16:30 - 2017-12-07 16:30 - 000000000 ____D C:\WINDOWS\ERUNT
2017-12-07 16:18 - 2017-12-07 16:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5D2632D3.sys
2017-12-07 16:18 - 2017-12-07 16:18 - 000000114 _____ C:\local.conf
2017-12-07 13:46 - 2017-12-07 13:46 - 000167034 _____ C:\Users\admin24\Downloads\fileassassin-setup-1.06.exe
2017-12-07 13:46 - 2017-12-07 13:46 - 000001130 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-12-07 13:46 - 2017-12-07 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-12-07 13:46 - 2017-12-07 13:46 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-12-06 12:53 - 2017-12-06 19:25 - 000015741 _____ C:\Users\admin24\Desktop\250-leads (version 1).xlsb.xlsx
2017-12-06 11:53 - 2017-12-06 11:53 - 000000000 ____D C:\ProgramData\Sophos
2017-12-06 11:52 - 2017-12-06 11:52 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-12-06 11:52 - 2017-12-06 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-12-06 11:52 - 2017-12-06 11:52 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-12-06 11:41 - 2017-12-06 11:49 - 183163664 _____ (Sophos Limited) C:\Users\admin24\Desktop\Sophos Virus Removal Tool.exe
2017-12-04 19:56 - 2017-12-05 17:42 - 000012169 _____ C:\Users\admin24\Desktop\250-leads.xlsx
2017-12-04 12:42 - 2017-12-04 12:42 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\363C8656.sys
2017-12-04 12:35 - 2017-12-04 12:35 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7327838C.sys
2017-12-04 12:31 - 2017-12-04 12:33 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001.exe
2017-12-04 12:11 - 2017-12-12 15:18 - 000091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-04 12:10 - 2017-12-12 15:19 - 000119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-04 12:10 - 2017-12-08 17:29 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-04 12:10 - 2017-12-04 12:10 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-04 12:10 - 2017-12-04 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-04 12:10 - 2017-12-04 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-04 12:09 - 2017-12-04 12:10 - 078346672 _____ (Malwarebytes ) C:\Users\admin24\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2017-12-04 12:08 - 2017-12-04 12:08 - 000036144 _____ C:\Users\admin24\Downloads\MTB.txt
2017-11-30 15:53 - 2017-12-09 14:38 - 000000000 ____D C:\Users\admin24\Downloads\img
2017-11-30 12:07 - 2017-11-30 12:07 - 000001711 _____ C:\Users\admin24\Desktop\Power2Go8..lnk
2017-11-29 20:19 - 2017-11-29 20:19 - 000003622 _____ C:\WINDOWS\System32\Tasks\{D58A33A3-0771-4EBE-808A-C4975833EB16}
2017-11-29 19:01 - 2017-11-29 19:01 - 000551543 _____ C:\Users\admin24\Downloads\noname (7)
2017-11-29 19:00 - 2017-11-29 19:01 - 000551543 _____ C:\Users\admin24\Downloads\noname (6)
2017-11-28 16:19 - 2017-11-28 16:19 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-28 16:19 - 2017-11-28 16:19 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-28 16:18 - 2017-11-28 16:18 - 001129816 _____ (Google Inc.) C:\Users\admin24\Downloads\ChromeSetup.exe
2017-11-27 17:10 - 2017-11-27 17:10 - 000095872 _____ C:\Users\admin24\Downloads\noname (5)
2017-11-27 13:03 - 2017-12-05 15:54 - 000001753 _____ C:\Users\admin24\Desktop\SETH L.COMICS LIST.txt
2017-11-22 18:48 - 2017-11-22 18:48 - 013683839 _____ C:\Users\admin24\Downloads\Quality___Love_Secrets_045__1955_.cbr
2017-11-21 22:53 - 2017-11-21 22:53 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-20 18:08 - 2017-11-20 18:08 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-11-20 18:00 - 2017-11-20 18:00 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-20 17:59 - 2017-11-20 18:00 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw11b4205c46f6bf35.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw61f26826b88e8b7d.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f40a24e50bf5ba4.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw320e2fc1b68b2693.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcecd404381c84626.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd7287b4b607bb835.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw66872847bd54c7c1.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe38c9274d2b33b64.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf09f785ac37744a7.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw95337822174eed40.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdb098ccc3f104527.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9d8ff2b122d58d41.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5a495692cadc2d81.tmp
2017-11-20 17:55 - 2017-11-22 15:08 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-20 17:55 - 2017-11-20 17:55 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-20 17:55 - 2017-11-20 17:55 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-20 17:55 - 2017-11-20 17:55 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-20 17:55 - 2017-11-20 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-20 17:55 - 2017-11-20 17:55 - 000000000 ____D C:\Program Files\CCleaner
2017-11-20 17:54 - 2017-11-20 17:54 - 010849904 _____ (Piriform Ltd) C:\Users\admin24\Downloads\ccsetup537.exe
2017-11-20 16:52 - 2017-11-20 16:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66B97E46.sys
2017-11-20 16:42 - 2017-12-04 18:48 - 000000000 ____D C:\Users\admin24\Desktop\NEW BIG TICKET
2017-11-20 16:32 - 2017-11-20 16:32 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\05306F50.sys
2017-11-20 16:32 - 2017-11-20 16:32 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\656A6F1B.sys
2017-11-20 16:29 - 2017-12-08 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-20 16:24 - 2017-11-20 16:28 - 016563352 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.09.3.1001.exe
2017-11-20 12:32 - 2017-11-20 12:32 - 000014202 _____ C:\Users\admin24\Downloads\W.C.Lunde-Auth.sig-9510812979047312109101.pdf
2017-11-18 18:57 - 2017-11-18 18:57 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-11-18 18:40 - 2017-11-18 19:18 - 000000000 ____D C:\Users\admin24\Downloads\TyLong Audio
2017-11-18 18:38 - 2017-11-18 18:38 - 000000000 ____D C:\Users\admin24\Documents\Audacity
2017-11-18 18:26 - 2017-11-18 19:19 - 000000000 ____D C:\Users\admin24\AppData\Roaming\audacity
2017-11-18 18:26 - 2017-11-18 18:26 - 000001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-11-18 18:26 - 2017-11-18 18:26 - 000001082 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-11-18 18:26 - 2017-11-18 18:26 - 000000000 ____D C:\Users\admin24\AppData\Local\Audacity
2017-11-18 18:26 - 2017-11-18 18:26 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-11-18 18:24 - 2017-11-18 18:25 - 020275088 _____ (Audacity Team ) C:\Users\admin24\Downloads\audacity-win-2.2.0.exe
2017-11-17 17:40 - 2017-11-17 17:40 - 000000000 ____D C:\Users\admin24\Desktop\PAYMENT BUTTONS
2017-11-16 11:44 - 2017-12-12 14:44 - 009497600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-15 16:26 - 2017-11-15 16:26 - 000001663 _____ C:\Users\admin24\Desktop\Bulk Rename Utility.exe - Shortcut.lnk
2017-11-15 14:49 - 2017-11-15 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-11-15 14:49 - 2017-11-15 14:49 - 000000000 ____D C:\Program Files\Bulk Rename Utility
2017-11-15 14:44 - 2017-11-15 14:46 - 009699408 _____ (TGRMN Software ) C:\Users\admin24\Downloads\BRU_setup_3.0.0.1.exe
2017-11-15 11:44 - 2017-12-12 15:46 - 000000000 ___RD C:\Users\admin24\Creative Cloud Files
2017-11-15 11:40 - 2017-12-04 11:44 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-11-15 11:40 - 2017-11-22 15:27 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-11-15 11:40 - 2017-11-22 15:27 - 000002093 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2017-11-14 17:40 - 2017-11-14 17:40 - 001995464 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up (2).exe
2017-11-14 17:40 - 2017-11-14 17:40 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-11-14 17:40 - 2017-11-14 17:40 - 000001292 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-11-14 17:37 - 2017-11-14 17:40 - 001995464 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up (1).exe
2017-11-14 17:27 - 2017-11-14 17:27 - 001995528 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-11-14 17:15 - 2017-11-14 17:15 - 000537167 _____ C:\Users\admin24\Downloads\Sneaky_Ways_From_Craigslist.pdf
2017-11-13 11:02 - 2017-12-12 15:46 - 000000000 ____D C:\Users\admin24\AppData\Local\wmcaxro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-12 15:49 - 2017-11-08 13:07 - 000030310 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-12 15:46 - 2015-10-31 12:09 - 000000000 ____D C:\Users\admin24\AppData\Local\Adobe
2017-12-12 15:42 - 2016-05-27 11:48 - 000000000 __SHD C:\Users\admin24\IntelGraphicsProfiles
2017-12-12 15:41 - 2017-11-08 12:03 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\nviamxesvc.exe
2017-12-12 15:41 - 2017-10-10 11:14 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin24.job
2017-12-12 15:41 - 2016-10-03 05:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-12 15:41 - 2016-10-03 04:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-12 15:22 - 2017-11-10 15:07 - 000000000 ____D C:\Users\admin24\Desktop\SPYWARE REMOVERS
2017-12-12 14:44 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 14:44 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 12:24 - 2015-11-11 11:53 - 000000000 ____D C:\Program Files\CheckWriter6
2017-12-12 12:14 - 2017-10-10 11:14 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin24
2017-12-12 10:56 - 2016-10-03 04:44 - 000000000 ____D C:\Users\admin24
2017-12-12 10:55 - 2016-07-16 01:04 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-11 21:50 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-11 15:38 - 2017-04-26 10:15 - 000000000 ____D C:\Users\admin24\AppData\LocalLow\Mozilla
2017-12-11 11:04 - 2017-11-09 18:59 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-10 19:17 - 2017-11-08 12:07 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-10 19:17 - 2015-03-25 18:17 - 000314002 ____N C:\WINDOWS\Minidump\121017-25640-01.dmp
2017-12-09 16:58 - 2017-04-25 14:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-09 16:58 - 2015-09-09 10:55 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-08 19:13 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-08 18:04 - 2015-03-25 18:17 - 000298058 ____N C:\WINDOWS\Minidump\120817-80859-01.dmp
2017-12-08 17:43 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-07 18:28 - 2017-09-29 10:49 - 000000000 ____D C:\Program Files\rempl
2017-12-07 16:20 - 2015-03-25 18:17 - 000296138 ____N C:\WINDOWS\Minidump\120717-77515-01.dmp
2017-12-06 05:25 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-04 20:34 - 2015-03-25 18:17 - 000313098 ____N C:\WINDOWS\Minidump\120417-28937-01.dmp
2017-12-04 18:09 - 2015-03-25 18:11 - 000000000 ____D C:\ProgramData\CyberLink
2017-12-04 12:45 - 2015-03-25 18:17 - 000299266 ____N C:\WINDOWS\Minidump\120417-40562-01.dmp
2017-12-04 12:38 - 2015-03-25 18:17 - 000299266 ____N C:\WINDOWS\Minidump\120417-37343-01.dmp
2017-12-04 12:11 - 2017-11-09 11:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-01 11:29 - 2017-07-31 13:42 - 000000000 ____D C:\Users\admin24\Downloads\cc auth form
2017-11-30 17:05 - 2017-07-28 12:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 20:32 - 2017-09-27 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2017-11-29 20:32 - 2017-09-27 14:52 - 000000000 ____D C:\Program Files (x86)\Macromedia
2017-11-29 20:32 - 2015-03-25 18:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-11-29 20:20 - 2015-03-25 18:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-11-29 20:19 - 2017-02-02 12:35 - 000000000 ____D C:\Users\admin24\AppData\Local\Deployment
2017-11-29 20:18 - 2016-03-15 13:30 - 000000000 ____D C:\Users\admin24\AppData\Local\Citrix
2017-11-29 17:42 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-29 17:38 - 2015-03-25 18:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-28 16:18 - 2016-10-03 05:07 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1af9b83d6515
2017-11-28 16:18 - 2016-10-03 05:07 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-28 16:18 - 2016-03-28 17:42 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-24 16:34 - 2017-07-26 12:31 - 000000000 ____D C:\Users\admin24\Documents\Gradients
2017-11-22 16:29 - 2015-09-12 11:23 - 000000000 ____D C:\Users\admin24\AppData\Roaming\DropboxOEM
2017-11-22 16:25 - 2017-09-19 12:28 - 000000000 ____D C:\Program Files (x86)\Nero
2017-11-22 15:31 - 2017-07-28 12:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-22 15:21 - 2017-11-02 10:34 - 000000000 ____D C:\Users\admin24\AppData\Roaming\AtomPark
2017-11-22 15:20 - 2017-07-28 12:51 - 000000000 ____D C:\ProgramData\Adobe
2017-11-22 15:20 - 2016-05-18 10:53 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-22 15:19 - 2017-11-10 16:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-22 15:17 - 2016-01-28 10:36 - 000000000 ____D C:\ProgramData\Skype
2017-11-22 15:14 - 2015-03-25 18:29 - 000000000 ____D C:\Program Files\Dell
2017-11-21 12:24 - 2015-11-11 16:48 - 000000000 ____D C:\ProgramData\HP
2017-11-21 12:24 - 2015-11-11 16:47 - 000000000 ____D C:\Program Files\HP
2017-11-20 18:11 - 2017-09-27 14:32 - 000000000 ____D C:\Users\admin24\AppData\Roaming\FileZilla
2017-11-20 18:08 - 2016-10-03 08:36 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-20 18:08 - 2015-11-20 09:02 - 000000000 ____D C:\Users\admin24\AppData\Local\CrashDumps
2017-11-20 17:47 - 2017-10-05 14:10 - 000000000 ____D C:\Users\admin24\Downloads\GPS Scripts
2017-11-20 15:47 - 2016-05-26 23:20 - 001621156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-20 14:09 - 2017-11-08 12:11 - 000000000 ____D C:\Users\admin24\AppData\Local\rtbdpoe
2017-11-17 19:05 - 2017-11-10 15:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-17 19:05 - 2017-11-10 15:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-17 17:31 - 2017-07-06 10:59 - 000000000 ____D C:\Users\admin24\Desktop\SCRIPTS
2017-11-16 11:44 - 2016-10-03 05:07 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-15 16:27 - 2015-09-09 10:56 - 000000000 ____D C:\Users\admin24\AppData\Roaming\Mozilla
2017-11-15 16:27 - 2015-09-09 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-15 15:34 - 2015-09-09 10:44 - 000000000 ____D C:\Users\admin24\AppData\Roaming\Adobe
2017-11-15 15:30 - 2016-10-03 04:37 - 000362200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 11:42 - 2017-07-28 12:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-14 17:39 - 2016-11-23 14:30 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-14 17:31 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-13 15:05 - 2016-11-23 14:32 - 000000000 _____ C:\Users\admin24\Documents\HP ePrint
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-04 22:34
 
==================== End of FRST.txt ============================
 


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:05 AM

Posted 12 December 2017 - 06:18 PM

Closing Duplicate.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users