Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Microsoft Sees 24% Rise in Tech Support Scam Complaints

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

leftovers after removing a mail.ru virus

Started by semaj231 , Jan 14 2018 08:20 PM

  • Please log in to reply
15 replies to this topic

#1 semaj231

semaj231

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 14 January 2018 - 08:20 PM

hey guys, hope you can help

 

i spent a day cleaning up my computer that got some mail.ru virus lots of forced browser opening, ad spams, and disabled windows defender etc. it also opened my command prompt occasionally with this weird transfer message. i seemed to have cleaned up my computer and windows defender is coming up as clean, but this command prompt is leftover. i have included a picture of it, can you guys help?

 

https://ibb.co/hBUV2R

 


BC AdBot (Login to Remove)

 

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 14 January 2018 - 10:47 PM

Welcome aboard p22002758.gif
 
p22002970.gif Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#3 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 15 January 2018 - 07:00 PM

 
Security Check
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (61.0.3163.79) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
 Intel Intel® Online Connect Access LegacyCsLoaderService.exe  
 Intel Intel® Online Connect Access IntelTechnologyAccessService.exe  
 Intel Intel® Online Connect ioc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
FSS
Farbar Service Scanner Version: 27-01-2016
Ran by James (administrator) on 16-01-2018 at 09:41:41
Running from "D:\Users\James\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
MiniToolBox
MiniToolBox by Farbar  Version: 17-06-2016
Ran by James (administrator) on 16-01-2018 at 09:43:05
Running from "D:\Users\James\Downloads"
Microsoft Windows 10 Home  (X64)
Model: N85_N87,HJ,HJ1,HK1 Manufacturer: Notebook
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3168 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ADMINRG-V5M64LG
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 80-FA-5B-48-38-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 10-F0-05-BF-26-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3168
   Physical Address. . . . . . . . . : 5A-AE-4C-61-2E-26
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc38:8ca3:5d4d:341b%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 16, 2018 9:33:06 AM
   Lease Expires . . . . . . . . . . : Tuesday, January 16, 2018 11:33:06 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 224046668
   DHCPv6 Client DUID. . . . . . . . : 00-03-00-01-5A-AE-4C-61-2E-26
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-7D-10-53-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 10-F0-05-BF-26-37
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:10db:3f4f:89bc:c19e(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::10db:3f4f:89bc:c19e%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-27-F6-92-80-FA-5B-48-38-30
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{B32B367D-1158-4539-9593-12A4DE031B4B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2404:6800:4006:807::200e
  172.217.25.174
 
 
Pinging google.com [172.217.25.174] with 32 bytes of data:
Reply from 172.217.25.174: bytes=32 time=615ms TTL=56
Reply from 172.217.25.174: bytes=32 time=575ms TTL=56
 
Ping statistics for 172.217.25.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 575ms, Maximum = 615ms, Average = 595ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:2201::73
  2001:4998:c:e33::53
  2001:4998:44:204::100d
  206.190.39.42
  98.138.252.38
  98.139.180.180
 
 
Pinging yahoo.com [206.190.39.42] with 32 bytes of data:
Reply from 206.190.39.42: bytes=32 time=822ms TTL=49
Reply from 206.190.39.42: bytes=32 time=767ms TTL=49
 
Ping statistics for 206.190.39.42:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 767ms, Maximum = 822ms, Average = 794ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...80 fa 5b 48 38 30 ......Realtek PCIe GBE Family Controller
 19...10 f0 05 bf 26 34 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...5a ae 4c 61 2e 26 ......Intel® Dual Band Wireless-AC 3168
  7...00 ff 7d 10 53 58 ......Anchorfree HSS VPN Adapter
 11...10 f0 05 bf 26 37 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link     192.168.0.100    306
    192.168.0.100  255.255.255.255         On-link     192.168.0.100    306
    192.168.0.255  255.255.255.255         On-link     192.168.0.100    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.0.100    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.0.100    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  8    331 2001::/32                On-link
  8    331 2001:0:9d38:6abd:10db:3f4f:89bc:c19e/128
                                    On-link
 13    306 fe80::/64                On-link
  8    331 fe80::/64                On-link
  8    331 fe80::10db:3f4f:89bc:c19e/128
                                    On-link
 13    306 fe80::dc38:8ca3:5d4d:341b/128
                                    On-link
  1    331 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
  8    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: rdyboost4
 
Error: (01/16/2018 09:33:45 AM) (Source: PerfNet) (User: )
Description: 
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/16/2018 09:33:02 AM) (Source: SetupARService) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/16/2018 07:58:25 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
Error: (01/16/2018 07:58:23 AM) (Source: Perflib) (User: )
Description: rdyboost4
 
 
System errors:
=============
Error: (01/16/2018 09:35:02 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
%%2147500037 = Unspecified error
 
 
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/16/2018 09:33:01 AM) (Source: Service Control Manager) (User: )
Description: The HKClipSvc service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (01/16/2018 09:25:30 AM) (Source: DCOM) (User: ADMINRG-V5M64LG)
Description: {37998346-3765-45B1-8C66-AA88CA6B20B8}
 
Error: (01/16/2018 09:23:30 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
%%2147500037 = Unspecified error
 
 
Error: (01/16/2018 07:59:51 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
%%2147500037 = Unspecified error
 
 
Error: (01/16/2018 06:49:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/16/2018 06:48:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: rdyboost4
 
Error: (01/16/2018 09:33:45 AM) (Source: PerfNet)(User: )
Description: 
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
 
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/16/2018 09:33:02 AM) (Source: SetupARService)(User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/16/2018 07:58:25 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
 
Error: (01/16/2018 07:58:23 AM) (Source: Perflib)(User: )
Description: rdyboost4
 
 
CodeIntegrity Errors:
===================================
  Date: 2018-01-16 09:20:13.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-15 10:11:51.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2018-01-14 18:43:17.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2018-01-13 15:46:58.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2018-01-10 10:43:23.284
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2018-01-09 15:02:46.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2018-01-08 19:13:54.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-08 19:13:54.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-08 19:13:12.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-08 19:13:12.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.74 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Discord (HKCU\...\Discord) (Version: 0.0.300 - Discord Inc.)
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version:  - )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Europa Universalis IV Cradle of Civilization (HKLM-x32\...\Europa Universalis IV Cradle of Civilization_is1) (Version:  - )
Farming Simulator 17: Platinum Edition (HKLM-x32\...\Farming Simulator 17: Platinum Edition_is1) (Version: 1.5.3.1 - )
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.109.1.40 - Overwolf Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Spotify (HKCU\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 1.2.31 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris v.1.9 (HKLM-x32\...\Stellaris_is1) (Version:  - )
SunsetScreen  (HKLM\...\{155DF28A-39B0-4447-BA5F-4347AC6A3197}) (Version:  - Skytopia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.66 - Synaptics Incorporated)
Train Valley v1.1.7.2 (HKLM-x32\...\vsetop.com Train Valley v1.1.7.2_is1) (Version: 1.1.7.2 - VseTop.Com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
 
========================= Devices: ================================
 
Name: Insyde Airplane Mode HID Mini-Driver
Description: Insyde Airplane Mode HID Mini-Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Insyde
Service: AirplaneModeHid
Device ID: ACPI\PNPC000\1
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 37%
Total physical RAM: 8080.62 MB
Available physical RAM: 5062.93 MB
Total Virtual: 9360.62 MB
Available Virtual: 6239.13 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:28.74 GB) (Free:2.94 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:226.87 GB) (Free:58.7 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ADMINRG-V5M64LG
 
Administrator            DefaultAccount           defaultuser0             
Guest                    James                    
 
========================= Restore Points ==================================
 
 
**** End of log ****
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/16/18
Scan Time: 9:29 AM
Log File: 8c8d01ea-fa43-11e7-bf7f-80fa5b483830.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3702
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.351)
CPU: x64
File System: NTFS
User: ADMINRG-V5M64LG\James
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275993
Threats Detected: 123
Threats Quarantined: 123
Time Elapsed: 1 min, 13 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 7
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}, Quarantined, [39], [475864],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}, Quarantined, [39], [475864],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhjhnafpiilpffhglajcaepjbnbjemci, Quarantined, [612], [448286],1.0.3702
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hcadgijmedbfgciegjomfpjcdchlhnif, Quarantined, [612], [403165],1.0.3702
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ligncphnohhjkgekjkghahajihclailj, Quarantined, [10], [475758],1.0.3702
 
Registry Value: 4
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Quarantined, [612], [382913],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}|PATH, Quarantined, [39], [475863],1.0.3702
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 10
PUP.Optional.WinZipDriverUpdater, D:\PROGRAM FILES\WinZip Driver Updater, Quarantined, [233], [364824],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\eeocknbjpmfgaclencnfjfkklmmfmiie, Quarantined, [6656], [477969],1.0.3702
 
File: 102
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [448286],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [403165],1.0.3702
PUP.Optional.RussAd, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [10], [475758],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10.dll, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\apps, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css\options.css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css\popup.css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon128.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon19.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon38.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon48.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon_grey19.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon_grey38.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\background.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\content.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\options.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\popup.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata\computed_hashes.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata\verified_contents.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\background.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\manifest.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\options.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\popup.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\params, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\000003.ldb, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\000005.log, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\CURRENT, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOCK, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOG, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOG.old, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\MANIFEST-000001, Quarantined, [6656], [477969],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-17PDN.TMP\THEY-ARE-BILLIONS-V0_5_0_37_HUPWU7.EXE, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-3R9RD.TMP\6BAD4951, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5T9ME.TMP\72F96397, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-708OF.TMP\THEY-ARE-BILLIONS-V0_5_0_37_YEBPIJ.EXE, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-BV13C.TMP\2953A504, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-1LPGU.TMP\B31FA261, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-4LK1T.TMP\5ACCD69F, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HGSRG.TMP\CCBC8CC4, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5V4C2.TMP\95894B3B, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L55N3.TMP\FF6F3CD6, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8D1PJ.TMP\17254F79, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-O7PTF.TMP\620D0D27, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-BV13C.TMP\3FE0CD19, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-0C8QK.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BIT9A1E.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-F04KJ.TMP\36074068, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-2CMSJ.TMP\69182B3A, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HL5KU.TMP\2DAE8656, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5LQC5.TMP\1A2A01BC, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-6VV4O.TMP\96434119, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8NOHM.TMP\31AF0167, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-D897T.TMP\899D51E2, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-2CMSJ.TMP\70C20B7C, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-FPI6B.TMP\A1BFD52B, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5LQC5.TMP\219F7CB1, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L2RAP.TMP\3FBA3222, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-6VV4O.TMP\F7D65833, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-NTG1U.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-QD4RA.TMP\D30DEB6E, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\309717011.EXE, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITEB6F.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-17PDN.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8NOHM.TMP\5FD8B77A, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-ECS8V.TMP\12C64C81, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-FPI6B.TMP\A5C6EB6E, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-3R9RD.TMP\3ADFDDDC, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5T9ME.TMP\64EAFDDD, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L2RAP.TMP\C6C846A4, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-708OF.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITED15.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-ECS8V.TMP\4B904BDB, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-1LPGU.TMP\F268B3EA, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HGSRG.TMP\6568B296, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L55N3.TMP\683A0D04, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-4LK1T.TMP\D67382A9, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-O7PTF.TMP\331E203A, Quarantined, [146], [413261],1.0.3702
PUP.Optional.InstallCore, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\13159780937291118941.EXE, Quarantined, [2], [355708],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5V4C2.TMP\F059682C, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITAFAB.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\511031667.EXE, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BIT3E17.TMP, Quarantined, [146], [474039],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [612], [454830],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITEF84.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8D1PJ.TMP\7462593, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-D897T.TMP\57BFFB30, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-F04KJ.TMP\CE3B3646, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HL5KU.TMP\777402DD, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-QD4RA.TMP\2022D52B, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITE32B.TMP, Quarantined, [146], [474039],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [477962],1.0.3702
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
MBAR
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2018.01.15.11
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.321.14393.0
James :: ADMINRG-V5M64LG [administrator]
 
1/16/2018 9:57:38 AM
mbar-log-2018-01-16 (09-57-38).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 204551
Time elapsed: 8 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.321.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.808000 GHz
Memory total: 8473145344, free: 5100392448
 
Downloaded database version: v2018.01.15.11
Downloaded database version: v2017.11.28.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     01/16/2018 09:57:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\taphss6.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\HKKbdFltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\HKMouFltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\??\C:\Windows\system32\drivers\222F6181.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2018.01.15.11
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa80964ca2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa80964c86e20, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffa809639fee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d71d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d4400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3939882834
    GPT Header CurrentLba = 1 BackupLba 537234767
    GPT Header FirstUsableLba 34  LastUsableLba 537234734
    GPT Header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3939882834
    Backup GPT header CurrentLba = 537234767 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 537234734
    Backup GPT header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
    Backup GPT header Contains 128 partition entries starting at LBA 537234735
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ee43769c-a5bd-4a0e-b236-d58a71332d4
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 5e8d3e6c-7773-44a1-a97-655b49b5c98
    FirstLBA 923648  Last LBA 1128447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 6bc5263a-264d-4e8c-befb-52adb9f495b6
    FirstLBA 1128448  Last LBA 1161215
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b8e7ed03-68e9-4915-b14c-70a02f8ac94c
    FirstLBA 1161216  Last LBA 61442047
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b2a60a5e-6ae0-432e-9f86-1f16f299b1d
    FirstLBA 61442048  Last LBA 537233407
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 275064201216 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75ed56cf95fe6228472b5e57ac7a76b7\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\07b1b6bd89998a4a0d7675de87bcf070\UIAutomationProvider.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.7C" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.321.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.808000 GHz
Memory total: 8473145344, free: 5898498048
 
Downloaded database version: v2018.01.15.12
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     01/16/2018 10:37:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\taphss6.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\HKKbdFltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\HKMouFltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\3C4CD21D.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2018.01.15.12
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa80964ca2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa80964c86e20, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffa809639fee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d71d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d4400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3939882834
    GPT Header CurrentLba = 1 BackupLba 537234767
    GPT Header FirstUsableLba 34  LastUsableLba 537234734
    GPT Header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3939882834
    Backup GPT header CurrentLba = 537234767 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 537234734
    Backup GPT header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
    Backup GPT header Contains 128 partition entries starting at LBA 537234735
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ee43769c-a5bd-4a0e-b236-d58a71332d4
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 5e8d3e6c-7773-44a1-a97-655b49b5c98
    FirstLBA 923648  Last LBA 1128447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 6bc5263a-264d-4e8c-befb-52adb9f495b6
    FirstLBA 1128448  Last LBA 1161215
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b8e7ed03-68e9-4915-b14c-70a02f8ac94c
    FirstLBA 1161216  Last LBA 61442047
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b2a60a5e-6ae0-432e-9f86-1f16f299b1d
    FirstLBA 61442048  Last LBA 537233407
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 275064201216 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75ed56cf95fe6228472b5e57ac7a76b7\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\07b1b6bd89998a4a0d7675de87bcf070\UIAutomationProvider.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.7C" is compressed (flags = 1)
Scan finished
 
RKill
Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/16/2018 10:55:07 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/16/2018 10:55:33 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 15 January 2018 - 08:08 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#5 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 16 January 2018 - 12:20 AM

# AdwCleaner 7.0.6.0 - Logfile created on Mon Jan 08 22:07:02 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Поиск Mail.Ru - 
Plugin deleted: Домашняя страница Mail.Ru - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2994 B] - [2018/1/8 22:2:49]
C:/AdwCleaner/AdwCleaner[S0].txt - [3418 B] - [2018/1/8 22:2:26]
C:/AdwCleaner/AdwCleaner[S1].txt - [1325 B] - [2018/1/8 22:6:54]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
 
Sophos Free Virus Removal Tool
2018-01-16 04:01:23.378 Sophos Virus Removal Tool version 2.6.1
2018-01-16 04:01:23.378 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2018-01-16 04:01:23.378 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2018-01-16 04:01:23.378 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2018-01-16 04:01:23.378 Checking for updates...
2018-01-16 04:01:23.402 Update progress: proxy server not available
2018-01-16 04:01:31.408 Option all = no
2018-01-16 04:01:31.408 Option recurse = yes
2018-01-16 04:01:31.408 Option archive = no
2018-01-16 04:01:31.408 Option service = yes
2018-01-16 04:01:31.408 Option confirm = yes
2018-01-16 04:01:31.408 Option sxl = yes
2018-01-16 04:01:31.409 Option max-data-age = 35
2018-01-16 04:01:31.409 Option vdl-logging = yes
2018-01-16 04:01:31.420 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-01-16 04:01:31.420 Machine ID: b2e6a64b2ff844b48a0b04a531e676f3
2018-01-16 04:01:31.421 Component SVRTcli.exe version 2.6.1
2018-01-16 04:01:31.421 Component control.dll version 2.6.1
2018-01-16 04:01:31.421 Component SVRTservice.exe version 2.6.1
2018-01-16 04:01:31.422 Component engine\osdp.dll version 1.44.1.2286
2018-01-16 04:01:31.422 Component engine\veex.dll version 3.68.6.2286
2018-01-16 04:01:31.422 Component engine\savi.dll version 9.0.7.2286
2018-01-16 04:01:31.423 Component rkdisk.dll version 1.5.31.1
2018-01-16 04:01:31.423 Version info: Product version 2.6.1
2018-01-16 04:01:31.423 Version info: Detection engine 3.68.6
2018-01-16 04:01:31.423 Version info: Detection data 5.46
2018-01-16 04:01:31.423 Version info: Build date 11/28/2017
2018-01-16 04:01:31.423 Version info: Data files added 365
2018-01-16 04:01:31.423 Version info: Last successful update (not yet updated)
2018-01-16 04:03:03.326 Downloading updates...
2018-01-16 04:03:03.328 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-01-16 04:03:03.328 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-01-16 04:03:03.328 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-01-16 04:03:03.328 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-01-16 04:03:03.328 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2018-01-16 04:03:03.328 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-01-16 04:03:03.328 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-01-16 04:03:03.328 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2018-01-16 04:03:03.328 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2018-01-16 04:03:03.328 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2018-01-16 04:03:03.328 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2018-01-16 04:03:03.328 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2018-01-16 04:03:03.329 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2018-01-16 04:03:03.329 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2018-01-16 04:03:03.329 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2018-01-16 04:03:03.329 Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
2018-01-16 04:03:03.329 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
2018-01-16 04:03:03.329 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
2018-01-16 04:03:03.329 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-01-16 04:03:06.541 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-01-16 04:03:06.541 Update progress: [I19463] Product download size 178991033 bytes
2018-01-16 04:03:14.618 Update progress: [I19463] Syncing product IDE547 LATEST path=
2018-01-16 04:03:14.618 Update progress: [I19463] Product download size 4521286 bytes
2018-01-16 04:03:17.729 Update progress: [I19463] Syncing product IDE548 LATEST path=
2018-01-16 04:03:17.729 Update progress: [I19463] Product download size 3541768 bytes
2018-01-16 04:03:19.493 Update progress: [I19463] Syncing product IDE549 LATEST path=
2018-01-16 04:03:19.493 Update progress: [I19463] Product download size 645122 bytes
2018-01-16 04:03:19.785 Update progress: [I19463] Syncing product IDE550 LATEST path=
2018-01-16 04:03:19.835 Installing updates...
2018-01-16 04:03:20.439 Error level 1
2018-01-16 04:03:28.052 Update successful
2018-01-16 04:03:36.053 Option all = no
2018-01-16 04:03:36.053 Option recurse = yes
2018-01-16 04:03:36.053 Option archive = no
2018-01-16 04:03:36.053 Option service = yes
2018-01-16 04:03:36.054 Option confirm = yes
2018-01-16 04:03:36.054 Option sxl = yes
2018-01-16 04:03:36.054 Option max-data-age = 35
2018-01-16 04:03:36.055 Option vdl-logging = yes
2018-01-16 04:03:36.065 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-01-16 04:03:36.065 Machine ID: b2e6a64b2ff844b48a0b04a531e676f3
2018-01-16 04:03:36.066 Component SVRTcli.exe version 2.6.1
2018-01-16 04:03:36.066 Component control.dll version 2.6.1
2018-01-16 04:03:36.067 Component SVRTservice.exe version 2.6.1
2018-01-16 04:03:36.067 Component engine\osdp.dll version 1.44.1.2286
2018-01-16 04:03:36.067 Component engine\veex.dll version 3.68.6.2286
2018-01-16 04:03:36.067 Component engine\savi.dll version 9.0.7.2286
2018-01-16 04:03:36.068 Component rkdisk.dll version 1.5.31.1
2018-01-16 04:03:36.068 Version info: Product version 2.6.1
2018-01-16 04:03:36.068 Version info: Detection engine 3.68.6
2018-01-16 04:03:36.068 Version info: Detection data 5.46
2018-01-16 04:03:36.068 Version info: Build date 11/28/2017
2018-01-16 04:03:36.068 Version info: Data files added 365
2018-01-16 04:03:36.068 Version info: Last successful update 1/16/2018 3:03:28 PM
 
2018-01-16 04:18:42.141 Could not open C:\hiberfil.sys
2018-01-16 04:18:42.144 Could not open C:\pagefile.sys
2018-01-16 04:24:04.006 Could not open C:\swapfile.sys
2018-01-16 04:24:11.412 Could not open C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Current Session
2018-01-16 04:24:11.412 Could not open C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2018-01-16 04:30:31.876 Could not open C:\Windows\System32\config\BBI
2018-01-16 04:30:31.893 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-01-16 04:30:31.893 Could not open C:\Windows\System32\config\RegBack\SAM
2018-01-16 04:30:31.893 Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-01-16 04:30:31.893 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-01-16 04:30:31.893 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-01-16 05:07:22.458 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Train Valley v1.1.7.2\steam_api.dll
2018-01-16 05:15:02.628 The following items will be cleaned up:
2018-01-16 05:15:02.628 Mal/VMProtBad-A

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 16 January 2018 - 09:28 PM

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#7 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 16 January 2018 - 11:59 PM

my computer recently reopened the same command prompt, it doesn't seem to be clean


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 17 January 2018 - 08:34 PM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as Autoruns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif

Paste content of Autoruns.txt file into your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#9 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 19 January 2018 - 01:55 AM

i let the command prompt do its thing, and it has changed. it doesn't seem to be transferring stuff anymore, this is what i got.

 

https://ibb.co/bT33Db

 

here's the autorun txt

 

"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" "" "1/9/2018 9:05 AM" ""
+ "cmd.exe" "Windows Command Processor" "Microsoft Corporation" "c:\windows\system32\cmd.exe" "7/16/2016 1:23 PM" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/7/2018 8:44 PM" ""
+ "WindowsDefender" "Windows Defender notification icon" "Microsoft Corporation" "c:\program files\windows defender\msascuil.exe" "9/7/2016 3:50 PM" ""
+ "WinZip PreLoader" "WinZip Preloader" "WinZip Computing, S.L." "d:\program files\winzip\wzpreloader.exe" "4/19/2017 8:35 PM" ""
+ "WinZip UN" "WinZip Update Notifier" "WinZip" "d:\program files\winzip\wzupdatenotifier.exe" "3/29/2017 8:00 PM" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/19/2018 5:48 PM" ""
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "d:\program files\ccleaner\ccleaner64.exe" "9/8/2017 3:54 AM" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\james\appdata\local\microsoft\onedrive\onedrive.exe" "11/16/2017 2:54 PM" ""
+ "Overwolf" "Overwolf Launcher" "" "d:\program files (x86)\overwolf\overwolflauncher.exe" "11/8/2017 11:21 PM" ""
+ "Spotify" "Spotify" "Spotify Ltd" "c:\users\james\appdata\roaming\spotify\spotify.exe" "1/12/2018 6:06 AM" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\james\appdata\roaming\spotify\spotifywebhelper.exe" "1/12/2018 6:05 AM" ""
+ "Steam" "Steam Client Bootstrapper" "Valve Corporation" "d:\program files (x86)\steam\steam.exe" "12/16/2017 6:49 AM" ""
+ "SunsetScreen" "SunsetScreen" "Daniel White" "d:\program files (x86)\sunsetscreen\sunsetscreen.exe" "7/11/2017 5:44 AM" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/19/2017 2:06 PM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "d:\program files (x86)\google\chrome\application\63.0.3239.132\installer\chrmstp.exe" "1/3/2018 7:04 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/16/2016 1:25 PM" ""
+ "n/a" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "9/10/2017 7:11 AM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\61.0.3163.79\installer\chrmstp.exe" "9/4/2017 5:12 PM" ""
+ "Microsoft Windows" "" "" "File not found: D:\Program Files (x86)\Windows Mail\WinMail.exe" "" ""
+ "n/a" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\syswow64\rundll32.exe" "7/16/2016 12:40 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "8/17/2017 9:53 PM" ""
+ "TheDeskTopContextMenu Class" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxdtcm.dll" "7/25/2017 12:21 PM" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "1/16/2018 9:19 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbshlext.dll" "1/26/2017 8:37 AM" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "8/18/2017 8:27 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "8/17/2017 10:08 PM" ""
+ "igfxDTCM" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxdtcm.dll" "7/25/2017 12:21 PM" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "1/24/2017 4:24 AM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "1/16/2018 9:19 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbshlext.dll" "1/26/2017 8:37 AM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "8/18/2017 8:33 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"Task Scheduler" "" "" "" "" ""
+ "\AsiOYjUZQ" "" "" "c:\users\james\appdata\roaming\uyolufeh.bat" "7/16/2016 10:43 PM" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "d:\program files\ccleaner\ccleaner64.exe" "9/8/2017 3:54 AM" ""
+ "\Microsoft\Windows\Application Experience\StartupAppTask" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
X "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Autochk\Proxy" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 10:42 PM" ""
X "\Microsoft\Windows\SharedPC\Account Cleanup" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Sysmain\WsSwapAssessmentTask" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/16/2016 1:25 PM" ""
+ "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA Container" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA GeForce Experience" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia geforce experience\nvidia geforce experience.exe" "10/11/2017 11:51 AM" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "10/11/2017 10:22 AM" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "d:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "10/7/2017 1:50 AM" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "d:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "10/7/2017 1:50 AM" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "10/7/2017 1:45 AM" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "10/7/2017 1:45 AM" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "10/7/2017 1:45 AM" ""
+ "\OneDrive Standalone Update Task-S-1-5-21-1800461472-3305090830-341263356-1001" "Standalone Updater" "Microsoft Corporation" "c:\users\james\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe" "11/16/2017 2:53 PM" ""
+ "\OnQYyae" "" "" "c:\program files (x86)\common files\bzamuyliiaq.bat" "7/16/2016 10:43 PM" ""
+ "\Opera scheduled Autoupdate 1502965605" "" "" "File not found: D:\Program Files\Opera\launcher.exe" "" ""
+ "\WinZip Update Notifier" "WinZip Update Notifier" "WinZip" "d:\program files\winzip\wzupdatenotifier.exe" "3/29/2017 8:00 PM" ""
+ "\yeMGALiqfHLOZ" "Windows® installer" "Microsoft Corporation" "c:\users\james\appdata\local\vaxiitfsaeep.exe" "7/16/2016 12:38 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/19/2018 5:52 PM" ""
+ "cphs" "Intel® Content Protection HECI Service: Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\intelcphecisvc.exe" "3/14/2017 6:01 PM" ""
+ "cplspcon" "Intel® Content Protection HDCP Service: Intel® Content Protection HDCP Service - enables communication with Content Protection HDCP HW" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\intelcphdcpsvc.exe" "7/25/2017 12:47 PM" ""
+ "gupdate" "Google Update Service (gupdate): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "gupdatem" "Google Update Service (gupdatem): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "HKClipSvc" "HotKey Clipboard Service: " "" "File not found: C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe.exe" "" ""
+ "ibtsiva" "Intel Bluetooth Service: Intel® Wireless Bluetooth® iBtSiva Service" "Intel Corporation" "c:\windows\system32\ibtsiva.exe" "6/22/2017 7:09 AM" ""
+ "igfxCUIService2.0.0.0" "Intel® HD Graphics Control Panel Service: Service for Intel® HD Graphics Control Panel" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxcuiservice.exe" "7/25/2017 12:20 PM" ""
+ "Intel® Capability Licensing Service TCP IP Interface" "Intel® Capability Licensing Service TCP IP Interface: Version: 1.44.398.0" "Intel® Corporation" "d:\program files\intel\icls client\socketheciserver.exe" "10/14/2016 6:42 AM" ""
+ "Intel® Online Connect" "Intel® Online Connect: Intel® Online Connect" "Intel Corporation" "d:\program files\intel\intel® online connect\ioc.exe" "11/2/2016 11:15 AM" ""
+ "Intel® Online Connect Helper" "Intel® Online Connect Helper: Intel® Online Connect Helper" "Intel Corporation" "d:\program files\intel\intel® online connect\iochelperservice.exe" "11/2/2016 11:14 AM" ""
+ "Intel® Online Connect Software Asset Manager" "Intel® Online Connect Software Asset Manager: Intel® Online Connect Software Asset Manager helps you keep your system up-to-date." "Intel Corporation" "c:\program files (x86)\intel\intel® online connect access\intel® software asset manager\bin\intelsoftwareassetmanagerservice.exe" "7/2/2015 10:03 AM" ""
+ "Intel® TechnologyAccessLegacyCSLoader" "Intel® Online Connect Access Legacy CS Loader: Legacy Capability Servicer Loader for Intel® Online Connect Access" "Intel® Corporation" "d:\program files\intel\intel® online connect access\legacycsloaderservice.exe" "10/18/2016 1:59 PM" ""
+ "Intel® TechnologyAccessService" "Intel® Online Connect Access: Software that enables Intel® Online Connect Access" "Intel® Corporation" "d:\program files\intel\intel® online connect access\inteltechnologyaccessservice.exe" "10/18/2016 1:58 PM" ""
+ "jhi_service" "Intel® Dynamic Application Loader Host Interface Service: Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL" "Intel Corporation" "d:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe" "11/9/2016 4:38 AM" ""
+ "LMS" "Intel® Management and Security Application Local Management Service: Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality." "Intel Corporation" "d:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "11/9/2016 4:39 AM" ""
+ "MBAMService" "Malwarebytes Service: Malwarebytes Service" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbamservice.exe" "10/31/2017 2:31 AM" ""
+ "NvContainerLocalSystem" "NVIDIA LocalSystem Container: Container service for NVIDIA root features" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "NvContainerNetworkService" "NVIDIA NetworkService Container: Container service for NVIDIA network features" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "NVDisplay.ContainerLocalSystem" "NVIDIA Display Container LS: Container service for NVIDIA root features" "NVIDIA Corporation" "d:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe" "1/24/2017 3:33 AM" ""
+ "NvTelemetryContainer" "NVIDIA Telemetry Container: Container service for NVIDIA Telemetry" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe" "7/12/2017 5:12 PM" ""
+ "OverwolfUpdater" "Overwolf Updater Windows SCM: OverwolfUpdater" "Overwolf LTD" "d:\program files (x86)\overwolf\overwolfupdater.exe" "1/12/2018 6:14 PM" ""
+ "SetupARService" "SetupARService: SetupAfterRebootService" "" "c:\program files (x86)\realtek\audio\setupafterrebootservice.exe" "5/25/2012 4:13 PM" ""
+ "Steam Client Service" "Steam Client Service: Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "12/16/2017 6:48 AM" ""
+ "SynTPEnhService" "SynTPEnh Caller Service: 64-bit Synaptics Pointing Enhance Service" "Synaptics Incorporated" "d:\program files\synaptics\syntp\syntpenhservice.exe" "1/12/2017 1:18 AM" ""
+ "WdNisSvc" "Windows Defender Network Inspection Service: Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/16/2016 1:24 PM" ""
+ "WinDefend" "Windows Defender Service: Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/16/2016 1:27 PM" ""
+ "WMPNetworkSvc" "Windows Media Player Network Sharing Service: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/7/2016 3:41 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/19/2018 5:52 PM" ""
+ "3ware" "3ware: LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/19/2015 9:28 AM" ""
+ "ADP80XX" "ADP80XX: PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/10/2015 7:49 AM" ""
+ "AirplaneModeHid" "Insyde Airplane Mode HID Mini-Driver: Insyde Airplane Mode HID Mini-driver" "Insyde Corporation" "c:\windows\system32\drivers\airplanemodehid.sys" "7/14/2015 8:43 PM" ""
+ "amdsata" "amdsata: AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 11:14 PM" ""
+ "amdsbs" "amdsbs: AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "12/12/2012 8:21 AM" ""
+ "amdxata" "amdxata: Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "5/1/2015 11:55 AM" ""
+ "arcsas" "Adaptec SAS/SATA-II RAID Storport's Miniport Driver: Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/10/2015 6:12 AM" ""
+ "b06bdrv" "QLogic Network Adapter VBD: QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 6:03 PM" ""
+ "bcmfn" "bcmfn Service: BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 7:32 PM" ""
+ "bcmfn2" "bcmfn2 Service: BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 9:07 PM" ""
+ "cht4iscsi" "cht4iscsi: Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 8:54 PM" ""
+ "cht4vbd" "Chelsio Virtual Bus Driver: Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 6:32 PM" ""
+ "ebdrv" "QLogic 10 Gigabit Ethernet Adapter VBD: QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "5/25/2016 6:01 PM" ""
+ "ESProtectionDriver" "Malwarebytes Anti-Exploit: " "" "c:\windows\system32\drivers\mbae64.sys" "1/12/2017 4:08 AM" ""
+ "HKKbdFltr" "HotKey Keyboard Class Filter Service: HotKey Keyboard Class Filter Driver" "Insyde Software Corp." "c:\windows\system32\drivers\hkkbdfltr.sys" "7/22/2015 2:36 PM" ""
+ "HKMouFltr" "HotKey Mouse Class Filter Service: HotKey Mouse Class Filter Driver" "Insyde Software Corp." "c:\windows\system32\drivers\hkmoufltr.sys" "7/22/2015 2:36 PM" ""
+ "HpSAMD" "HpSAMD: Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/27/2013 8:36 AM" ""
+ "iagpio" "Intel Serial IO GPIO Controller Driver: Intel® Serial IO GPIO Controller Driver" "Intel® Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 6:35 PM" ""
+ "iai2c" "Intel® Serial IO I2C Host Controller: Intel® Serial IO I2C Driver" "Intel® Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 5:53 PM" ""
+ "iaLPSS2i_GPIO2" "Intel® Serial IO GPIO Driver v2: Intel® Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/3/2016 1:06 PM" ""
+ "iaLPSS2i_I2C" "Intel® Serial IO I2C Driver v2: Intel® Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/3/2016 1:06 PM" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver: Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 8:00 PM" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver: Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/25/2015 2:52 AM" ""
+ "iaStorAV" "Intel® SATA RAID Controller Windows: Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 11:08 PM" ""
+ "iaStorV" "Intel RAID Controller Windows 7: Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/12/2011 5:48 AM" ""
+ "ibbus" "Mellanox InfiniBand Bus/AL (Filter Driver): InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/11/2016 12:46 AM" ""
+ "ibtusb" "Intel® Wireless Bluetooth®: Intel® Wireless Bluetooth® Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtusb.sys" "6/22/2017 7:09 AM" ""
+ "igfx" "igfx: Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys" "7/25/2017 12:49 PM" ""
+ "IntcAzAudAddService" "Service for Realtek HD Audio (WDM): " "" "File not found: C:\Windows\system32\drivers\RTKVHD64.sys" "" ""
+ "IntcDAud" "Intel® Display Audio: Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "5/3/2017 1:07 AM" ""
+ "LSI_SAS" "LSI_SAS: LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/26/2015 6:36 AM" ""
+ "LSI_SAS2i" "LSI_SAS2i: LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/29/2016 5:49 AM" ""
+ "LSI_SAS3i" "LSI_SAS3i: Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/29/2016 5:49 AM" ""
+ "LSI_SSS" "LSI_SSS: LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/16/2013 10:39 AM" ""
+ "MBAMChameleon" "MBAMChameleon: Malwarebytes Anti-Malware Chameleon" "Malwarebytes" "c:\windows\system32\drivers\mbamchameleon.sys" "11/29/2017 3:17 PM" ""
+ "MBAMFarflt" "MBAMFarflt: Malwarebytes Anti-Ransomware" "Malwarebytes" "c:\windows\system32\drivers\farflt.sys" "9/6/2017 10:44 AM" ""
+ "MBAMProtection" "MBAMProtection: Malwarebytes Anti-Malware Real-Time Protection" "Malwarebytes" "c:\windows\system32\drivers\mbam.sys" "10/13/2017 2:23 AM" ""
+ "MBAMSwissArmy" "MBAMSwissArmy: Malwarebytes Anti-Malware Swiss Army" "Malwarebytes" "c:\windows\system32\drivers\mbamswissarmy.sys" "10/14/2017 5:58 AM" ""
+ "MBAMWebProtection" "MBAMWebProtection: Malwarebytes Web Protection" "Malwarebytes" "c:\windows\system32\drivers\mwac.sys" "9/8/2017 3:04 AM" ""
+ "MBfilt" "MBfilt: " "" "File not found: C:\Windows\system32\drivers\MBfilt64.sys" "" ""
+ "megasas" "megasas: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/5/2015 1:36 PM" ""
+ "megasas2i" "megasas2i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/23/2016 8:36 AM" ""
+ "megasr" "megasr: LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/4/2013 9:02 AM" ""
+ "MEIx64" "Intel® Management Engine Interface : Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverw8x64.sys" "9/16/2016 4:08 AM" ""
+ "mlx4_bus" "Mellanox ConnectX Bus Enumerator: MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/11/2016 12:49 AM" ""
+ "MpKsle419f589" "MpKsle419f589: KSLDriver" "Microsoft Corporation" "c:\programdata\microsoft\windows defender\definition updates\{11934f9a-d8a5-4199-82a0-fe3f23cc8199}\mpksle419f589.sys" "2/28/1989 12:54 PM" ""
+ "mvumis" "mvumis: Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/24/2014 7:39 AM" ""
+ "ndfltr" "NetworkDirect Service: NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/11/2016 12:46 AM" ""
+ "ndisrd" "Intel® Technology Access Filter Driver: Intel® Technology Access Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\ndisrfl.sys" "7/10/2015 4:06 AM" ""
+ "NetAdapterCx" "Network Adapter Wdf Class Extension Library: " "" "c:\windows\system32\drivers\netadaptercx.sys" "7/16/2016 1:28 PM" ""
+ "Netwtw04" "Intel® Wireless Adapter Driver for Windows 10 - 64 Bit: Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwtw04.sys" "7/3/2017 5:25 AM" ""
+ "nvlddmkm" "nvlddmkm: NVIDIA Windows Kernel Mode Driver, Version 376.74 " "NVIDIA Corporation" "c:\windows\system32\driverstore\filerepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys" "1/24/2017 3:49 AM" ""
+ "nvraid" "nvraid: NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/22/2014 5:28 AM" ""
+ "nvstor" "nvstor: NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/22/2014 5:34 AM" ""
+ "NvStreamKms" "NVIDIA KMS: Nvidia Streaming Kernel Service" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "9/26/2017 9:08 PM" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Device (Wave Extensible) (WDM): NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "9/19/2017 7:38 PM" ""
+ "nvvhci" "NVVHCI Enumerator Service: Virtual USB Host Controller driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvhci.sys" "12/28/2016 12:44 PM" ""
+ "percsas2i" "percsas2i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/15/2016 11:50 AM" ""
+ "percsas3i" "percsas3i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/5/2016 8:22 AM" ""
+ "rt640x64" "Realtek RT640 NT Driver: Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt640x64.sys" "7/14/2016 8:04 PM" ""
+ "RTSPER" "Realtek PCIE Card Reader - PER: RTS PCIE READER Driver" "Realsil Semiconductor Corporation" "c:\windows\system32\drivers\rtsper.sys" "8/4/2016 8:11 PM" ""
+ "SiSRaid2" "SiSRaid2: SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/25/2008 5:28 AM" ""
+ "SiSRaid4" "SiSRaid4: SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/2/2008 8:56 AM" ""
+ "SmbDrvI" "SmbDrvI: Synaptics SMBus Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\smb_driver_intel.sys" "1/11/2017 11:26 PM" ""
+ "stexstor" "stexstor: Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/27/2012 11:02 AM" ""
+ "SynTP" "Synaptics TouchPad HID Mini Driver: Synaptics Touchpad Win64 Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "1/11/2017 11:25 PM" ""
+ "taphss6" "Anchorfree HSS VPN Adapter: Anchorfree HSS VPN Adapter" "Anchorfree Inc." "c:\windows\system32\drivers\taphss6.sys" "4/1/2016 1:21 PM" ""
+ "vsmraid" "vsmraid: VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/23/2014 6:21 AM" ""
+ "VSTXRAID" "VIA StorX Storage RAID Controller Windows Driver: VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/22/2013 6:00 AM" ""
+ "WinMad" "WinMad Service: Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/11/2016 12:46 AM" ""
+ "WinVerbs" "WinVerbs Service: Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/11/2016 12:46 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "7/16/2016 10:49 PM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "7/16/2016 1:26 PM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/24/2017 8:15 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/16/2016 1:26 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/24/2017 8:15 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/16/2016 12:41 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/16/2016 12:42 PM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "8/18/2017 12:29 PM" ""
+ "C:\Program Files\Internet Explorer\iexplore.exe" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/16/2016 1:17 PM" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "7/16/2016 10:48 PM" ""
+ "_Wow64" "" "" "File not found: C:\Windows\SysWoW64\Wow64.dll" "" ""
+ "_Wow64cpu" "" "" "File not found: C:\Windows\SysWoW64\Wow64cpu.dll" "" ""
+ "_Wow64win" "" "" "File not found: C:\Windows\SysWoW64\Wow64win.dll" "" ""

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 19 January 2018 - 09:19 PM

Right click on Autoruns, click "Run As Administrator"

Scroll down to "Task Scheduler" section.

Right click on the following line:
+ "\AsiOYjUZQ" "" "" "c:\users\james\appdata\roaming\uyolufeh.bat" "7/16/2016 10:43 PM" ""
Click "Delete".

Restart computer.

Open Windows Explorer (File Manager)

Navigate to:
c:\users\james\appdata\roaming

and delete this file:
uyolufeh.bat

You should be fixed.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#11 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 22 January 2018 - 04:30 PM

i did what you said. and now it seems to be back, and now transferring again.

 

https://ibb.co/cERcuG


Edited by semaj231, 22 January 2018 - 04:30 PM.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 22 January 2018 - 08:28 PM

Give me fresh Autoruns log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#13 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 28 January 2018 - 03:00 PM

"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" "" "1/9/2018 9:05 AM" ""
+ "cmd.exe" "Windows Command Processor" "Microsoft Corporation" "c:\windows\system32\cmd.exe" "7/16/2016 1:23 PM" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/7/2018 8:44 PM" ""
+ "WindowsDefender" "Windows Defender notification icon" "Microsoft Corporation" "c:\program files\windows defender\msascuil.exe" "9/7/2016 3:50 PM" ""
+ "WinZip PreLoader" "WinZip Preloader" "WinZip Computing, S.L." "d:\program files\winzip\wzpreloader.exe" "4/19/2017 8:35 PM" ""
+ "WinZip UN" "WinZip Update Notifier" "WinZip" "d:\program files\winzip\wzupdatenotifier.exe" "3/29/2017 8:00 PM" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/22/2018 9:18 PM" ""
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "d:\program files\ccleaner\ccleaner64.exe" "9/8/2017 3:54 AM" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\james\appdata\local\microsoft\onedrive\onedrive.exe" "1/9/2018 7:00 AM" ""
+ "Overwolf" "Overwolf Launcher" "" "d:\program files (x86)\overwolf\overwolflauncher.exe" "11/8/2017 11:21 PM" ""
+ "Spotify" "Spotify" "Spotify Ltd" "c:\users\james\appdata\roaming\spotify\spotify.exe" "1/12/2018 6:06 AM" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\james\appdata\roaming\spotify\spotifywebhelper.exe" "1/12/2018 6:05 AM" ""
+ "Steam" "Steam Client Bootstrapper" "Valve Corporation" "d:\program files (x86)\steam\steam.exe" "12/16/2017 6:49 AM" ""
+ "SunsetScreen" "SunsetScreen" "Daniel White" "d:\program files (x86)\sunsetscreen\sunsetscreen.exe" "7/11/2017 5:44 AM" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/19/2017 2:06 PM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "d:\program files (x86)\google\chrome\application\64.0.3282.119\installer\chrmstp.exe" "1/24/2018 4:33 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/16/2016 1:25 PM" ""
+ "n/a" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "9/10/2017 7:11 AM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\61.0.3163.79\installer\chrmstp.exe" "9/4/2017 5:12 PM" ""
+ "Microsoft Windows" "" "" "File not found: D:\Program Files (x86)\Windows Mail\WinMail.exe" "" ""
+ "n/a" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\syswow64\rundll32.exe" "7/16/2016 12:40 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "8/17/2017 9:53 PM" ""
+ "TheDeskTopContextMenu Class" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxdtcm.dll" "7/25/2017 12:21 PM" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "1/16/2018 9:19 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbshlext.dll" "1/26/2017 8:37 AM" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2018 8:44 PM" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\windows defender\shellext.dll" "9/7/2016 3:50 PM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "8/18/2017 8:27 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "8/17/2017 10:08 PM" ""
+ "igfxDTCM" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxdtcm.dll" "7/25/2017 12:21 PM" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "1/24/2017 4:24 AM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "1/16/2018 9:19 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbshlext.dll" "1/26/2017 8:37 AM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "8/18/2017 8:33 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "d:\program files\winrar\rarext.dll" "8/12/2017 12:53 AM" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "d:\program files\winzip\wzshls64.dll" "4/19/2017 9:17 PM" ""
"Task Scheduler" "" "" "" "" ""
+ "\AsiOYjUZQ" "" "" "File not found: C:\Users\James\AppData\Roaming\UYOLUFEh.bat" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "d:\program files\ccleaner\ccleaner64.exe" "9/8/2017 3:54 AM" ""
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "\Intel PTT EK Recertification" "Intel®PTT EK Recertification Service" "Intel® Corporation" "d:\program files\intel\icls client\intelpttekrecertification.exe" "10/14/2016 6:42 AM" ""
+ "\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7" "IntelSoftwareAssetManagerService.exe" "Intel Corporation" "c:\program files (x86)\intel\intel® online connect access\intel® software asset manager\bin\intelsoftwareassetmanagerservice.exe" "7/2/2015 10:03 AM" ""
+ "\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon" "IntelSoftwareAssetManagerService.exe" "Intel Corporation" "c:\program files (x86)\intel\intel® online connect access\intel® software asset manager\bin\intelsoftwareassetmanagerservice.exe" "7/2/2015 10:03 AM" ""
+ "\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" "" "" "File not found: C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" "" ""
+ "\Microsoft\Windows\Application Experience\StartupAppTask" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
X "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Autochk\Proxy" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 10:42 PM" ""
X "\Microsoft\Windows\SharedPC\Account Cleanup" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Sysmain\WsSwapAssessmentTask" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/16/2016 1:23 PM" ""
+ "\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" "Windows host process (Rundll32)" "Microsoft Corporation" "c:\windows\system32\rundll32.exe" "7/16/2016 1:18 PM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/16/2016 1:25 PM" ""
+ "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA Container" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA GeForce Experience" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia geforce experience\nvidia geforce experience.exe" "10/11/2017 11:51 AM" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "10/11/2017 10:22 AM" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "d:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "10/7/2017 1:50 AM" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "d:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "10/7/2017 1:50 AM" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "10/7/2017 1:45 AM" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "10/7/2017 1:45 AM" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "10/7/2017 1:45 AM" ""
+ "\OneDrive Standalone Update Task-S-1-5-21-1800461472-3305090830-341263356-1001" "Standalone Updater" "Microsoft Corporation" "c:\users\james\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe" "1/9/2018 6:59 AM" ""
+ "\OnQYyae" "" "" "c:\program files (x86)\common files\bzamuyliiaq.bat" "7/16/2016 10:43 PM" ""
+ "\Opera scheduled Autoupdate 1502965605" "" "" "File not found: D:\Program Files\Opera\launcher.exe" "" ""
+ "\Overwolf Updater Task" "OverwolfUpdater" "Overwolf LTD" "d:\program files (x86)\overwolf\overwolfupdater.exe" "1/12/2018 6:14 PM" ""
+ "\WinZip Update Notifier" "WinZip Update Notifier" "WinZip" "d:\program files\winzip\wzupdatenotifier.exe" "3/29/2017 8:00 PM" ""
+ "\yeMGALiqfHLOZ" "Windows® installer" "Microsoft Corporation" "c:\users\james\appdata\local\vaxiitfsaeep.exe" "7/16/2016 12:38 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/29/2018 6:59 AM" ""
+ "cphs" "Intel® Content Protection HECI Service: Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\intelcphecisvc.exe" "3/14/2017 6:01 PM" ""
+ "cplspcon" "Intel® Content Protection HDCP Service: Intel® Content Protection HDCP Service - enables communication with Content Protection HDCP HW" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\intelcphdcpsvc.exe" "7/25/2017 12:47 PM" ""
+ "gupdate" "Google Update Service (gupdate): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "gupdatem" "Google Update Service (gupdatem): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "4/22/2017 12:31 PM" ""
+ "HKClipSvc" "HotKey Clipboard Service: " "" "File not found: C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe.exe" "" ""
+ "ibtsiva" "Intel Bluetooth Service: Intel® Wireless Bluetooth® iBtSiva Service" "Intel Corporation" "c:\windows\system32\ibtsiva.exe" "6/22/2017 7:09 AM" ""
+ "igfxCUIService2.0.0.0" "Intel® HD Graphics Control Panel Service: Service for Intel® HD Graphics Control Panel" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igfxcuiservice.exe" "7/25/2017 12:20 PM" ""
+ "Intel® Capability Licensing Service TCP IP Interface" "Intel® Capability Licensing Service TCP IP Interface: Version: 1.44.398.0" "Intel® Corporation" "d:\program files\intel\icls client\socketheciserver.exe" "10/14/2016 6:42 AM" ""
+ "Intel® Online Connect" "Intel® Online Connect: Intel® Online Connect" "Intel Corporation" "d:\program files\intel\intel® online connect\ioc.exe" "11/2/2016 11:15 AM" ""
+ "Intel® Online Connect Helper" "Intel® Online Connect Helper: Intel® Online Connect Helper" "Intel Corporation" "d:\program files\intel\intel® online connect\iochelperservice.exe" "11/2/2016 11:14 AM" ""
+ "Intel® Online Connect Software Asset Manager" "Intel® Online Connect Software Asset Manager: Intel® Online Connect Software Asset Manager helps you keep your system up-to-date." "Intel Corporation" "c:\program files (x86)\intel\intel® online connect access\intel® software asset manager\bin\intelsoftwareassetmanagerservice.exe" "7/2/2015 10:03 AM" ""
+ "Intel® TechnologyAccessLegacyCSLoader" "Intel® Online Connect Access Legacy CS Loader: Legacy Capability Servicer Loader for Intel® Online Connect Access" "Intel® Corporation" "d:\program files\intel\intel® online connect access\legacycsloaderservice.exe" "10/18/2016 1:59 PM" ""
+ "Intel® TechnologyAccessService" "Intel® Online Connect Access: Software that enables Intel® Online Connect Access" "Intel® Corporation" "d:\program files\intel\intel® online connect access\inteltechnologyaccessservice.exe" "10/18/2016 1:58 PM" ""
+ "jhi_service" "Intel® Dynamic Application Loader Host Interface Service: Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL" "Intel Corporation" "d:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe" "11/9/2016 4:38 AM" ""
+ "LMS" "Intel® Management and Security Application Local Management Service: Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality." "Intel Corporation" "d:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "11/9/2016 4:39 AM" ""
+ "MBAMService" "Malwarebytes Service: Malwarebytes Service" "Malwarebytes" "d:\program files\malwarebytes\anti-malware\mbamservice.exe" "10/31/2017 2:31 AM" ""
+ "NvContainerLocalSystem" "NVIDIA LocalSystem Container: Container service for NVIDIA root features" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "NvContainerNetworkService" "NVIDIA NetworkService Container: Container service for NVIDIA network features" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "9/15/2017 10:27 AM" ""
+ "NVDisplay.ContainerLocalSystem" "NVIDIA Display Container LS: Container service for NVIDIA root features" "NVIDIA Corporation" "d:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe" "1/24/2017 3:33 AM" ""
+ "NvTelemetryContainer" "NVIDIA Telemetry Container: Container service for NVIDIA Telemetry" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe" "7/12/2017 5:12 PM" ""
+ "OverwolfUpdater" "Overwolf Updater Windows SCM: OverwolfUpdater" "Overwolf LTD" "d:\program files (x86)\overwolf\overwolfupdater.exe" "1/12/2018 6:14 PM" ""
+ "SetupARService" "SetupARService: SetupAfterRebootService" "" "c:\program files (x86)\realtek\audio\setupafterrebootservice.exe" "5/25/2012 4:13 PM" ""
+ "Steam Client Service" "Steam Client Service: Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "12/16/2017 6:48 AM" ""
+ "SynTPEnhService" "SynTPEnh Caller Service: 64-bit Synaptics Pointing Enhance Service" "Synaptics Incorporated" "d:\program files\synaptics\syntp\syntpenhservice.exe" "1/12/2017 1:18 AM" ""
+ "WdNisSvc" "Windows Defender Network Inspection Service: Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/16/2016 1:24 PM" ""
+ "WinDefend" "Windows Defender Service: Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/16/2016 1:27 PM" ""
+ "WMPNetworkSvc" "Windows Media Player Network Sharing Service: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/7/2016 3:41 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/29/2018 6:59 AM" ""
+ "3ware" "3ware: LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/19/2015 9:28 AM" ""
+ "ADP80XX" "ADP80XX: PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/10/2015 7:49 AM" ""
+ "AirplaneModeHid" "Insyde Airplane Mode HID Mini-Driver: Insyde Airplane Mode HID Mini-driver" "Insyde Corporation" "c:\windows\system32\drivers\airplanemodehid.sys" "7/14/2015 8:43 PM" ""
+ "amdsata" "amdsata: AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 11:14 PM" ""
+ "amdsbs" "amdsbs: AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "12/12/2012 8:21 AM" ""
+ "amdxata" "amdxata: Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "5/1/2015 11:55 AM" ""
+ "arcsas" "Adaptec SAS/SATA-II RAID Storport's Miniport Driver: Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/10/2015 6:12 AM" ""
+ "b06bdrv" "QLogic Network Adapter VBD: QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 6:03 PM" ""
+ "bcmfn" "bcmfn Service: BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 7:32 PM" ""
+ "bcmfn2" "bcmfn2 Service: BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 9:07 PM" ""
+ "cht4iscsi" "cht4iscsi: Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 8:54 PM" ""
+ "cht4vbd" "Chelsio Virtual Bus Driver: Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 6:32 PM" ""
+ "ebdrv" "QLogic 10 Gigabit Ethernet Adapter VBD: QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "5/25/2016 6:01 PM" ""
+ "ESProtectionDriver" "Malwarebytes Anti-Exploit: " "" "c:\windows\system32\drivers\mbae64.sys" "1/12/2017 4:08 AM" ""
+ "HKKbdFltr" "HotKey Keyboard Class Filter Service: HotKey Keyboard Class Filter Driver" "Insyde Software Corp." "c:\windows\system32\drivers\hkkbdfltr.sys" "7/22/2015 2:36 PM" ""
+ "HKMouFltr" "HotKey Mouse Class Filter Service: HotKey Mouse Class Filter Driver" "Insyde Software Corp." "c:\windows\system32\drivers\hkmoufltr.sys" "7/22/2015 2:36 PM" ""
+ "HpSAMD" "HpSAMD: Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/27/2013 8:36 AM" ""
+ "iagpio" "Intel Serial IO GPIO Controller Driver: Intel® Serial IO GPIO Controller Driver" "Intel® Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 6:35 PM" ""
+ "iai2c" "Intel® Serial IO I2C Host Controller: Intel® Serial IO I2C Driver" "Intel® Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 5:53 PM" ""
+ "iaLPSS2i_GPIO2" "Intel® Serial IO GPIO Driver v2: Intel® Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/3/2016 1:06 PM" ""
+ "iaLPSS2i_I2C" "Intel® Serial IO I2C Driver v2: Intel® Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/3/2016 1:06 PM" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver: Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 8:00 PM" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver: Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/25/2015 2:52 AM" ""
+ "iaStorAV" "Intel® SATA RAID Controller Windows: Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 11:08 PM" ""
+ "iaStorV" "Intel RAID Controller Windows 7: Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/12/2011 5:48 AM" ""
+ "ibbus" "Mellanox InfiniBand Bus/AL (Filter Driver): InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/11/2016 12:46 AM" ""
+ "ibtusb" "Intel® Wireless Bluetooth®: Intel® Wireless Bluetooth® Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtusb.sys" "6/22/2017 7:09 AM" ""
+ "igfx" "igfx: Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys" "7/25/2017 12:49 PM" ""
+ "IntcAzAudAddService" "Service for Realtek HD Audio (WDM): " "" "File not found: C:\Windows\system32\drivers\RTKVHD64.sys" "" ""
+ "IntcDAud" "Intel® Display Audio: Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "5/3/2017 1:07 AM" ""
+ "LSI_SAS" "LSI_SAS: LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/26/2015 6:36 AM" ""
+ "LSI_SAS2i" "LSI_SAS2i: LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/29/2016 5:49 AM" ""
+ "LSI_SAS3i" "LSI_SAS3i: Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/29/2016 5:49 AM" ""
+ "LSI_SSS" "LSI_SSS: LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/16/2013 10:39 AM" ""
+ "MBAMChameleon" "MBAMChameleon: Malwarebytes Anti-Malware Chameleon" "Malwarebytes" "c:\windows\system32\drivers\mbamchameleon.sys" "11/29/2017 3:17 PM" ""
+ "MBAMFarflt" "MBAMFarflt: Malwarebytes Anti-Ransomware" "Malwarebytes" "c:\windows\system32\drivers\farflt.sys" "9/6/2017 10:44 AM" ""
+ "MBAMProtection" "MBAMProtection: Malwarebytes Anti-Malware Real-Time Protection" "Malwarebytes" "c:\windows\system32\drivers\mbam.sys" "10/13/2017 2:23 AM" ""
+ "MBAMSwissArmy" "MBAMSwissArmy: Malwarebytes Anti-Malware Swiss Army" "Malwarebytes" "c:\windows\system32\drivers\mbamswissarmy.sys" "10/14/2017 5:58 AM" ""
+ "MBAMWebProtection" "MBAMWebProtection: Malwarebytes Web Protection" "Malwarebytes" "c:\windows\system32\drivers\mwac.sys" "9/8/2017 3:04 AM" ""
+ "MBfilt" "MBfilt: " "" "File not found: C:\Windows\system32\drivers\MBfilt64.sys" "" ""
+ "megasas" "megasas: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/5/2015 1:36 PM" ""
+ "megasas2i" "megasas2i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/23/2016 8:36 AM" ""
+ "megasr" "megasr: LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/4/2013 9:02 AM" ""
+ "MEIx64" "Intel® Management Engine Interface : Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverw8x64.sys" "9/16/2016 4:08 AM" ""
+ "mlx4_bus" "Mellanox ConnectX Bus Enumerator: MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/11/2016 12:49 AM" ""
+ "MpKslfde563c5" "MpKslfde563c5: KSLDriver" "Microsoft Corporation" "c:\programdata\microsoft\windows defender\definition updates\{6a6bb2bf-aa94-46ca-a6aa-8aa3de034026}\mpkslfde563c5.sys" "2/28/1989 12:54 PM" ""
+ "mvumis" "mvumis: Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/24/2014 7:39 AM" ""
+ "ndfltr" "NetworkDirect Service: NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/11/2016 12:46 AM" ""
+ "ndisrd" "Intel® Technology Access Filter Driver: Intel® Technology Access Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\ndisrfl.sys" "7/10/2015 4:06 AM" ""
+ "NetAdapterCx" "Network Adapter Wdf Class Extension Library: " "" "c:\windows\system32\drivers\netadaptercx.sys" "7/16/2016 1:28 PM" ""
+ "Netwtw04" "Intel® Wireless Adapter Driver for Windows 10 - 64 Bit: Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwtw04.sys" "7/3/2017 5:25 AM" ""
+ "nvlddmkm" "nvlddmkm: NVIDIA Windows Kernel Mode Driver, Version 376.74 " "NVIDIA Corporation" "c:\windows\system32\driverstore\filerepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys" "1/24/2017 3:49 AM" ""
+ "nvraid" "nvraid: NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/22/2014 5:28 AM" ""
+ "nvstor" "nvstor: NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/22/2014 5:34 AM" ""
+ "NvStreamKms" "NVIDIA KMS: Nvidia Streaming Kernel Service" "NVIDIA Corporation" "d:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "9/26/2017 9:08 PM" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Device (Wave Extensible) (WDM): NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "9/19/2017 7:38 PM" ""
+ "nvvhci" "NVVHCI Enumerator Service: Virtual USB Host Controller driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvhci.sys" "12/28/2016 12:44 PM" ""
+ "percsas2i" "percsas2i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/15/2016 11:50 AM" ""
+ "percsas3i" "percsas3i: MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/5/2016 8:22 AM" ""
+ "rt640x64" "Realtek RT640 NT Driver: Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt640x64.sys" "7/14/2016 8:04 PM" ""
+ "RTSPER" "Realtek PCIE Card Reader - PER: RTS PCIE READER Driver" "Realsil Semiconductor Corporation" "c:\windows\system32\drivers\rtsper.sys" "8/4/2016 8:11 PM" ""
+ "SiSRaid2" "SiSRaid2: SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/25/2008 5:28 AM" ""
+ "SiSRaid4" "SiSRaid4: SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/2/2008 8:56 AM" ""
+ "SmbDrvI" "SmbDrvI: Synaptics SMBus Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\smb_driver_intel.sys" "1/11/2017 11:26 PM" ""
+ "stexstor" "stexstor: Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/27/2012 11:02 AM" ""
+ "SynTP" "Synaptics TouchPad HID Mini Driver: Synaptics Touchpad Win64 Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "1/11/2017 11:25 PM" ""
+ "taphss6" "Anchorfree HSS VPN Adapter: Anchorfree HSS VPN Adapter" "Anchorfree Inc." "c:\windows\system32\drivers\taphss6.sys" "4/1/2016 1:21 PM" ""
+ "vsmraid" "vsmraid: VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/23/2014 6:21 AM" ""
+ "VSTXRAID" "VIA StorX Storage RAID Controller Windows Driver: VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/22/2013 6:00 AM" ""
+ "WinMad" "WinMad Service: Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/11/2016 12:46 AM" ""
+ "WinVerbs" "WinVerbs Service: Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/11/2016 12:46 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "7/16/2016 10:49 PM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "7/16/2016 1:26 PM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/24/2017 8:15 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/16/2016 1:26 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/24/2017 8:15 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/16/2016 12:41 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/16/2016 12:42 PM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "8/18/2017 12:29 PM" ""
+ "C:\Program Files\Internet Explorer\iexplore.exe" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/16/2016 1:17 PM" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "7/16/2016 10:48 PM" ""
+ "_Wow64" "" "" "File not found: C:\Windows\SysWoW64\Wow64.dll" "" ""
+ "_Wow64cpu" "" "" "File not found: C:\Windows\SysWoW64\Wow64cpu.dll" "" ""
+ "_Wow64win" "" "" "File not found: C:\Windows\SysWoW64\Wow64win.dll" "" ""

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:27 PM

Posted 28 January 2018 - 07:26 PM

Now that .bat file is gone so repeat the process...

 

Right click on Autoruns, click "Run As Administrator"

Scroll down to "Task Scheduler" section.

Right click on the following line:
+ "\AsiOYjUZQ" "" "" "c:\users\james\appdata\roaming\uyolufeh.bat" "7/16/2016 10:43 PM" ""
Click "Delete".

Restart computer.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 

#15 semaj231

semaj231
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:05:27 PM

Posted 30 January 2018 - 04:46 AM

i have done what you said a couple of times, but the command prompt keeps opening and then the "\AsiOYjUZQ"  reappears in autoruns

 

im gonna donate you some money if you fix it, i appreciate the help


Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·