Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE Detected Trojan:Win32/Bitrep.A and Trojan:Win32/Cloxer.D!cl


  • This topic is locked This topic is locked
20 replies to this topic

#1 Amnesia98

Amnesia98

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 15 May 2018 - 09:27 PM

(This is my original, slightly edited post from a different topic).

My computer has been slowing down, Google Chrome is running slower than it should be, whenever I play Sims 3 the game freezes and shuts down.  I have a Windows 7 Home Premium operating system, it is 64-bit, and a Dell Latitude E6400.

 

Attached File  system info.PNG   27.03KB   0 downloads 

 

I found the information on your website on what to do for a Trojan virus, so I downloaded Rkill. Except every time I try to start it Rkill says "Appdata can not be found, Rkill terminated" (or something very similar), and a windows popup error says "There was a problem retrieving the necessary environment variable; appdata. Rkill has terminated!" And then it shuts off. I also tried Rkill unsigned version, but every time I even try installing it my Microsoft Security Essentials has a popup saying "security threats are being cleaned, no action needed." So I go into Microsoft Security Essentials and I look in the history of detected items and see this "Trojan:WIn32/Bitrep.A" under the detected item and I remove it every time.

 

Attached File  TrojanWin32Bitrep.PNG   5.02KB   0 downloads

 

I also Have Malwarebytes: Anti-Malware installed, and it never picked this up on the last scan it did.

I also recently installed, used, and then uninstalled Iobit's Advanced System Care and Driver Booster 5. My computer was slowing down and I had heard good things about these programs and so I tried them out and they seemed to work. Then I researched them out of curiosity and found very mixed reviews on these programs, so I uninstalled them. And after that my computer has been worse off than it was before.

I don't know what to do, anything that can help me fix me computer would be amazing. I have online college classes that start next week, so a better performing computer would be amazing.

 

I ran a Malwarebytes Anti-Malware scan and it detected nothing. But while I was running it, the Microsoft Security Essentials popup said "threats are being cleaned, no actions needed." I look at the detection history and see "Trojan:Win32/Cloxer.D!cl"

 

Attached File  TrojanWin32Clorex.PNG   16.59KB   0 downloads

 

I don't know what's going on with my computer, so any help is greatly appreciated. I honestly have no idea how to fix this.

--------------------------------------------------------------------------------------------------------------------------------------

 

After I posted this original post, I got a reply from a Global Moderator that said I should follow the steps included in your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." I followed the steps and I will put the requested FRST and Addition files down below.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018

Ran by user (administrator) on USER1-PC (15-05-2018 20:14:31)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dfrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2018-04-26] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61531;https=127.0.0.1:61531
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{633FBA80-74AA-4460-A350-0C3FECCD640C}: [DhcpNameServer] 192.168.0.1 205.171.203.226
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-08-22] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-22] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-08-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-08-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-28] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-22] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-22] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-22] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-22] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 6thxufo4.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6thxufo4.default [2018-05-02]
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6thxufo4.default\user.js [2018-04-30]
FF Homepage: Mozilla\Firefox\Profiles\6thxufo4.default -> hxxp://www.noaa.gov/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4061542135-915913118-1211114386-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-05-02]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-02]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-02]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-10] (Microsoft Corporation)
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2018-04-26] (Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42496 2018-04-26] (Broadcom Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [259584 2018-04-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-26] (REALiX™)
S3 IFXTPM; C:\Windows\system32\drivers\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10629408 2012-11-14] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-05-15] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-05-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-05-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-05-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-05-15] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl66e27053; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF669071-A971-40F3-A4B3-E830D89BD066}\MpKsl66e27053.sys [58120 2018-05-15] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2018-04-26] (Synaptics Incorporated)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-18] (CyberLink Corp.)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-15 20:14 - 2018-05-15 20:18 - 000016309 _____ C:\Users\user\Downloads\FRST.txt
2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\FRST
2018-05-15 20:13 - 2018-05-15 20:13 - 002404864 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2018-05-15 20:00 - 2018-05-15 20:00 - 000000000 ____D C:\Users\user\Documents\memtest86-usb
2018-05-15 20:00 - 2018-05-15 20:00 - 000000000 ____D C:\Users\user\Documents\cpu-z_1.85-en
2018-05-15 19:57 - 2018-05-15 19:58 - 008224188 _____ C:\Users\user\Downloads\memtest86-usb.zip
2018-05-15 19:56 - 2018-05-15 19:56 - 002816216 _____ C:\Users\user\Downloads\cpu-z_1.85-en.zip
2018-05-15 19:01 - 2018-05-15 19:02 - 000069662 _____ C:\Users\user\Downloads\PageDefrag.zip
2018-05-15 17:09 - 2018-05-15 17:14 - 000178782 _____ C:\Windows\ntbtlog.txt
2018-05-15 16:26 - 2018-05-15 16:26 - 000000000 ____D C:\Users\user\AppData\Local\VS Revo Group
2018-05-15 16:25 - 2018-05-15 16:25 - 000001095 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-05-15 16:25 - 2018-05-15 16:25 - 000000000 ____D C:\ProgramData\VS Revo Group
2018-05-15 16:25 - 2018-05-15 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-05-15 16:25 - 2018-05-15 16:25 - 000000000 ____D C:\Program Files\VS Revo Group
2018-05-15 16:25 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2018-05-15 16:24 - 2018-05-15 16:25 - 012229768 _____ (VS Revo Group ) C:\Users\user\Downloads\RevoUninProSetup.exe
2018-05-15 13:36 - 2018-05-15 18:35 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-15 13:36 - 2018-05-15 17:20 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-15 13:36 - 2018-05-15 17:20 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-15 13:36 - 2018-05-15 17:09 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-15 12:38 - 2018-05-15 12:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-05-15 12:37 - 2018-05-15 12:38 - 000000000 ____D C:\Users\user\Desktop\mbar
2018-05-15 12:26 - 2018-05-15 13:01 - 000000002 _____ C:\Users\user\Desktop\Rkill.txt
2018-05-14 22:30 - 2018-05-14 22:30 - 000074703 _____ C:\Windows\SysWOW64mfc45.dll
2018-05-13 18:32 - 2018-05-15 17:20 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-10 14:06 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-10 14:06 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-10 14:05 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-10 14:05 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-10 14:05 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-10 14:05 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-10 14:05 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-10 14:05 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-10 14:05 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-10 14:05 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-10 14:05 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-10 14:05 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-10 14:05 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-10 14:05 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-10 14:05 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-10 14:05 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-10 14:05 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-10 14:05 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-10 14:05 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-10 14:05 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-10 14:05 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-10 14:05 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-10 14:05 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-10 14:05 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-10 14:05 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-10 14:05 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-10 14:05 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-10 14:05 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-10 14:05 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-10 14:05 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-10 14:05 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-10 14:05 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-10 14:05 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-10 14:05 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-10 14:05 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-10 14:05 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-10 14:05 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-10 14:05 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-10 14:05 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-10 14:05 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-10 14:05 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-10 14:05 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-10 14:05 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-10 14:05 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-10 14:05 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-10 14:05 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-10 14:05 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-10 14:05 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-10 14:05 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-10 14:05 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-10 14:05 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-10 14:05 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-10 14:05 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-10 14:05 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-10 14:05 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-10 14:05 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-10 14:05 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-10 14:05 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-10 14:05 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-10 14:05 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-10 14:05 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-10 14:05 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-10 14:05 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-10 14:05 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-10 14:05 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-10 14:05 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-10 14:05 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-10 14:05 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-10 14:05 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-10 14:05 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-10 14:05 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-10 14:05 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-10 14:05 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-10 14:05 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-10 14:05 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-10 14:05 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-10 14:05 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-10 14:05 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-10 14:05 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-10 14:05 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-10 14:05 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-10 14:05 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-10 14:05 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-10 14:05 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-10 14:05 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-10 14:05 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-10 14:05 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-10 14:05 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-10 14:05 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-10 14:05 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-10 14:05 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-10 14:05 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-10 14:05 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-10 14:05 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-10 14:05 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-10 14:05 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-10 14:05 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-10 14:05 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-10 14:05 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-10 14:05 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-10 14:05 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-10 14:05 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-10 14:05 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-10 14:05 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-10 14:05 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-10 14:05 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-10 14:05 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-10 14:05 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-10 14:05 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-10 14:05 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-10 14:05 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-10 14:05 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-10 14:05 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-10 14:05 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-10 14:05 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-10 14:05 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-10 14:05 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-10 14:05 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-10 14:05 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-10 14:05 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-10 14:04 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-10 14:04 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-10 13:31 - 2018-05-10 13:31 - 000127680 _____ C:\Users\user\Documents\View Unofficial Transcript.pdf
2018-05-09 18:39 - 2018-05-09 18:39 - 000000000 ____D C:\iolo
2018-05-09 18:27 - 2018-05-09 18:27 - 000000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2018-05-09 18:03 - 2018-05-09 18:03 - 000000000 ____D C:\Users\user\AppData\Roaming\iolo
2018-05-04 23:30 - 2018-05-04 23:30 - 000127786 _____ C:\Users\user\Downloads\Unofficial Transcript.pdf
2018-05-04 23:02 - 2018-05-04 23:13 - 001869028 _____ C:\Users\user\Downloads\Raper. Hurricanes.pptx
2018-04-30 23:17 - 2018-04-30 23:17 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-04-30 23:17 - 2018-04-30 23:17 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-04-30 23:17 - 2018-04-30 23:17 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-04-30 23:17 - 2018-04-30 23:17 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-30 23:17 - 2018-04-30 23:17 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-30 18:04 - 2018-04-30 18:04 - 124411904 _____ C:\Windows\system32\config\software.iobit
2018-04-30 18:04 - 2018-04-30 18:04 - 052695040 _____ C:\Windows\system32\config\components.iobit
2018-04-30 18:04 - 2018-04-30 18:04 - 009129984 _____ C:\Windows\system32\config\default.iobit
2018-04-30 18:04 - 2018-04-30 18:04 - 000061440 _____ C:\Windows\system32\config\sam.iobit
2018-04-30 18:04 - 2018-04-30 18:04 - 000024576 _____ C:\Windows\system32\config\security.iobit
2018-04-28 16:59 - 2018-04-28 16:59 - 000000000 ____D C:\Users\user\AppData\LocalLow\PCDr
2018-04-28 16:58 - 2018-05-14 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-28 16:58 - 2018-04-29 14:13 - 000000000 ____D C:\ProgramData\PCDr
2018-04-28 16:51 - 2018-04-28 17:08 - 000000000 ____D C:\temp
2018-04-28 16:48 - 2018-05-14 22:58 - 000000000 ____D C:\Program Files\Dell
2018-04-28 16:48 - 2018-05-02 23:10 - 000000000 ____D C:\ProgramData\SupportAssist
2018-04-28 16:48 - 2018-04-28 16:48 - 000000000 ____D C:\ProgramData\Dell Inc
2018-04-28 15:46 - 2018-04-28 15:46 - 000003130 _____ C:\Windows\System32\Tasks\{D2EFF0D0-B64B-4B8A-BC5F-56BBD36FD6C2}
2018-04-28 15:44 - 2018-04-28 15:44 - 001881544 _____ (Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u171.exe
2018-04-26 22:38 - 2018-05-15 17:19 - 000023428 _____ C:\Windows\system32\CVFirmwareUpgradeLog.txt
2018-04-26 22:38 - 2018-04-26 22:38 - 000000000 ____D C:\ProgramData\Broadcom
2018-04-26 22:37 - 2018-04-26 22:37 - 000583296 _____ (Broadcom Corporation) C:\Windows\system32\bipdll.dll
2018-04-26 22:37 - 2018-04-26 22:37 - 000471040 _____ (Broadcom) C:\Windows\system32\cvproppage.dll
2018-04-26 22:37 - 2018-04-26 22:37 - 000060512 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2018-04-26 22:37 - 2018-04-26 22:37 - 000000000 ____D C:\Program Files\Broadcom
2018-04-26 22:36 - 2016-11-14 05:09 - 007513855 _____ C:\Windows\system32\nvcoproc.bin
2018-04-26 22:33 - 2018-04-26 22:33 - 031523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 017559384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 013915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 013826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 012905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-04-26 22:33 - 2018-04-26 22:33 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 004253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 001908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 001557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 000951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 000909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-04-26 22:33 - 2018-04-26 22:33 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-04-26 22:32 - 2018-04-26 22:33 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-04-26 22:32 - 2018-04-26 22:32 - 023000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-04-26 22:32 - 2018-04-26 22:32 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-04-26 21:46 - 2018-04-26 21:46 - 000000000 ____D C:\Program Files\Apoint2K
2018-04-26 21:45 - 2018-04-26 21:45 - 000497968 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2018-04-26 21:45 - 2018-04-26 21:45 - 000116056 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2018-04-26 21:42 - 2018-04-26 21:42 - 000290008 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y62x64.sys
2018-04-26 21:42 - 2018-04-26 21:42 - 000078016 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
2018-04-26 21:39 - 2018-04-26 21:39 - 001466880 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2018-04-26 21:39 - 2018-04-26 21:39 - 000646656 _____ (IDT, Inc.) C:\Windows\system32\stapi64.dll
2018-04-26 21:39 - 2018-04-26 21:39 - 000515584 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2018-04-26 21:39 - 2018-04-26 21:39 - 000431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2018-04-26 21:39 - 2018-04-26 21:39 - 000209920 _____ (IDT, Inc.) C:\Windows\system32\st646292.dll
2018-04-26 21:38 - 2018-04-26 21:38 - 001804688 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-04-26 21:37 - 2018-04-26 21:37 - 000051808 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-04-26 21:08 - 2018-04-26 21:08 - 000000000 ____D C:\Windows\IObit
2018-04-26 21:07 - 2018-05-02 22:56 - 000000000 ____D C:\ProgramData\ProductData
2018-04-26 21:07 - 2018-04-26 21:08 - 000000000 ____D C:\Users\user\AppData\LocalLow\IObit
2018-04-26 21:07 - 2018-04-26 21:07 - 000027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2018-04-26 21:07 - 2018-04-26 21:07 - 000000000 ____D C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-04-26 21:06 - 2018-04-26 21:06 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2018-04-26 21:05 - 2018-05-02 22:57 - 000000000 ____D C:\Users\user\AppData\Roaming\IObit
2018-04-26 21:05 - 2018-05-02 22:57 - 000000000 ____D C:\Program Files (x86)\IObit
2018-04-26 21:05 - 2018-04-26 21:09 - 000000000 ____D C:\ProgramData\IObit
2018-04-26 20:36 - 2018-04-29 00:07 - 000000000 ____D C:\Users\user\Desktop\Saves
2018-04-26 20:33 - 2018-04-29 00:08 - 000000000 ____D C:\Users\user\Desktop\The Sims 3 (2)
2018-04-26 20:23 - 2018-05-15 19:26 - 000003050 _____ C:\Windows\System32\Tasks\{3EB490F6-4A01-497C-908E-72B2CF31B581}
2018-04-25 13:15 - 2018-04-25 14:48 - 000000000 ____D C:\Users\user\Documents\Emily dickinson
2018-04-24 23:24 - 2018-04-24 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
2018-04-24 23:23 - 2018-04-24 23:23 - 000476043 _____ C:\Users\user\Downloads\s3pe_14-0222-1852 (1).exe
2018-04-24 22:53 - 2018-04-24 22:53 - 000938064 _____ C:\Users\user\Downloads\F-P Children's Pedal Chevy Camaro Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 004012393 _____ C:\Users\user\Downloads\F-P 2012 Ford Explorer Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 003269959 _____ C:\Users\user\Downloads\F-P 2009 Mercedes-Benz G550 Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 003258893 _____ C:\Users\user\Downloads\F-P 2009 Audi TT Roadster Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 003145590 _____ C:\Users\user\Downloads\F-P 2012 Ford F-150 Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 003137835 _____ C:\Users\user\Downloads\F-P 2012 Ford F-150 SuperCab Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 002759104 _____ C:\Users\user\Downloads\F-P 2005 Hummer H2 SUT Package.zip
2018-04-24 22:52 - 2018-04-24 22:52 - 002188346 _____ C:\Users\user\Downloads\F-P 2011 Dodge Ram 1500 Package.zip
2018-04-24 22:51 - 2018-04-24 22:52 - 003582750 _____ C:\Users\user\Downloads\F-P 2013 MINI Countryman JCW Package.zip
2018-04-24 22:51 - 2018-04-24 22:52 - 003312208 _____ C:\Users\user\Downloads\F-P 2010 Chrysler 300 S Package.zip
2018-04-24 22:51 - 2018-04-24 22:51 - 000802242 _____ C:\Users\user\Downloads\F-P Vintage Motor Car Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 004109229 _____ C:\Users\user\Downloads\F-P 2012 GMC Yukon Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003468592 _____ C:\Users\user\Downloads\F-P 2012 Jeep Grand Cherokee SRT8 Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003468061 _____ C:\Users\user\Downloads\F-P 2013 Ford Mustang Boss 302 Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003409725 _____ C:\Users\user\Downloads\F-P 2012 Honda CR-Z Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003341242 _____ C:\Users\user\Downloads\F-P 2012 Porsche Cayenne Turbo Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003198953 _____ C:\Users\user\Downloads\F-P 2013 Ferrari 458 Spider Package.zip
2018-04-24 22:50 - 2018-04-24 22:50 - 003130291 _____ C:\Users\user\Downloads\F-P 2012 Jaguar XJ Package.zip
2018-04-24 22:49 - 2018-04-24 22:49 - 005683716 _____ C:\Users\user\Downloads\F-P_2015_Mercedes-Benz_CLA45-AMG_TS3_Package.zip
2018-04-24 22:49 - 2018-04-24 22:49 - 004048793 _____ C:\Users\user\Downloads\F-P_2016_Koenigsegg_Regera_TS3_Package.zip
2018-04-24 22:49 - 2018-04-24 22:49 - 003381104 _____ C:\Users\user\Downloads\F-P 2015 Ford Mustang GT Package.zip
2018-04-24 22:47 - 2018-04-24 22:47 - 003728351 _____ C:\Users\user\Downloads\F-P 2011 Land Rover Range Rover Sport Package.zip
2018-04-24 22:47 - 2018-04-24 22:47 - 002953180 _____ C:\Users\user\Downloads\F-P 1988 Jeep Wrangler Package.zip
2018-04-24 22:33 - 2018-04-24 22:34 - 007093556 _____ C:\Users\user\Downloads\Selena Gomez Thesims3 Grammy 2016.rar
2018-04-24 22:30 - 2018-04-24 22:30 - 003873099 _____ C:\Users\user\Downloads\Am & Af Harley Boots by VenusPrincess Fixed.rar
2018-04-24 22:30 - 2018-04-24 22:30 - 002543361 _____ C:\Users\user\Downloads\M&FChunkySneakersHeels_ConvVenusPrincess.rar
2018-04-24 22:26 - 2018-04-24 22:26 - 001401690 _____ C:\Users\user\Downloads\[JURASSICA] Pistelia Booties.rar
2018-04-24 22:26 - 2018-04-24 22:26 - 001090946 _____ C:\Users\user\Downloads\[JURASSICA] Nuha Heels.rar
2018-04-24 22:21 - 2018-04-24 22:21 - 001339966 _____ C:\Users\user\Downloads\Pixicat_TStrapHeel_F01.rar
2018-04-24 22:14 - 2018-04-24 22:14 - 004270081 _____ C:\Users\user\Downloads\simsdom-justoklau-14023-16194679.zip
2018-04-24 22:13 - 2018-04-24 22:13 - 001719306 _____ C:\Users\user\Downloads\BootAboveTheKnee_AAS.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-15 19:26 - 2017-11-04 19:06 - 000002988 _____ C:\Windows\System32\Tasks\{DB848EB1-03EB-4339-AB13-922D17A0B46D}
2018-05-15 19:26 - 2017-10-15 14:41 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-15 19:26 - 2017-09-07 13:53 - 000003000 _____ C:\Windows\System32\Tasks\{E62E10F9-0445-45F4-9897-D2B1BDB474DD}
2018-05-15 19:26 - 2017-09-07 13:18 - 000003000 _____ C:\Windows\System32\Tasks\{88885BFB-B570-457E-9D19-6D7F2F51C20B}
2018-05-15 19:26 - 2014-09-06 18:37 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-15 19:26 - 2014-09-06 18:37 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 18:00 - 2009-07-14 00:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-15 18:00 - 2009-07-14 00:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-15 17:19 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-11 01:11 - 2018-02-03 00:08 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-10 19:12 - 2009-07-14 01:13 - 000822616 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-10 19:12 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-10 19:05 - 2009-07-14 00:45 - 000435728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 18:20 - 2014-06-09 17:27 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 18:14 - 2017-11-04 22:57 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 18:14 - 2014-06-09 17:27 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 18:09 - 2014-06-09 18:14 - 000806376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-10 18:01 - 2017-04-03 21:08 - 000002255 _____ C:\Users\user\Desktop\Google Chrome.lnk
2018-05-09 23:15 - 2018-03-15 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-09 23:15 - 2018-03-15 16:29 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-05-09 23:15 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-09 23:14 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2018-05-09 01:04 - 2016-01-08 00:58 - 000000000 ____D C:\Users\user\AppData\Roaming\IMVU
2018-05-09 00:02 - 2016-01-08 04:37 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin
2018-05-07 20:21 - 2018-04-11 13:29 - 000000000 ____D C:\Program Files\Rainlendar2
2018-05-02 23:30 - 2014-11-06 20:03 - 000000000 ____D C:\Windows\Minidump
2018-04-30 21:00 - 2017-08-29 14:13 - 000000000 ____D C:\Users\user\Desktop\Sms3savebckups
2018-04-29 00:19 - 2015-02-10 19:39 - 000000000 ____D C:\Users\user\Desktop\InstalledWorlds
2018-04-29 00:06 - 2016-07-04 14:28 - 000000000 ____D C:\Users\user\Documents\Electronic Arts
2018-04-28 15:55 - 2014-09-04 13:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-28 15:52 - 2016-05-09 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-28 15:52 - 2016-05-09 22:00 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-28 15:49 - 2016-05-09 22:03 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-04-28 14:46 - 2009-07-14 01:08 - 000032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-27 20:09 - 2015-04-15 12:38 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 18:00 - 2017-09-01 11:12 - 000000000 ____D C:\Users\user\Desktop\Sims3CCmergeFolder
2018-04-27 14:14 - 2015-02-12 14:05 - 000000000 ____D C:\Users\user\Desktop\My Sims 3 CC
2018-04-26 22:34 - 2014-09-04 13:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-26 22:33 - 2014-06-25 20:09 - 018634216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-04-26 22:33 - 2014-06-25 20:09 - 000026157 _____ C:\Windows\system32\nvinfo.pb
2018-04-26 22:32 - 2014-06-25 20:09 - 003207824 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-04-26 22:32 - 2014-06-25 20:09 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-04-26 21:39 - 2014-09-04 13:24 - 012829184 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl
2018-04-26 21:39 - 2014-09-04 13:24 - 001952256 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2018-04-26 21:39 - 2014-09-04 13:24 - 000442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2018-04-26 21:39 - 2014-09-04 13:24 - 000162816 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2018-04-26 21:39 - 2014-09-04 13:24 - 000090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2018-04-26 21:39 - 2014-09-04 13:24 - 000068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2018-04-26 21:25 - 2014-06-06 19:37 - 000000000 ____D C:\Windows\Panther
2018-04-26 15:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-04-26 14:03 - 2014-09-11 20:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2018-04-25 23:14 - 2014-09-11 20:28 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2018-04-24 23:45 - 2017-08-29 17:32 - 000000000 ____D C:\Users\user\AppData\Local\Peter_L_Jones
2018-04-24 23:23 - 2017-08-29 17:06 - 000000000 ____D C:\Program Files\s3pe
 
==================== Files in the root of some directories =======
 
2015-02-03 18:44 - 2015-05-15 21:27 - 000000020 _____ () C:\Users\user\AppData\Roaming\appdataFr3.bin
2015-03-26 15:14 - 2015-03-26 15:14 - 000005542 _____ () C:\Users\user\AppData\Roaming\IMHXA
2014-11-04 04:00 - 2014-11-06 04:00 - 000000065 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2016-05-05 21:30 - 2016-05-05 21:30 - 000002560 _____ () C:\Users\user\AppData\Local\uninstallssl.exe
 
Some files in TEMP:
====================
2013-10-05 04:38 - 2013-10-05 04:38 - 000455328 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\msvcp120.dll
2013-10-05 04:38 - 2013-10-05 04:38 - 000970912 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\msvcr120.dll
2016-07-30 20:08 - 2016-07-30 20:08 - 003112960 _____ (Jason York) C:\Users\user\AppData\Local\Temp\pc-decrapifier.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-28 16:24
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by user (15-05-2018 20:20:44)
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-04 18:16:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4061542135-915913118-1211114386-500 - Administrator - Disabled)
Guest (S-1-5-21-4061542135-915913118-1211114386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4061542135-915913118-1211114386-1006 - Limited - Enabled)
user (S-1-5-21-4061542135-915913118-1211114386-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.1611.210 - Alps Electric)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Free Viewer (HKLM\...\{5EF92F52-FA16-4CA6-A204-811524BEE514}_is1) (Version: 2.5 - Blue Labs, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
RelayStasis (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f07085f}) (Version:  - Software Publisher) <==== ATTENTION
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{87BFB956-DC1D-38FC-A849-A9997A183F63}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 14-0222-1852 - Peter L Jones)
Spotify (HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{23F3B544-D6BD-322B-A48A-C66790A8AE0D}) (Version: 14.102.25521 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{2FAE53FC-8859-3EB9-BAAA-3A9BE26931BC}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{D949D8A9-0CEF-3997-BA76-75EA19E62137}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-14] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} =>  -> No File
ContextMenuHandlers1_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {046D0D67-2EF4-47A2-AF3B-7921AA12C228} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {0A1B4C06-F80A-4224-AB12-D27E06B892BA} - System32\Tasks\{D2EFF0D0-B64B-4B8A-BC5F-56BBD36FD6C2} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\JavaSetup8u171.exe -d C:\Users\user\Downloads
Task: {2647C9F5-31A5-4EFA-9171-4333BBD72E1D} - System32\Tasks\{E62E10F9-0445-45F4-9897-D2B1BDB474DD} => C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe [2014-01-16] (Electronic Arts Inc.)
Task: {2A34F926-30BA-407E-9685-B75EB3796008} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-22] ()
Task: {34B6C834-42CC-4A0A-8002-1A6C954D3F2D} - \PennyBee -> No File <==== ATTENTION
Task: {361CC4CB-52A4-4C52-AD91-B5A73610B1EC} - System32\Tasks\{64C004F4-378E-4630-82EF-40ECD2391E19} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\HealthAlert\uninstall.exe -c /kb=y /ic=1
Task: {40E1324B-2300-4946-A020-609108B80F12} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-11-06] (Adobe Systems Incorporated)
Task: {50F2920D-BF84-4DA3-8A67-C57283A4206C} - System32\Tasks\{88885BFB-B570-457E-9D19-6D7F2F51C20B} => C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe [2014-01-16] (Electronic Arts Inc.)
Task: {57A40CC8-EDBC-49E1-99BC-7B71164FC105} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-22] ()
Task: {5D83E937-CF60-4D4B-970B-2F2105850B12} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {5F0E6F47-D653-42D6-93E0-1009AB41E96E} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {707F6877-2D45-4C36-B8F8-4476A75314FF} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {76466FEA-6B41-4126-897B-A93969041627} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-22] (Microsoft Corporation)
Task: {82B7A0F4-AFC4-4120-99B1-F4F5F03B866F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-22] (Microsoft Corporation)
Task: {89C9BBEC-B3D3-4722-A0E0-071BA2EC242B} - System32\Tasks\{2961BDBE-29C0-4C4C-8463-43FAB9FB57DC} => C:\Windows\system32\pcalua.exe -a D:\Sims3MonteVistaSetup.exe -d D:\
Task: {A66641FE-35AB-4417-B3C6-876C923E54BF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A8BF621D-D0F7-40B9-B5E4-C5292BC1A261} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C8E0FF42-7DAE-4E15-ADB9-9CE5B9207DCC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {C9EC8FC8-10C0-413D-98A3-B924691841D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3E8BBA6-C379-4B61-ADAB-F16D766435AF} - System32\Tasks\{3EB490F6-4A01-497C-908E-72B2CF31B581} => C:\Program Files (x86)\Electronic Arts\The Sims 3 University Life\Game\Bin\Sims3Launcher.exe [2013-01-30] (Electronic Arts, Inc.)
Task: {DF596EF7-4410-44A3-BAF9-C3E2EBF72F65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {E4BD06D2-F339-4766-B75C-FD1039D47703} - System32\Tasks\{DB848EB1-03EB-4339-AB13-922D17A0B46D} => C:\Users\user\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2018-03-05] ()
Task: {F68F9D75-8463-4F43-A452-44EB3B8DBD8D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {FEA45D03-232E-417F-9914-CF611A3144A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-22] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-26 22:37 - 2018-04-26 22:37 - 000259584 _____ () C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
2014-09-04 13:23 - 2016-11-14 07:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-08-22 15:09 - 2017-08-22 15:09 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-03-15 16:29 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-15 16:29 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-22 15:06 - 2017-08-22 15:06 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2018-04-27 20:08 - 2018-04-25 23:24 - 003738456 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-27 20:08 - 2018-04-25 23:24 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-4061542135-915913118-1211114386-1000\...\sharepoint.com -> hxxps://vccsstudents-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: PowerDVD15Agent => "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
MSCONFIG\startupreg: Rainlendar2 => C:\Program Files\Rainlendar2\Rainlendar2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{C908C2A5-53ED-41B6-891D-6A2D308E2F72}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1C42935F-5317-456D-BD48-8EF3D2EA208E}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2D408D7B-F959-4449-B5D3-D3944542C429}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{64668943-0196-4C25-AE34-542E902D4E99}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F15BC79-5CF4-429C-B906-DE577710CD97}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{39311F3D-F163-42B9-AF94-BB5849D22CDE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{68CE5B9C-0330-4B7D-88A2-8B5A407772EF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{CE4D2D4F-62B1-4E4E-A365-A64ED3BE3527}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{372E7FBC-6F62-4176-966B-3151EB1CE896}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3353AE16-D96D-48BB-B702-0F69D4EF13AA}] => (Allow) C:\Users\user\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{A9051D92-0B6F-44D8-8000-0DB946053666}] => (Allow) C:\Users\user\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{A6A8CF51-6F25-45B4-A27D-53271B19A8A0}] => (Allow) C:\Users\user\Downloads\uTorrent (2).exe
FirewallRules: [{F98C8A3A-F7BD-4B8D-AC8C-8CBA326040C3}] => (Allow) C:\Users\user\Downloads\uTorrent (2).exe
FirewallRules: [TCP Query User{9B199DC9-9498-4B07-955A-E487EE916C99}C:\users\user\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [UDP Query User{56BBEBC2-3161-44DB-89AB-A6B646D7121E}C:\users\user\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{9F6C39A8-6524-4959-A3CD-101BC3DDAD40}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B5093936-72AF-47FC-8BF7-14FA9B485B7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D838B1D-28E1-4D46-96B9-0FB4A177172C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2A27C478-5161-48ED-9DEF-0C1C536CE885}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D67CDAB4-2DB1-4C3A-848B-DFDC4C460D6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A739251-2E1D-4793-9D8C-C37F7A92B028}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D483BB5-AFC2-4684-BA8A-6C62B5655B70}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5B18A60B-33D2-4FE4-A530-2179D3822BAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-05-2018 16:34:30 Revo Uninstaller Pro's restore point - µTorrent
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/15/2018 08:13:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 08:13:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 08:11:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 08:01:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 08:01:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 07:40:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 07:40:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (05/15/2018 07:33:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
 
System errors:
=============
Error: (05/15/2018 05:20:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/15/2018 05:20:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.
 
Error: (05/15/2018 05:19:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo PM Service service to connect.
 
Error: (05/15/2018 05:12:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/15/2018 05:12:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/15/2018 05:12:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/15/2018 05:12:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (05/15/2018 05:12:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
 
Date: 2015-12-22 02:32:07.259
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:32:07.134
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:30:13.706
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:30:13.441
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:29:40.986
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:29:40.908
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:28:37.351
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2015-12-22 02:28:37.288
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 2035.92 MB
Available physical RAM: 524.61 MB
Total Virtual: 6235.92 MB
Available Virtual: 4106.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:32.78 GB) NTFS
 
\\?\Volume{e7cccfb3-3457-11e4-946e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: A480D3D5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 16 May 2018 - 07:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
RelayStasis (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f07085f}) (Version: - Software Publisher) <==== ATTENTION

---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61531;https=127.0.0.1:61531
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} =>  -> No File
ContextMenuHandlers1_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
Task: {34B6C834-42CC-4A0A-8002-1A6C954D3F2D} - \PennyBee -> No File <==== ATTENTION

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
<<<>>>

Please post the log and let me know what problem persists.

#3 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 16 May 2018 - 01:40 PM

This is the Fixlog.txt

 

Fixlog

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by user (16-05-2018 14:52:47) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user &  (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61531;https=127.0.0.1:61531
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} =>  -> No File
ContextMenuHandlers1_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-4061542135-915913118-1211114386-1000: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
Task: {34B6C834-42CC-4A0A-8002-1A6C954D3F2D} - \PennyBee -> No File <==== ATTENTION
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
RemoveProxy:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam" => removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz143" => removed successfully
cpuz143 => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RUShellExt" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => not found
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully
HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully
HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B6C834-42CC-4A0A-8002-1A6C954D3F2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B6C834-42CC-4A0A-8002-1A6C954D3F2D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee => not found
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::f53b:cc70:bcc4:b616%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Link-local IPv6 Address . . . . . : fe80::f53b:cc70:bcc4:b616%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018132658389\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4061542135-915913118-1211114386-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018132658389\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7988664 B
Java, Flash, Steam htmlcache => 714 B
Windows/system/drivers => 53386573 B
Edge => 0 B
Chrome => 6941696 B
Firefox => 29911203 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 79660099 B
user => 1313272676 B
 
RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:55:38 ====
 
 
 
Okay, google is running more like it did before, but I can't test it to see if those Trojan's MSE picked up are still there or not. They only popped up when running Malwarebytes and the Rkill tool.

Edited by Amnesia98, 16 May 2018 - 02:19 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 17 May 2018 - 06:08 AM

Hi,

I can't test it to see if those Trojan's MSE picked up are still there or not. They only popped up when running Malwarebytes and the Rkill tool.


Please post these logs for my review.

#5 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 17 May 2018 - 03:49 PM

 

Please post these logs for my review.

 

 

I don't know how to find the Microsoft Security Essential logs, I posted pictures in my original post that showed what they looked like when they were detected.  If you could tell me how to find the detection logs I would greatly appreciate it. And my Google Chrome is back to running a bit sluggish.

Malwarebytes didn't detect anything when the MSE detected a Trojan during a Malwarebytes scan.

But here are the last two scans I have done.

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/15/18
Scan Time: 1:38 PM
Log File: b778da2f-5866-11e8-a05d-002170d57977.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5114
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280869
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 31 min, 20 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
-------------------------------------------------------------------------------------------------------------------------------------------------
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/14/18
Scan Time: 9:36 PM
Log File: 5b64ca4f-57e0-11e8-aca0-002170d57977.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5106
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281070
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 hr, 9 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.AdvancedSystemCare, C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4507], [380340],1.0.5106
PUP.Optional.OpenSoftwareUpdater, C:\USERS\USER\DOWNLOADS\SETUPODM.EXE, Delete-on-Reboot, [2861], [521045],1.0.5106
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Amnesia98, 17 May 2018 - 03:58 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 18 May 2018 - 06:40 AM

Hi,
 

If you could tell me how to find the detection logs I would greatly appreciate it.


This may help.

https://superuser.com/questions/454956/view-microsoft-security-essentials-logs
===

Run this Sophos Virus Removal Scan.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Did you reset Chrome as I have suggested?

#7 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 18 May 2018 - 06:43 PM

The file was too big to copy and paste so I have attached it to this reply as a zipped file, along with two detection logs.

 

MPLog-08192015-222707

 

Attached File  MPLog-08192015-222707.zip   1.22MB   1 downloads

 

Detection Logs

 

Attached File  MPDetection-05042018-175442.log   10.15KB   0 downloads

 

Attached File  MPDetection-04032018-222859.log   13.75KB   0 downloads

 

 

 

And I did reset chrome as you asked.

 

And somehow, Sophos picked up nothing.

But here is the log.

 

2018-05-18 23:41:11.406 Sophos Virus Removal Tool version 2.6.1
2018-05-18 23:41:11.406 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2018-05-18 23:41:11.406 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2018-05-18 23:41:11.406 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2018-05-18 23:41:11.422 Checking for updates...
2018-05-18 23:41:12.405 Update progress: proxy server not available
2018-05-18 23:41:32.863 Option all = no
2018-05-18 23:41:32.863 Option recurse = yes
2018-05-18 23:41:32.863 Option archive = no
2018-05-18 23:41:32.863 Option service = yes
2018-05-18 23:41:32.863 Option confirm = yes
2018-05-18 23:41:32.863 Option sxl = yes
2018-05-18 23:41:32.863 Option max-data-age = 35
2018-05-18 23:41:32.863 Option vdl-logging = yes
2018-05-18 23:41:32.894 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-18 23:41:32.894 Machine ID: af2624ae77af4685b263aaaf50ef317b
2018-05-18 23:41:33.050 Component SVRTcli.exe version 2.6.1
2018-05-18 23:41:33.050 Component control.dll version 2.6.1
2018-05-18 23:41:33.050 Component SVRTservice.exe version 2.6.1
2018-05-18 23:41:33.050 Component engine\osdp.dll version 1.44.1.2286
2018-05-18 23:41:33.050 Component engine\veex.dll version 3.68.6.2286
2018-05-18 23:41:33.050 Component engine\savi.dll version 9.0.7.2286
2018-05-18 23:41:33.128 Component rkdisk.dll version 1.5.31.1
2018-05-18 23:41:33.128 Version info: Product version 2.6.1
2018-05-18 23:41:33.128 Version info: Detection engine 3.68.6
2018-05-18 23:41:33.128 Version info: Detection data 5.46
2018-05-18 23:41:33.128 Version info: Build date 11/28/2017
2018-05-18 23:41:33.128 Version info: Data files added 746
2018-05-18 23:41:33.128 Version info: Last successful update (not yet updated)
2018-05-18 23:42:21.561 Downloading updates...
2018-05-18 23:42:21.561 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-05-18 23:42:21.561 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-18 23:42:21.561 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-18 23:42:21.561 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-05-18 23:42:21.561 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-05-18 23:42:21.561 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2018-05-18 23:42:21.561 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2018-05-18 23:42:21.561 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2018-05-18 23:42:21.561 Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
2018-05-18 23:42:21.577 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I49502] sdds.data0910.xml: found supplement IDE551 LATEST path= baseVersion= [included from product IDE550 LATEST path=]
2018-05-18 23:42:21.577 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE551 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE551 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I49502] sdds.data0910.xml: found supplement IDE552 LATEST path= baseVersion= [included from product IDE551 LATEST path=]
2018-05-18 23:42:21.577 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE552 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE552 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I49502] sdds.data0910.xml: found supplement IDE553 LATEST path= baseVersion= [included from product IDE552 LATEST path=]
2018-05-18 23:42:21.577 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE553 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE553 LATEST path=
2018-05-18 23:42:21.577 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-18 23:42:22.373 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-05-18 23:42:22.373 Update progress: [I19463] Product download size 178991033 bytes
2018-05-18 23:42:37.586 Update progress: [I19463] Syncing product IDE547 LATEST path=
2018-05-18 23:42:37.586 Update progress: [I19463] Product download size 4521286 bytes
2018-05-18 23:42:39.928 Update progress: [I19463] Syncing product IDE548 LATEST path=
2018-05-18 23:42:39.928 Update progress: [I19463] Product download size 3541768 bytes
2018-05-18 23:42:42.628 Update progress: [I19463] Syncing product IDE549 LATEST path=
2018-05-18 23:42:42.628 Update progress: [I19463] Product download size 4830037 bytes
2018-05-18 23:42:44.940 Update progress: [I19463] Syncing product IDE550 LATEST path=
2018-05-18 23:42:44.940 Update progress: [I19463] Product download size 2760469 bytes
2018-05-18 23:42:46.907 Update progress: [I19463] Syncing product IDE551 LATEST path=
2018-05-18 23:42:46.907 Update progress: [I19463] Product download size 2676611 bytes
2018-05-18 23:42:55.888 Update progress: [I19463] Syncing product IDE552 LATEST path=
2018-05-18 23:42:55.888 Update progress: [I19463] Product download size 2629185 bytes
2018-05-18 23:43:16.115 Update progress: [I19463] Syncing product IDE553 LATEST path=
2018-05-18 23:43:16.225 Installing updates...
2018-05-18 23:43:17.318 Error level 1
2018-05-18 23:43:41.524 Update successful
2018-05-18 23:43:57.385 Option all = no
2018-05-18 23:43:57.385 Option recurse = yes
2018-05-18 23:43:57.385 Option archive = no
2018-05-18 23:43:57.385 Option service = yes
2018-05-18 23:43:57.385 Option confirm = yes
2018-05-18 23:43:57.385 Option sxl = yes
2018-05-18 23:43:57.401 Option max-data-age = 35
2018-05-18 23:43:57.401 Option vdl-logging = yes
2018-05-18 23:43:57.416 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-18 23:43:57.416 Machine ID: af2624ae77af4685b263aaaf50ef317b
2018-05-18 23:43:57.416 Component SVRTcli.exe version 2.6.1
2018-05-18 23:43:57.416 Component control.dll version 2.6.1
2018-05-18 23:43:57.416 Component SVRTservice.exe version 2.6.1
2018-05-18 23:43:57.416 Component engine\osdp.dll version 1.44.1.2286
2018-05-18 23:43:57.416 Component engine\veex.dll version 3.68.6.2286
2018-05-18 23:43:57.416 Component engine\savi.dll version 9.0.7.2286
2018-05-18 23:43:57.416 Component rkdisk.dll version 1.5.31.1
2018-05-18 23:43:57.416 Version info: Product version 2.6.1
2018-05-18 23:43:57.416 Version info: Detection engine 3.68.6
2018-05-18 23:43:57.416 Version info: Detection data 5.46
2018-05-18 23:43:57.416 Version info: Build date 11/28/2017
2018-05-18 23:43:57.416 Version info: Data files added 922
2018-05-18 23:43:57.416 Version info: Last successful update 5/18/2018 7:43:41 PM
 
2018-05-18 23:54:14.392 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2018-05-19 00:12:42.399 Could not open C:\hiberfil.sys
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{e62e62f2-592d-11e8-96e2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{e62e62f6-592d-11e8-96e2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{e62e62fd-592d-11e8-96e2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{e62e6301-592d-11e8-96e2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{e62e6306-592d-11e8-96e2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.148 Could not open C:\System Volume Information\{eca7923d-5ad3-11e8-a4f2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:00:54.163 Could not open C:\System Volume Information\{eca79259-5ad3-11e8-a4f2-002170d57977}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-19 03:24:37.151 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2018-05-19 03:24:37.151 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2018-05-19 03:24:57.525 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-05-19 03:24:57.587 Could not open C:\Windows\System32\config\RegBack\SAM
2018-05-19 03:24:57.603 Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-05-19 03:24:57.603 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-05-19 03:24:57.603 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-05-19 04:00:47.037 Could not open LOGICAL:0003:00000000
2018-05-19 04:00:47.037 Could not open D:\
2018-05-19 04:00:47.037 Could not open LOGICAL:0004:00000000
2018-05-19 04:00:47.037 Could not open E:\
2018-05-19 04:00:47.271 Could not open PHYSICAL:0081:0000:0000:0001
2018-05-19 04:00:48.067 Error level 0
 
2018-05-19 04:15:11.014 Scan completed.
2018-05-19 04:15:11.014
 
------------------------------------------------------------

Edited by Amnesia98, 18 May 2018 - 11:19 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 19 May 2018 - 07:03 AM

Hi,

MSE Detected Trojan:Win32/Bitrep.A and Trojan:Win32/Cloxer.D!cl

These are possibly False Positives.
One is relatd to Rkill, which you can delete from your Downloads folder.

2018-05-15T16:41:10.803Z DETECTIONEVENT Trojan:Win32/Bitrep.A file:C:\Users\user\Downloads\rkill-unsigned64.exe;
2018-05-15T16:41:10.808Z DETECTION_ADD Trojan:Win32/Bitrep.A file:C:\Users\user\Downloads\rkill-unsigned64.exe

This is from malwarebytes service. Nothing to worry about.
2018-03-15T20:52:30.162Z DETECTIONEVENT Trojan:Win32/Cloxer.D!cl file:C:\ProgramData\Malwarebytes\MBAMService\b4c765b0-2892-11e8-9b7f-002170d57977;
2018-03-15T20:52:30.380Z DETECTION_ADD Trojan:Win32/Cloxer.D!cl file:C:\ProgramData\Malwarebytes\MBAMService\b4c765b0-2892-11e8-9b7f-002170d57977

#9 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 19 May 2018 - 02:03 PM

I deleted Rkill already from my downloads folder. 

And never before has my MSE detected a trojan during a Malwarebytes scan.

What would you like me to do now?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 20 May 2018 - 06:44 AM

Hi,

Keep and eye on it for a few days.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 20 May 2018 - 07:07 PM

If the Trojans were false positives, then why is my computer slower than it was a few weeks ago? Any advice to help me get it back into running order?
 

Thank you very much for your help!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 21 May 2018 - 06:04 AM

Hi,

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.
---

Run this scan from Sophos

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Open the Task Manager.
Under the Processes tab, any program using a lot of CPU?

#13 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 21 May 2018 - 09:09 PM

I am at the moment running the sfc/scannow in command prompt, but I thought I'd let you know, that early, when I was on google chrome working in my online classes, MSE detected another and different trojan.  And it refers to Malwarebytes again, this has only recently started happening in the past few weeks, which was originally why I came to this site and ended up in one of the forums. But MSE never detected this stuff before, just in these recent weeks, and there have now been three different Trojans detected. Attached File  New Trojan.PNG   18.43KB   0 downloads

And with the Sophos virus removal tool, you want me to run another scan?

 

Also here is a picture of my processes, at the moment of the image, only one tab was open in my google chrome (this forum). 

Attached File  Processes.PNG   43.53KB   0 downloads

 

 

Edit:    I was looking through my Malwarebytes protected applications (I don't know why I never checked before), and I don't know if the programs it protects may be relevant or not. 

Attached File  Mal.prtced.apps.1.PNG   86.25KB   0 downloads

Attached File  Mal.prtced.apps.2.PNG   28.3KB   0 downloads

 

And this is the sfcdetails.txt document.

Attached File  sfcdetails.txt   94.51KB   1 downloads

 

 

 

Again, thank you for all your help.


Edited by Amnesia98, 21 May 2018 - 10:39 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 22 May 2018 - 06:43 AM


Hi,

Sorry no need to run Eset a second time.

==

Your Malwarebytes may been compromised.

Remove it. Follow the instructions on this page.

https://support.malwarebytes.com/docs/DOC-1112

Restart the computer when done.

Reinstall the version you own from the Malwarebytes site below.

https://www.malwarebytes.com/premium/

Restart the computer normally.

Let me know if the problem persists.

#15 Amnesia98

Amnesia98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 22 May 2018 - 10:45 PM

And I did run Sophos again, and it detected nothing.

This the results of the mb cleaner.

 

Attached File  mb-clean-results.txt   204.52KB   1 downloads

 

I uninstalled and reinstalled Malwarebytes, and then ran a scan to see if anything changed, and MSE still detected a trojan.

Attached File  Trojan...PNG   64.76KB   0 downloads

 


Edited by Amnesia98, 22 May 2018 - 11:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users