Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!!! Infected with SearchAwesome Adware, programs open and close at will.


  • This topic is locked This topic is locked
110 replies to this topic

#1 ratidwell

ratidwell

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 May 2018 - 11:40 PM

My computer has gotten super slow, cant use Microsoft edge and can barely navigate explorer. Pages randomly pop open or close, downloading takes forever or shuts the computer off, dialog boxes with names like outspent, goodie, scvhost, feleadea,  ganpzwdieg, navigates stating the program stopped suddenly. There is a neon red line towards the bottom and neon green writing "RAM 1641.44 MB (svchost) CPU" and the numbers are constantly flickering, weird looking boxes appear at the bottom off and on and i included a pick. If I go in and try to erase the program search awesome it doesn't delete. The system just turns off suddenly

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by rache (administrator) on TABLET-MQNK2CAL (21-05-2018 22:24:40)
Running from C:\Users\rache\Desktop
Loaded Profiles: rache (Available Profiles: rache)
Platform: Windows 10 Home Version 1607 14393.2214 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: HYPERLINK http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\psmgbwlsvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Users\rache\AppData\Local\sidwcut\sidwcut.exe
() C:\Users\rache\AppData\Local\sidwcut\exotnvd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CXAPOAgent] => C:\Windows\System32\CXAPOAgent64.exe [795272 2015-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Logistical] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Vixen] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM\...\Run: [Bergstein] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Hadi] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM\...\Run: [Guzzles] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM\...\Run: [Jm] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Phoning] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Deason] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Initials] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Oversize] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Luxuriated] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Bearish] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Chromium] => "c:\users\rache\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [hiakbk] => rundll32.exe "C:\Users\rache\AppData\Local\hiakbk.dll",hiakbk <==== ATTENTION
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Weakening] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Pickard] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Nunn] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Hoyt] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Rodale] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Cutie] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Eleemosynary] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Amazon] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Virgins] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Kas] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Erwin] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Honourable] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [axford] => C:\Program Files (x86)\harewood\axford.exe [49942 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [bouche] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [dioxide] => C:\Program Files (x86)\tippy\dioxide.exe [49943 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [nihilists] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\MountPoints2: {a86f5d2b-faa8-11e7-b928-f1083610715e} - "D:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371920 2018-03-21] (Microsoft Corporation)
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlock.lnk [2018-05-19]
ShortcutTarget: headlock.lnk -> C:\Program Files (x86)\Longer\Planted.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlockheadlock.lnk [2018-05-19]
ShortcutTarget: headlockheadlock.lnk -> C:\Program Files (x86)\thoughout\Cloying.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworski.lnk [2018-05-19]
ShortcutTarget: jaworski.lnk -> C:\Program Files (x86)\Subwoofer\Outspent.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworskijaworski.lnk [2018-05-19]
ShortcutTarget: jaworskijaworski.lnk -> C:\Program Files (x86)\oppressed\Goodie.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{62199a87-2292-43e2-9cc0-434b56847621}: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{708301a3-ffff-4232-8389-d3a914922851}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1237543100-274015457-632876503-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_amnis_18_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzztCzyzz0EtCyE0FyBzz0AyDyByEtN0D0Tzu0StBtBzytBtN1L2XzuyEtFtByEtFtDtFyBtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyCzyyByEtCyDtGyCtAzyyBtGyC0FtC0BtGyByC0C0BtGyDyEtCyCtDyCtCtD0CtByByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyDtAzytDzyyD1PtGyD1PyC1TtGyE1R1O1RtGzztDtA1PtGyEtCzzzz1PzztCtB1SyBtCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtAyEyByDtAyBtC%26cr%3D841506265%26a%3Dwbf_amnis_18_15_14%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {C7764670-A384-49BD-B45E-9C01B3B9FDD7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default [2018-05-19]
CHR Extension: (Google Play Music) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-05-04]
CHR Extension: (Superman) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknmbkgpmhdhkljehlhgfobimkncckgm [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\rclwb <==== ATTENTION (Rootkit!)

S2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-08] (Conexant Systems, Inc.)
S2 d83b8966cc2672f3cfebde6b8c1eeb54; C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54\c177eee7774d1cf0d276967bc39dd5b4.exe [1574336 2018-05-18] ()
S2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1408616 2015-12-01] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-12-01] (Intel Corporation)
S2 MicroService; C:\Users\rache\AppData\Local\XService\XService.dll [585216 2018-05-19] () [File not signed]
S2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-25] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
S2 e1ab6ed85e93af0a7a4033471fb856c3; rundll32.exe C:\WINDOWS\zwntajurckoojsrj.zwn fJmAxyAy [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [937856 2015-12-01] (Intel® Corporation)
S3 cx2072x; C:\WINDOWS\system32\DRIVERS\cx2072x.sys [67104 2015-11-25] (Conexant System, Inc.)
R1 dedc2ea731860b7257381e5d9151d85d; C:\WINDOWS\System32\drivers\dedc2ea731860b7257381e5d9151d85d.sys [311032 2018-05-18] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72584 2017-01-12] (Intel Corporation)
S3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-12-01] (Intel Corporation)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [251384 2015-12-01] (Intel Corporation)
S3 ETDHIDUSB; C:\WINDOWS\System32\drivers\ETDHIDUSB.sys [223224 2015-10-21] (ELAN Microelectronic Corp.)
S3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [26112 2015-12-01] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [38688 2015-12-01] (Intel)
S3 iagpioe; C:\WINDOWS\System32\drivers\iagpioe.sys [33280 2015-12-01] (Intel® Corporation)
S3 iai2ce; C:\WINDOWS\System32\drivers\iai2ce.sys [81408 2015-12-01] (Intel® Corporation)
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [28432 2015-12-01] (Intel® Corporation)
R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [62976 2015-12-01] (Intel® Corporation)
S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [103936 2015-12-01] (Intel® Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136680 2018-05-11] (Intel Corporation)
S3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5891720 2015-12-01] (Intel Corporation)
S3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [668160 2015-12-01] ()
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [139576 2016-01-24] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [51488 2015-12-01] (Intel)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2015-12-01] (Intel® Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6711048 2015-11-05] (Intel Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614464 2018-05-11] (Intel Corporation)
S3 ov9728; C:\WINDOWS\System32\drivers\ov9728.sys [119408 2015-12-01] (Intel® Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [100864 2015-12-01] (Intel® Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2018-05-11] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\rache\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 dnbawkg; System32\drivers\dtmiupcs.sys [X]
S3 nqtxad; system32\drivers\txadgk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-21 22:24 - 2018-05-21 22:25 - 000019362 _____ C:\Users\rache\Desktop\FRST.txt
2018-05-21 22:23 - 2018-05-21 22:24 - 000000000 ____D C:\FRST
2018-05-21 22:18 - 2018-05-21 22:00 - 002413056 _____ (Farbar) C:\Users\rache\Desktop\FRST64.exe
2018-05-21 19:33 - 2018-05-21 19:33 - 000000000 ____D C:\Users\rache\AppData\Local\niemdwg
2018-05-21 19:24 - 2018-05-21 19:24 - 000142672 ____N C:\WINDOWS\system32\Drivers\zaagjmpt.sys
2018-05-21 19:19 - 2017-07-24 20:30 - 001838144 _____ (Solvusoft) C:\Users\rache\Desktop\Setup_FileViewPro_2016.exe
2018-05-21 19:17 - 2018-05-21 15:38 - 167302376 _____ (Microsoft Corporation) C:\Users\rache\Desktop\msert.exe
2018-05-21 19:16 - 2018-05-21 18:52 - 004002104 _____ (Secunia) C:\Users\rache\Desktop\PSISetup.exe
2018-05-21 19:15 - 2018-05-21 18:45 - 011599632 _____ (SurfRight B.V.) C:\Users\rache\Desktop\HitmanPro_x64.exe
2018-05-21 19:15 - 2018-05-21 15:41 - 007271632 _____ (Malwarebytes) C:\Users\rache\Desktop\Cleaner.exe
2018-05-21 19:14 - 2018-05-21 19:14 - 000000000 ____D C:\AdwCleaner
2018-05-21 19:13 - 2018-05-21 18:43 - 006625600 _____ (Zemana Ltd. ) C:\Users\rache\Desktop\Zemana.Setup.exe
2018-05-21 19:11 - 2018-05-21 18:42 - 074288784 _____ (Malwarebytes ) C:\Users\rache\Desktop\bitemywart.exe
2018-05-21 18:53 - 2018-05-19 13:55 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\rkill-unsigned.exe
2018-05-21 15:33 - 2018-05-21 15:33 - 000000000 ____D C:\Users\rache\AppData\Local\wekczsx
2018-05-21 14:39 - 2018-05-21 14:39 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\rkill.exe
2018-05-21 14:38 - 2018-05-21 14:38 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\iExplore (1).exe
2018-05-21 14:38 - 2018-05-21 14:36 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\iExplore64.exe
2018-05-20 21:35 - 2018-05-20 21:35 - 000000000 ____D C:\Users\rache\AppData\Local\vscprnu
2018-05-20 21:11 - 2018-05-20 21:11 - 000000000 ____D C:\Users\rache\AppData\Local\weivlgo
2018-05-20 21:03 - 2018-05-20 21:03 - 000000000 ____D C:\Users\rache\AppData\Local\widpzvn
2018-05-20 20:14 - 2018-05-20 20:14 - 000671116 _____ C:\WINDOWS\Minidump\052018-23343-01.dmp
2018-05-20 19:52 - 2018-05-20 19:52 - 000000000 ____D C:\Users\rache\AppData\Local\sbndawx
2018-05-20 19:50 - 2018-05-20 19:50 - 000000000 ____D C:\WINDOWS\Panther
2018-05-20 19:43 - 2018-05-20 19:43 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill64-4524.com
2018-05-20 18:48 - 2018-05-20 18:48 - 000000000 ____D C:\Users\rache\AppData\Local\iaawvrd
2018-05-20 18:26 - 2018-05-20 18:26 - 000000000 ____D C:\Users\rache\AppData\Local\zasxvme
2018-05-20 18:15 - 2018-05-20 18:15 - 000142672 _____ C:\WINDOWS\system32\Drivers\zaazcfim.sys
2018-05-20 18:07 - 2018-05-20 18:09 - 113252945 _____ C:\Users\rache\Downloads\msert (2).exe.6hvqpp2.partial
2018-05-20 18:07 - 2018-05-20 18:09 - 090509168 _____ C:\Users\rache\Downloads\msert (1).exe.5gjy3vk.partial
2018-05-20 18:00 - 2018-05-20 18:03 - 166332128 _____ (Microsoft Corporation) C:\Users\rache\Downloads\msert.exe
2018-05-20 17:57 - 2018-05-20 17:57 - 000000000 ____D C:\Users\rache\AppData\Local\niotslc
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\rache\AppData\Local\iadbxrl
2018-05-20 17:15 - 2018-05-20 17:15 - 000000000 ____D C:\Users\rache\Documents\TotalAV
2018-05-20 17:11 - 2018-05-20 17:11 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-05-20 17:06 - 2018-05-20 17:06 - 011093688 _____ C:\Users\rache\Downloads\TotalAV_Setup.exe
2018-05-20 17:02 - 2018-05-20 17:02 - 000000000 ____D C:\Users\rache\AppData\Local\wihtlcn
2018-05-20 16:47 - 2018-05-20 16:47 - 000000000 ____D C:\Users\rache\AppData\Local\excpawu
2018-05-20 16:31 - 2018-05-20 16:31 - 000000000 ____D C:\Users\rache\AppData\Local\pchulto
2018-05-20 16:29 - 2018-05-21 19:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-20 16:25 - 2018-05-20 16:25 - 000000000 ____D C:\Users\rache\Documents\Log
2018-05-19 14:26 - 2018-05-19 14:26 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill64.com
2018-05-19 14:25 - 2018-05-19 14:26 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill.com
2018-05-19 14:20 - 2018-05-19 14:20 - 000000000 ____D C:\Users\rache\Desktop\New folder
2018-05-19 14:14 - 2018-05-19 14:14 - 000000210 _____ C:\Users\rache\Documents\fixlist.txt
2018-05-19 14:09 - 2018-05-21 19:20 - 000000930 _____ C:\Users\rache\Desktop\Rkill.txt
2018-05-19 14:09 - 2018-05-19 14:09 - 000000000 ____D C:\Users\rache\AppData\Local\recopkd
2018-05-19 13:39 - 2018-05-19 13:39 - 000000000 ____D C:\Users\rache\AppData\Local\avbzdlx
2018-05-19 13:02 - 2018-05-19 13:02 - 000000000 ____D C:\Users\rache\AppData\Local\spaecml
2018-05-19 12:56 - 2018-05-19 12:56 - 000000000 ____D C:\Users\rache\AppData\Local\wmhgxse
2018-05-19 11:45 - 2018-05-19 11:58 - 172661090 _____ (alch ) C:\Users\rache\Documents\clamwin-0.99.4-setup.exe
2018-05-19 11:36 - 2018-05-19 12:27 - 000000000 ____D C:\Users\rache\Documents\Chameleon files
2018-05-19 11:30 - 2018-05-19 11:30 - 000000000 ____D C:\Users\rache\AppData\Local\mscpbhx
2018-05-19 11:26 - 2018-05-19 11:26 - 000003254 _____ C:\WINDOWS\System32\Tasks\{9D6137D3-F294-4C9A-9A1B-4B3EC07EDEDC}
2018-05-19 11:25 - 2018-05-19 11:25 - 000000000 ____D C:\Users\rache\AppData\Local\niaskml
2018-05-19 11:24 - 2018-05-19 11:24 - 000000000 ____D C:\Users\rache\AppData\Roaming\c
2018-05-19 03:27 - 2018-05-20 19:57 - 000000000 ____D C:\Users\rache\AppData\Local\nihutwx
2018-05-19 03:27 - 2018-05-19 03:28 - 000000000 ____D C:\Users\rache\AppData\Local\wmcagent
2018-05-19 03:27 - 2018-05-19 03:27 - 000000000 ____D C:\Users\rache\AppData\Local\CEF
2018-05-19 03:22 - 2018-05-21 19:33 - 000000000 ____D C:\Users\rache\AppData\Local\sidwcut
2018-05-19 03:22 - 2018-05-19 03:22 - 000000000 ____D C:\Users\rache\AppData\Local\weixbpd
2018-05-19 03:20 - 2018-05-21 19:25 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\psmgbwlsvc.exe
2018-05-19 03:20 - 2018-05-19 12:49 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 11:25 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Users\rache\AppData\Roaming\AGData
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b61555728
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b47778291
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\system32\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Roaming\et
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Local\XService
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\ProgramData\1526714412
2018-05-19 03:18 - 2018-05-19 13:42 - 000000000 ____D C:\Program Files (x86)\uncultivated
2018-05-19 03:18 - 2018-05-19 03:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003854 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003852 _____ C:\WINDOWS\System32\Tasks\hijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003848 _____ C:\WINDOWS\System32\Tasks\waterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003846 _____ C:\WINDOWS\System32\Tasks\seduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003842 _____ C:\WINDOWS\System32\Tasks\reggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\smolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\lomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\mayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\glistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\litman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\gruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\engage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003828 _____ C:\WINDOWS\System32\Tasks\boughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003826 _____ C:\WINDOWS\System32\Tasks\ruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003812 _____ C:\WINDOWS\System32\Tasks\lare
2018-05-19 03:18 - 2018-05-19 03:18 - 000003762 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\hijack diddled anydayhijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbeddrugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003734 _____ C:\WINDOWS\System32\Tasks\waterfront kickerswaterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003724 _____ C:\WINDOWS\System32\Tasks\lomax_californiumlomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003722 _____ C:\WINDOWS\System32\Tasks\mayor_assimilatesmayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003720 _____ C:\WINDOWS\System32\Tasks\reggie-eubanksreggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\seducedseduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\litman amnioticlitman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003706 _____ C:\WINDOWS\System32\Tasks\boughs_chalkerboughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\smolensksmolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\gruel-secogruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003700 _____ C:\WINDOWS\System32\Tasks\glistensglistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003696 _____ C:\WINDOWS\System32\Tasks\ruggednessruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003692 _____ C:\WINDOWS\System32\Tasks\engageengage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003670 _____ C:\WINDOWS\System32\Tasks\larelare
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\tippy
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Msg
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\harewood
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Coherent
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Users\rache\AppData\Roaming\ww.fm
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\thoughout
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Subwoofer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\oppressed
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Longer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Disbelieves
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Cutely
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\borrow
2018-05-19 03:17 - 2018-05-19 11:23 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-05-19 03:17 - 2018-05-19 03:17 - 000003368 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-startup-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-05-19 03:17 - 2018-05-19 03:17 - 000002994 _____ C:\WINDOWS\System32\Tasks\Chameleon Task Manager-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000002990 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microleaves
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Local\AdvinstAnalytics
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe
2018-05-19 03:15 - 2018-05-19 04:43 - 000000000 ____D C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54
2018-05-19 03:15 - 2018-05-19 03:44 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-05-19 03:15 - 2018-05-19 03:15 - 001520640 _____ C:\WINDOWS\zwntajurckoojsrj.zwn
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\WINDOWS\muzak.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\WINDOWS\streaked.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Planted.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Cloying.exe
2018-05-18 14:11 - 2018-05-18 15:58 - 000000000 ____D C:\Windows10Upgrade
2018-05-18 14:11 - 2018-05-18 14:11 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ C:\Users\rache\AppData\Roaming\update.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 001871360 _____ C:\WINDOWS\a0d42c4183d802864df49d37648ea35c.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 000311032 _____ C:\WINDOWS\system32\Drivers\dedc2ea731860b7257381e5d9151d85d.sys
2018-05-18 07:16 - 2018-05-18 07:16 - 000041211 _____ C:\WINDOWS\uninstaller.dat
2018-05-17 03:52 - 2018-05-17 03:52 - 000033651 _____ C:\Users\rache\Documents\Rachel Tidwell Resume 2018.pdf
2018-05-16 04:49 - 2018-05-18 14:06 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-05-16 03:02 - 2018-05-16 03:02 - 000000000 ___HD C:\$SysReset
2018-05-16 02:52 - 2018-05-20 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-15 11:39 - 2018-05-16 02:11 - 000000000 ____D C:\Program Files\VideoLAN
2018-05-14 06:54 - 2018-03-21 23:17 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2018-05-14 06:54 - 2018-03-21 23:13 - 004601856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-05-14 06:54 - 2018-03-21 23:03 - 005854208 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-05-14 06:54 - 2018-03-21 23:03 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-05-14 06:54 - 2018-03-02 04:20 - 000421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2018-05-14 06:54 - 2018-02-12 17:52 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-05-14 06:54 - 2018-02-12 17:49 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-05-14 06:54 - 2018-02-12 17:49 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-05-14 06:54 - 2018-02-12 17:49 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-05-14 06:54 - 2017-08-08 01:12 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2018-05-14 06:54 - 2017-03-28 01:38 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2018-05-14 06:54 - 2017-03-28 01:34 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2018-05-14 06:54 - 2017-03-04 02:20 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2018-05-14 06:54 - 2017-03-04 02:16 - 002221056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2018-05-14 06:54 - 2016-12-14 00:42 - 000384000 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2018-05-14 06:54 - 2016-12-14 00:41 - 000362496 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2018-05-14 06:54 - 2016-12-09 05:45 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2018-05-14 06:54 - 2016-12-09 05:42 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2018-05-14 06:54 - 2016-12-09 05:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2018-05-14 06:54 - 2016-12-09 05:37 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2018-05-14 06:54 - 2016-12-09 05:24 - 006583296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2018-05-14 06:54 - 2016-12-09 05:17 - 004978176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2018-05-14 06:43 - 2018-05-14 06:43 - 001129816 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2018-05-14 03:40 - 2018-05-14 03:40 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easy PC Optimizer
2018-05-14 03:03 - 2018-05-18 15:58 - 000000036 _____ C:\WINDOWS\progress.ini
2018-05-11 03:12 - 2018-05-11 02:25 - 002074540 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
2018-05-11 03:12 - 2018-05-11 02:25 - 000165104 _____ C:\WINDOWS\system32\IntelWifiIhv04.dll
2018-05-11 03:09 - 2018-05-11 03:10 - 000000000 ____D C:\trusted execution
2018-05-11 03:09 - 2018-05-11 02:37 - 000402584 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2018-05-11 03:09 - 2018-05-11 02:37 - 000117392 _____ C:\WINDOWS\system32\Drivers\ibtfw.dat
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easeware
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Program Files\Easeware
2018-05-06 05:24 - 2018-05-06 05:24 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-05-06 04:51 - 2018-05-06 04:51 - 000000340 _____ C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Videos.lnk
2018-05-04 08:13 - 2018-05-14 03:05 - 000007607 _____ C:\Users\rache\AppData\Local\resmon.resmoncfg
2018-05-01 21:35 - 2018-05-01 21:35 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-04-25 23:16 - 2018-04-25 23:16 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-04-25 23:16 - 2018-04-25 23:16 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-04-25 23:16 - 2016-07-15 19:28 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2018-04-25 23:16 - 2016-07-15 19:28 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2018-04-25 23:16 - 2016-07-15 19:27 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2018-04-25 23:16 - 2016-07-15 19:26 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2018-04-25 23:15 - 2016-07-15 19:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2018-04-25 23:15 - 2016-07-15 19:25 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2018-04-25 23:15 - 2016-07-15 19:23 - 014388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2018-04-25 23:15 - 2016-07-15 19:22 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2018-04-25 23:15 - 2016-07-15 19:22 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2018-04-25 23:15 - 2016-07-15 19:19 - 001323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2018-04-25 23:15 - 2016-07-15 19:16 - 004969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2018-04-25 23:15 - 2016-07-15 19:13 - 002005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2018-04-25 23:15 - 2016-07-15 19:13 - 001198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2018-04-25 23:15 - 2016-07-15 19:13 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2018-04-25 23:15 - 2016-07-15 19:12 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2018-04-25 23:15 - 2016-07-15 19:12 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2018-04-25 23:15 - 2016-07-15 19:11 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2018-04-25 23:15 - 2016-07-15 18:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2018-04-25 23:15 - 2016-07-15 18:41 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2018-04-25 23:15 - 2016-07-15 18:39 - 011670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2018-04-25 23:15 - 2016-07-15 18:38 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2018-04-25 23:15 - 2016-07-15 18:37 - 001074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2018-04-25 23:15 - 2016-07-15 18:35 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2018-04-25 23:15 - 2016-07-15 18:32 - 003701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2018-04-25 23:15 - 2016-07-15 18:29 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2018-04-25 23:15 - 2016-07-15 18:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2018-04-25 23:15 - 2016-07-15 18:29 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2018-04-25 12:49 - 2018-04-25 12:49 - 000000749 _____ C:\Printerdiagnostic10.diagcab
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\rache\AppData\Local\Conexant
2018-04-25 09:27 - 2018-04-25 09:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2018-04-25 08:51 - 2015-08-08 09:22 - 000135288 _____ (Conexant Systems, Inc.) C:\CxUtilSvc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-21 23:25 - 2016-07-16 02:04 - 016777216 _____ C:\WINDOWS\system32\config\HARDWARE
2018-05-21 22:17 - 2016-10-26 07:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-21 19:29 - 2016-10-26 07:23 - 005658614 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-21 19:24 - 2016-07-16 02:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-20 21:54 - 2016-10-26 07:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-20 21:34 - 2017-10-08 23:55 - 000000000 __SHD C:\Users\rache\IntelGraphicsProfiles
2018-05-20 21:34 - 2016-10-26 07:19 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-20 21:20 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-20 21:02 - 2017-10-08 19:53 - 000000000 ____D C:\Users\rache
2018-05-20 20:14 - 2016-11-18 07:18 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-20 17:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-20 17:05 - 2017-10-08 19:53 - 000000000 ____D C:\Users\rache\AppData\Local\Packages
2018-05-20 17:05 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-19 12:11 - 2017-07-31 20:12 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-19 12:10 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2018-05-19 11:39 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Registration
2018-05-19 11:30 - 2017-10-10 05:35 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{066E0E56-C1DE-40AB-B9C0-83D41E5F38BB}
2018-05-19 11:27 - 2018-01-28 21:23 - 000000000 ____D C:\Users\rache\AppData\Local\ElevatedDiagnostics
2018-05-18 16:31 - 2016-10-26 07:40 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2018-05-18 16:31 - 2016-10-26 07:40 - 000001890 _____ C:\WINDOWS\diagerr.xml
2018-05-18 15:07 - 2018-04-20 05:25 - 000000000 ___HD C:\$GetCurrent
2018-05-18 14:01 - 2018-03-29 18:18 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForrache.job
2018-05-17 18:47 - 2018-03-29 18:18 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForrache
2018-05-17 15:31 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-16 04:43 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-16 04:39 - 2018-04-20 10:24 - 000000000 ___RD C:\DriverToolkit
2018-05-16 04:38 - 2018-04-20 10:24 - 000000000 ____D C:\CONEXANT
2018-05-16 04:38 - 2017-07-31 20:22 - 000000000 ____D C:\swsetup
2018-05-16 02:53 - 2016-10-03 14:24 - 000000000 ____D C:\ProgramData\Intel
2018-05-16 02:52 - 2016-10-26 07:19 - 000000000 ____D C:\Program Files\Intel
2018-05-14 03:19 - 2016-01-12 12:38 - 000000000 ___RD C:\Program Files (x86)\Online Services
2018-05-14 02:26 - 2017-08-03 06:30 - 000000000 ____D C:\Program Files\rempl
2018-05-11 02:40 - 2015-01-22 16:00 - 000146200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TXEIx64.sys
2018-05-11 02:37 - 2016-10-15 00:16 - 000542872 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2018-05-11 02:37 - 2016-10-15 00:16 - 000136680 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2018-05-11 02:24 - 2017-07-07 07:50 - 008614464 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw04.sys
2018-05-09 18:48 - 2018-04-04 20:31 - 000000000 ____D C:\Users\rache\AppData\Local\PackageStaging
2018-05-09 00:23 - 2016-10-12 20:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-09 00:15 - 2017-10-18 02:18 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 00:14 - 2016-10-12 20:32 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-05 13:17 - 2016-08-12 22:45 - 000000000 ____D C:\Intel
2018-05-05 03:02 - 2017-08-03 06:29 - 000000000 ____D C:\Program Files\UNP
2018-05-04 13:39 - 2017-10-08 19:54 - 000000000 ____D C:\Users\rache\AppData\Local\Publishers
2018-05-04 08:59 - 2017-10-08 19:29 - 000000000 ____D C:\ProgramData\WildTangentUninstall1770336
2018-05-04 08:39 - 2015-09-03 17:04 - 000000000 ___HD C:\SYSTEM.SAV
2018-05-04 08:29 - 2016-01-12 12:39 - 000000000 ____D C:\Program Files\HP
2018-05-04 08:27 - 2016-07-16 07:47 - 000000000 ____D C:\PerfLogs
2018-04-25 19:28 - 2018-03-01 02:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-25 12:54 - 2018-03-16 05:20 - 000000350 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-04-25 09:15 - 2016-10-26 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2018-04-25 07:27 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2018-05-14 06:43 - 2018-05-14 06:43 - 001129816 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ () C:\Users\rache\AppData\Roaming\update.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ () C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ () C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Planted.exe
2018-05-04 08:13 - 2018-05-14 03:05 - 000007607 _____ () C:\Users\rache\AppData\Local\resmon.resmoncfg
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ () C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\zaagjmpt.sys -> Access Denied <======= ATTENTION

LastRegBack: 2016-10-26 07:17

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by rache (21-05-2018 22:26:51)
Running from C:\Users\rache\Desktop
Windows 10 Home Version 1607 14393.2214 (X64) (2016-10-26 11:41:52)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1237543100-274015457-632876503-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1237543100-274015457-632876503-503 - Limited - Disabled)
Guest (S-1-5-21-1237543100-274015457-632876503-501 - Limited - Enabled)
rache (S-1-5-21-1237543100-274015457-632876503-1002 - Administrator - Enabled) => C:\Users\rache

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Out of date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: Total AV (Disabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Conexant I2S Audio Codec (HKLM\...\CNXT_AUDIO_I2S) (Version: 1.61.0.52 - Conexant)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
SearchAwesome (HKLM\...\d83b8966cc2672f3cfebde6b8c1eeb54) (Version: 13.14.1.236 (i1.0) - SearchAwesome) <==== ATTENTION
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DA171DF3-18B3-446E-BCA6-C08069850FD2}) (Version: 2.36.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-12-01] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02521561-550D-4F20-9297-8A2D1FF9AC6E} - System32\Tasks\engage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {11E4DC0C-5D22-4E36-B333-390C0441CADD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {13960FAE-1E9C-4900-B610-CF19CB98E89F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {1A9D131F-3F32-449F-909C-250244F3DD27} - System32\Tasks\gruel-secogruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {20337AB6-2D23-4710-ACF0-9CF0386CF85D} - System32\Tasks\gruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {2A9039E8-CB59-4784-A8C2-A71A5821578C} - System32\Tasks\reggie-eubanks => C:\Program Files (x86)\oppressed\Goodie.exe [2018-05-19] ()
Task: {31F264F1-A531-43EA-B211-49B75351E726} - System32\Tasks\boughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {357EDC63-2DC2-451E-80EC-8BFBEE9C8300} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {384A672F-FAE1-44FA-95C4-9F9FB72BC926} - System32\Tasks\mayor_assimilatesmayor_assimilates => C:\Users\rache\AppData\Local\Cloying.exe [2018-05-19] ()
Task: {3DD84AA1-C76F-40EB-A002-397911494F9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {438B028B-052E-47C2-B9EB-6EAF09A8A25E} - System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {443FBE41-59A1-4174-BE0B-47A4A33570A4} - System32\Tasks\Chameleon Monitor-rache => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2017-09-09] (NeoSoft Tools)
Task: {48801E12-6FCC-45BF-B699-B7A29CE11231} - System32\Tasks\waterfront kickerswaterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {48895843-3C9F-434A-9547-8B4FE9B55170} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {4ADEE4E8-646B-4C35-8F1D-E2C147BFB85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {4EF30618-3638-4DAF-878A-B2E24173451E} - System32\Tasks\litman amnioticlitman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {4F4E67B1-2412-44CC-B0A6-AC0EFD80937E} - System32\Tasks\seducedseduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {52907940-24B3-4017-93EB-86CFC7FB207D} - System32\Tasks\DriverToolkit Autorun => C:\DriverToolkit\DriverToolkit.exe
Task: {54A9BEED-443D-41A4-8490-43B0C89ACD09} - System32\Tasks\waterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {62C46639-0797-4A88-9026-25D6A7FB91EC} - System32\Tasks\ruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
Task: {64687CB4-8684-4F05-86BC-CA2DF75F6410} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {67D0453C-A896-4F5D-96B1-C90D0ED4B68A} - System32\Tasks\lare => C:\Program Files (x86)\borrow\borrow.exe [2018-05-19] ()
Task: {6C2AF64E-559E-444F-8338-815845F9EE57} - System32\Tasks\lomax_californiumlomax_californium => C:\Users\rache\AppData\Local\Goodie.exe [2018-05-19] ()
Task: {6DC818BB-0C69-46AA-A287-F537F2C93092} - System32\Tasks\reggie-eubanksreggie-eubanks => C:\Program Files (x86)\oppressed\Goodie.exe [2018-05-19] ()
Task: {6EEDCE71-8E19-4292-B98C-D841E2400FEC} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {701BA9B9-4622-4103-8DCC-60B106633B3F} - System32\Tasks\{9D6137D3-F294-4C9A-9A1B-4B3EC07EDEDC} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\a0d42c4183d802864df49d37648ea35c.exe
Task: {71AF7BA1-DD58-49D8-B050-140B2DCE827A} - System32\Tasks\drugstores_riverbed => C:\Program Files (x86)\Coherent\Outspent.exe [2018-05-19] ()
Task: {767D0EC0-AF21-4966-81F4-B33141999861} - System32\Tasks\smolensksmolensk => C:\Program Files (x86)\Disbelieves\betweens.exe [2018-05-19] ()
Task: {7A471A73-BABF-4754-92D9-78730528FF00} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\alvat\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7D4E0D4C-CD20-4A9E-B483-53EB6C11D8EE} - System32\Tasks\{48BBE404-92B9-4D2B-A833-EB93E7CAB1E9} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {8BC87EAF-1502-4E6D-8F80-CB82987669CF} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {91D9149C-EE16-4449-AE6F-FCC120A7ADC4} - System32\Tasks\hijack diddled anydayhijack diddled anyday => C:\Users\rache\AppData\Local\Outspent.exe [2018-05-19] ()
Task: {9D0286BE-76C6-4698-B49E-76554C212BDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {9E0D65B2-372E-423F-B3EB-EC88F8280775} - System32\Tasks\HPCeeScheduleForrache => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9F1018F8-4132-407C-B285-5E82B555983E} - System32\Tasks\mayor_assimilates => C:\Users\rache\AppData\Local\Cloying.exe [2018-05-19] ()
Task: {A200FFAB-4222-46C3-8F3C-6A35AD57B487} - System32\Tasks\{9AE50BD4-F99E-4280-9163-AD86FDC0EF41} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\rache\Downloads\sp74466.exe -d C:\Users\rache\Downloads
Task: {A3BE3569-E8D9-4C58-A9EA-BED3398F874A} - System32\Tasks\boughs_chalkerboughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {A4EA1899-1FCB-434F-92FE-4515022D7225} - System32\Tasks\hijack diddled anyday => C:\Users\rache\AppData\Local\Outspent.exe [2018-05-19] ()
Task: {AEB99A16-FDD4-4218-A40E-CF48AD8291F5} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {B646421B-6C7A-4DC7-8FFA-4AECC986824D} - System32\Tasks\ruggednessruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
Task: {B85ED329-4F45-4456-B4D8-5517CD440C32} - System32\Tasks\larelare => C:\Program Files (x86)\borrow\borrow.exe [2018-05-19] ()
Task: {B8E332BC-5429-4456-983D-FE52524460AF} - System32\Tasks\litman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {BC2FB2C1-6491-42B6-93AB-7DFA364F0E53} - System32\Tasks\lomax_californium => C:\Users\rache\AppData\Local\Goodie.exe [2018-05-19] ()
Task: {C77C8302-60BC-4AC3-8199-2F23F9854CC8} - System32\Tasks\engageengage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {C9E09DFD-486E-4B5F-8CF7-B835FF19AF83} - System32\Tasks\glistensglistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()
Task: {CE043B53-15B1-44C7-B7FC-41EC8AA7F087} - System32\Tasks\seduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {D0CC6780-2BE9-4D89-9E59-7E0B815C8646} - System32\Tasks\possiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {D1FA3ACC-5F4D-4F31-8A48-35986B9398AB} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D4E7C18F-11C0-4C62-9D5B-E4202CAE17FE} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D7638897-B50B-4684-A7E8-869A43A96B05} - System32\Tasks\smolensk => C:\Program Files (x86)\Disbelieves\betweens.exe [2018-05-19] ()
Task: {D9447C12-3DF0-4D72-86B0-90362D606F7F} - System32\Tasks\{63FC1E0D-E4E4-457A-A7E3-F291D845E281} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\DriverToolkit\unins000.exe"
Task: {DB4F1DCD-DAD0-4D8F-8671-9D8B91118FC7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1237543100-274015457-632876503-1001 => C:\Users\rache\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E1113BFD-F906-483B-BCDE-C6F914322FF0} - System32\Tasks\drugstores_riverbeddrugstores_riverbed => C:\Program Files (x86)\Coherent\Outspent.exe [2018-05-19] ()
Task: {E5097B5E-3B06-4863-837E-9B79A14A1D0F} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {F0449E94-784A-42F1-BB3D-A45F89BF233C} - System32\Tasks\Chameleon Task Manager-rache => C:\Program Files (x86)\Chameleon Task Manager\manager_task.exe
Task: {F2B3FF17-21B2-482D-B192-749BDAAC158E} - System32\Tasks\{7A16580D-19CA-4AF5-945E-304E7624BBD2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeDVDVideoConverter
Task: {F8531B2B-FC54-4947-BD61-A735CE1E13E6} - System32\Tasks\{7B09D9C6-C128-4129-B018-C569A696D3BD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\unins000.exe"
Task: {FC78D358-D94A-42E8-A330-B281D2647FF0} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {FD516DDF-FD21-4D84-BC23-39F641AD2CA4} - System32\Tasks\Chameleon Monitor-startup-rache => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2017-09-09] (NeoSoft Tools)
Task: {FED53143-3D8C-4952-BCF1-A58211A097A3} - System32\Tasks\glistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForrache.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2018-04-11 21:03 - 2018-03-21 23:45 - 002681712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-27 14:28 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-08-03 05:30 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-04-20 04:57 - 2018-04-02 23:45 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-20 04:57 - 2018-04-02 23:34 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-04-20 04:57 - 2018-04-02 23:38 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [124]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\google.com -> hxxps://google.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2018-05-19 03:19 - 000001781 _____ C:\WINDOWS\system32\Drivers\etc\hosts

104.251.211.173 clients2.google.com
162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 HYPERLINK www.howcast.com www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 HYPERLINK www.ustream.tv www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 HYPERLINK www.livestream.com www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 HYPERLINK www.dailymotion.com www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 HYPERLINK www.virustotal.com www.virustotal.com
192.192.3.8 virustotal.com
162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 HYPERLINK www.howcast.com www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 HYPERLINK www.ustream.tv www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 HYPERLINK www.livestream.com www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 HYPERLINK www.dailymotion.com www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 HYPERLINK www.virustotal.com www.virustotal.com
192.192.3.8 virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1237543100-274015457-632876503-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rache\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86523009-7D94-4EFD-BEF9-DEB6D18CAAAF}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{D7593720-C446-45A3-B20A-C1AC8F6DA8D9}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{369B2652-DD40-4542-81E6-1EAF9B32B85B}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{17D885AD-C180-407A-A93D-EEB9A6DFA800}] => (Allow) C:\Windows\System32\TCPSVCS.EXE

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Intel® Serial IO UART Controller
Description: Intel® Serial IO UART Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iauarte
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel® Serial IO UART Controller
Description: Intel® Serial IO UART Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iauarte
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel® Dual Band Wireless-AC 3165
Description: Intel® Dual Band Wireless-AC 3165
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2018 09:53:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Goodie.exe version 8.7.4.49 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1048

Start Time: 01d3f0a3cda14346

Termination Time: 30765

Application Path: C:\Program Files (x86)\Coherent\Goodie.exe

Report Id: 3074258d-5c99-11e8-b9aa-b88198e14f78

Faulting package full name:

Faulting package-relative application ID:

Error: (05/20/2018 09:33:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28696 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 111
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply controls...
Participant: TCPU [4]
Policy: DBPT Policy [2]

Error: (05/20/2018 09:33:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28677 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control - The participant at the given index is not valid.
Policy: DBPT Policy [2]

Error: (05/20/2018 09:33:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28666 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control - The participant at the given index is not valid.
Policy: DBPT Policy [2]

Error: (05/20/2018 09:33:53 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28653 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control - The participant at the given index is not valid.
Policy: DBPT Policy [2]

Error: (05/20/2018 09:33:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28197 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\LpmPolicy\LpmPolicy.cpp @ line 1086
Executing Function: LpmPolicy::getLpmModeFromPowerSettingsValue
Message: Invalid version in validateLpm
Policy: LPM Policy [3]

Error: (05/20/2018 09:33:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28194 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control - The participant at the given index is not valid.
Policy: DBPT Policy [2]

Error: (05/20/2018 09:33:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 28161 ms

DPTF Build Version: 8.1.9999.1651
DPTF Build Date: Jul 9 2015 19:47:02
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control - The participant at the given index is not valid.
Policy: DBPT Policy [2]


System errors:
=============
Error: (05/21/2018 10:27:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/21/2018 10:26:58 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/21/2018 10:26:53 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/21/2018 10:26:53 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/21/2018 10:26:52 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/21/2018 10:26:52 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/21/2018 10:26:50 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/21/2018 10:26:50 PM) (Source: DCOM) (EventID: 10005) (User: TABLET-MQNK2CAL)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Windows Defender:
===================================
Date: 2018-05-16 22:21:25.847
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {135A43E5-7E12-48B7-AB3F-4C24F2025A81}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-14 04:22:30.054
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {3FD7CB0E-74A9-4D67-9BC8-2359358A71CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-08 01:49:32.080
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {88CCD560-6615-4022-8B31-86C232D6CAD2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-07 13:07:28.622
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5A0C14BF-7195-4A2B-9156-535522E4A52F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-03 18:06:18.462
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9FFC360D-9289-4F74-999A-F1C4A7AE50F0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-16 14:11:27.657
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1442.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-16 04:55:49.459
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1442.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-16 03:05:53.628
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-16 02:39:40.536
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-16 02:16:46.694
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-05-13 21:03:06.775
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-13 21:03:06.634
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 19:35:16.844
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 19:35:16.739
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 01:19:59.987
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 01:19:59.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-25 19:28:35.098
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-25 19:28:35.092
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Atom™ x5-Z8300 CPU @ 1.44GHz
Percentage of memory in use: 48%
Total physical RAM: 1970.05 MB
Available physical RAM: 1007.44 MB
Total Virtual: 3442.05 MB
Available Virtual: 2637.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:27.72 GB) (Free:2.46 GB) NTFS
Drive d: () (Removable) (Total:29.71 GB) (Free:22.41 GB) FAT32

HYPERLINK "\\\\?\\Volume{241c92a0-421a-4a8a-a7ce-791f7b992584}\\"\\?\Volume{241c92a0-421a-4a8a-a7ce-791f7b992584}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 22 May 2018 - 08:39 AM

Greetings Ray and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. If you are able, please boot into Normal Boot and rerun a FRST scan.

Boot Mode: Safe Mode (with Networking)

Edited by Oh My!, 22 May 2018 - 08:43 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 May 2018 - 02:56 PM


Greetings Ray and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. If you are able, please boot into Normal Boot and rerun a FRST scan.

Boot Mode: Safe Mode (with Networking)



#4 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 May 2018 - 03:02 PM


Oh Gary, I'm so glad you responded! I was following bleepingcomputers Remove the Search Awesome adware guidelines and I got to step three and I had printed the Preparation guide for use before using malware removal tools and requesting help. I ran the FRST reports and sent them as attachments...but under a different topic heading. I will find them asap and send. While I was running the steps I went through that and noticed there was more to do and that it talked about sending in a topic and telling y'all what was wrong and I was so excited because I did not know that you guys can help. So I stopped at installing the malwarebytes Anti-Malware...it took an hour and a half and it started scanning and then the whole computer froze up with a black screen. I can't turn it off I can't do anything it's just a black screen but it's on I don't have it plugged in so that it will go dead.
I downloaded and ran rkill, iExplore.exe and this virus went crazy. While malwarebytes was running I sent yall the emails and went back and it was frozen on the malwarebytes page. All the programs in this guideline were downloaded to my device before it froze. I'm trying to include pics with no luck. I will get those reports to you when I get home!pictures. I wont lay another finger on it till you tell me too, I promise!!!

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 22 May 2018 - 03:31 PM

Greetings,

If your computer is still on simply hold down the power button until it shuts itself off. Let me know if you are unable to complete a scan in Normal Boot and we will go from there. We can work with Safe Mode but Normal Boot is better, if possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 22 May 2018 - 07:14 PM

Hi Gary, its off now and will barely hold a charge. When it turns on I will attempt to run the reports. Whatever is corrupting the device wont let me download much and will shut the system down as the download completes. Ill let you know!

#7 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 23 May 2018 - 10:00 PM

Hey Gary, it took a long while to get to the FRST download, then actually run it but here are the results run in regular startup mode. I read somewhere I should back up my stuff but wouldn't I back up this adware too? I await further instruction, thanks.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by rache (administrator) on TABLET-MQNK2CAL (22-05-2018 20:42:30)
Running from C:\Users\rache\Desktop
Loaded Profiles: rache (Available Profiles: rache)
Platform: Windows 10 Home Version 1607 14393.2214 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\psmgbwlsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\MDMAgent.exe
() C:\Program Files (x86)\Subwoofer\Outspent.exe
() C:\Program Files (x86)\thoughout\Cloying.exe
() C:\Program Files (x86)\oppressed\Goodie.exe
(Microsoft Corporation) C:\Windows\System32\EOSNotify.exe
() C:\Program Files (x86)\Msg\Planted.exe
() C:\Program Files (x86)\Coherent\Goodie.exe
() C:\Program Files (x86)\Longer\Planted.exe
() C:\Program Files (x86)\borrow\borrow.exe
() C:\Program Files (x86)\Coherent\Outspent.exe
() C:\Users\rache\AppData\Local\Cloying.exe
() C:\Users\rache\AppData\Local\Outspent.exe
() C:\Program Files (x86)\Msg\Cloying.exe
() C:\Users\rache\AppData\Local\Goodie.exe
() C:\Users\rache\AppData\Local\Planted.exe
() C:\Program Files (x86)\Disbelieves\betweens.exe
(NeoSoft Tools) C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe
() C:\Program Files (x86)\Cutely\desensitizing.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NeoSoft Tools) C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Windows\System32\CXAPOAgent64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
() C:\Program Files (x86)\Subwoofer\Outspent.exe
() C:\Program Files (x86)\oppressed\Goodie.exe
() C:\Program Files (x86)\Coherent\Outspent.exe
() C:\Program Files (x86)\Longer\Planted.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CXAPOAgent] => C:\Windows\System32\CXAPOAgent64.exe [795272 2015-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Logistical] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Vixen] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM\...\Run: [Bergstein] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Hadi] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM\...\Run: [Guzzles] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM\...\Run: [Jm] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Phoning] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Deason] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Initials] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Oversize] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Luxuriated] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Bearish] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Chromium] => "c:\users\rache\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [hiakbk] => rundll32.exe "C:\Users\rache\AppData\Local\hiakbk.dll",hiakbk <==== ATTENTION
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Weakening] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Pickard] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Nunn] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Hoyt] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Rodale] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Cutie] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Eleemosynary] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Amazon] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Virgins] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Kas] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Erwin] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Honourable] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [axford] => C:\Program Files (x86)\harewood\axford.exe [49942 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [bouche] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [dioxide] => C:\Program Files (x86)\tippy\dioxide.exe [49943 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [nihilists] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\MountPoints2: {a86f5d2b-faa8-11e7-b928-f1083610715e} - "D:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371920 2018-03-21] (Microsoft Corporation)
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlock.lnk [2018-05-19]
ShortcutTarget: headlock.lnk -> C:\Program Files (x86)\Longer\Planted.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlockheadlock.lnk [2018-05-19]
ShortcutTarget: headlockheadlock.lnk -> C:\Program Files (x86)\thoughout\Cloying.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworski.lnk [2018-05-19]
ShortcutTarget: jaworski.lnk -> C:\Program Files (x86)\Subwoofer\Outspent.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworskijaworski.lnk [2018-05-19]
ShortcutTarget: jaworskijaworski.lnk -> C:\Program Files (x86)\oppressed\Goodie.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{62199a87-2292-43e2-9cc0-434b56847621}: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{708301a3-ffff-4232-8389-d3a914922851}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1237543100-274015457-632876503-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {C7764670-A384-49BD-B45E-9C01B3B9FDD7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default [2018-05-22]
CHR Extension: (No Name) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-05-04]
CHR Extension: (Superman) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknmbkgpmhdhkljehlhgfobimkncckgm [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Wonderful Weather) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd [2018-05-22]
CHR Extension: (Chrome Media Router) - C:\Users\rache\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\rclwb <==== ATTENTION (Rootkit!)
 
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-08] (Conexant Systems, Inc.)
S2 d83b8966cc2672f3cfebde6b8c1eeb54; C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54\c177eee7774d1cf0d276967bc39dd5b4.exe [1574336 2018-05-18] ()
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1408616 2015-12-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-12-01] (Intel Corporation)
R2 MicroService; C:\Users\rache\AppData\Local\XService\XService.dll [585216 2018-05-19] () [File not signed]
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-25] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
R2 e1ab6ed85e93af0a7a4033471fb856c3; rundll32.exe C:\WINDOWS\zwntajurckoojsrj.zwn fJmAxyAy [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [937856 2015-12-01] (Intel® Corporation)
R3 cx2072x; C:\WINDOWS\system32\DRIVERS\cx2072x.sys [67104 2015-11-25] (Conexant System, Inc.)
R1 dedc2ea731860b7257381e5d9151d85d; C:\WINDOWS\System32\drivers\dedc2ea731860b7257381e5d9151d85d.sys [311032 2018-05-18] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72584 2017-01-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-12-01] (Intel Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [251384 2015-12-01] (Intel Corporation)
S3 ETDHIDUSB; C:\WINDOWS\System32\drivers\ETDHIDUSB.sys [223224 2015-10-21] (ELAN Microelectronic Corp.)
S3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [26112 2015-12-01] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [38688 2015-12-01] (Intel)
S3 iagpioe; C:\WINDOWS\System32\drivers\iagpioe.sys [33280 2015-12-01] (Intel® Corporation)
S3 iai2ce; C:\WINDOWS\System32\drivers\iai2ce.sys [81408 2015-12-01] (Intel® Corporation)
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [28432 2015-12-01] (Intel® Corporation)
R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [62976 2015-12-01] (Intel® Corporation)
R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [103936 2015-12-01] (Intel® Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136680 2018-05-11] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5891720 2015-12-01] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [668160 2015-12-01] ()
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [139576 2016-01-24] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [51488 2015-12-01] (Intel)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-22] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-22] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2015-12-01] (Intel® Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6711048 2015-11-05] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614464 2018-05-11] (Intel Corporation)
R3 ov9728; C:\WINDOWS\System32\drivers\ov9728.sys [119408 2015-12-01] (Intel® Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [100864 2015-12-01] (Intel® Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2018-05-11] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\rache\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 dnbawkg; System32\drivers\dtmiupcs.sys [X]
R3 txadhk; system32\drivers\adgknq.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-22 20:43 - 2018-05-22 20:43 - 000000000 ____D C:\Users\rache\AppData\Local\sbcawkg
2018-05-22 03:55 - 2018-05-22 04:21 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-22 03:54 - 2018-05-22 03:54 - 000000000 ____D C:\Spacekace
2018-05-22 03:43 - 2018-05-22 04:32 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-22 03:43 - 2018-05-22 03:43 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-22 03:42 - 2018-05-22 03:42 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-22 03:42 - 2018-05-22 03:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-22 03:41 - 2018-05-22 03:41 - 000000000 ____D C:\Users\rache\AppData\Local\weaghsk
2018-05-22 03:41 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-22 03:39 - 2018-05-22 03:39 - 000142672 ____N C:\WINDOWS\system32\Drivers\zaafimps.sys
2018-05-22 03:26 - 2018-05-22 03:42 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-22 03:26 - 2018-05-22 03:42 - 000103648 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-22 03:25 - 2018-05-22 03:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-22 03:25 - 2018-05-22 03:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-22 03:17 - 2018-05-22 03:17 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-22 03:17 - 2018-05-22 03:17 - 000002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-22 03:13 - 2018-05-22 03:13 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-22 03:13 - 2018-05-22 03:13 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-22 03:11 - 2018-05-22 03:12 - 000000000 ____D C:\Users\rache\AppData\Local\Deployment
2018-05-22 03:11 - 2018-05-22 03:11 - 000000000 ____D C:\Users\rache\AppData\Local\Apps\2.0
2018-05-22 03:04 - 2018-05-22 03:04 - 000000000 ____D C:\Users\rache\AppData\Local\atehogm
2018-05-22 03:02 - 2018-05-22 03:02 - 000670772 _____ C:\WINDOWS\Minidump\052218-19640-01.dmp
2018-05-22 02:49 - 2018-05-22 02:49 - 000000000 ____D C:\Users\rache\AppData\Local\snntglx
2018-05-22 02:47 - 2018-05-22 03:14 - 000000000 ____D C:\Users\rache\Documents\Chameleon files
2018-05-22 02:47 - 2018-05-22 02:47 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\rkill64.exe
2018-05-22 02:46 - 2018-05-22 02:46 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\iExplore (1)64.exe
2018-05-22 02:14 - 2018-05-22 02:14 - 000000000 ____D C:\Users\rache\AppData\Local\updghbv
2018-05-22 01:05 - 2018-05-22 01:05 - 000000193 _____ C:\WINDOWS\WORDPAD.INI
2018-05-22 00:09 - 2018-05-22 00:09 - 000000000 ____D C:\Users\rache\AppData\Local\wddovat
2018-05-21 22:26 - 2018-05-21 22:27 - 000036629 _____ C:\Users\rache\Desktop\Addition.txt
2018-05-21 22:24 - 2018-05-22 20:44 - 000022447 _____ C:\Users\rache\Desktop\FRST.txt
2018-05-21 22:23 - 2018-05-22 20:42 - 000000000 ____D C:\FRST
2018-05-21 22:18 - 2018-05-21 22:00 - 002413056 _____ (Farbar) C:\Users\rache\Desktop\FRST64.exe
2018-05-21 19:33 - 2018-05-21 19:33 - 000000000 ____D C:\Users\rache\AppData\Local\niemdwg
2018-05-21 19:19 - 2017-07-24 20:30 - 001838144 _____ (Solvusoft) C:\Users\rache\Desktop\Setup_FileViewPro_2016.exe
2018-05-21 19:17 - 2018-05-21 15:38 - 167302376 _____ (Microsoft Corporation) C:\Users\rache\Desktop\msert.exe
2018-05-21 19:16 - 2018-05-21 18:52 - 004002104 _____ (Secunia) C:\Users\rache\Desktop\PSISetup.exe
2018-05-21 19:15 - 2018-05-21 18:45 - 011599632 _____ (SurfRight B.V.) C:\Users\rache\Desktop\HitmanPro_x64.exe
2018-05-21 19:15 - 2018-05-21 15:41 - 007271632 _____ (Malwarebytes) C:\Users\rache\Desktop\Cleaner.exe
2018-05-21 19:14 - 2018-05-21 19:14 - 000000000 ____D C:\AdwCleaner
2018-05-21 19:13 - 2018-05-21 18:43 - 006625600 _____ (Zemana Ltd. ) C:\Users\rache\Desktop\Zemana.Setup.exe
2018-05-21 19:11 - 2018-05-21 18:42 - 074288784 _____ (Malwarebytes ) C:\Users\rache\Desktop\bitemywart.exe
2018-05-21 18:53 - 2018-05-19 13:55 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\rkill-unsigned.exe
2018-05-21 15:33 - 2018-05-21 15:33 - 000000000 ____D C:\Users\rache\AppData\Local\wekczsx
2018-05-21 14:39 - 2018-05-21 14:39 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\rkill.exe
2018-05-21 14:38 - 2018-05-21 14:38 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\iExplore (1).exe
2018-05-21 14:38 - 2018-05-21 14:36 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Desktop\iExplore64.exe
2018-05-20 21:35 - 2018-05-20 21:35 - 000000000 ____D C:\Users\rache\AppData\Local\vscprnu
2018-05-20 21:11 - 2018-05-20 21:11 - 000000000 ____D C:\Users\rache\AppData\Local\weivlgo
2018-05-20 21:03 - 2018-05-20 21:03 - 000000000 ____D C:\Users\rache\AppData\Local\widpzvn
2018-05-20 20:14 - 2018-05-20 20:14 - 000671116 _____ C:\WINDOWS\Minidump\052018-23343-01.dmp
2018-05-20 19:52 - 2018-05-20 19:52 - 000000000 ____D C:\Users\rache\AppData\Local\sbndawx
2018-05-20 19:50 - 2018-05-20 19:50 - 000000000 ____D C:\WINDOWS\Panther
2018-05-20 19:43 - 2018-05-20 19:43 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill64-4524.com
2018-05-20 18:48 - 2018-05-20 18:48 - 000000000 ____D C:\Users\rache\AppData\Local\iaawvrd
2018-05-20 18:26 - 2018-05-20 18:26 - 000000000 ____D C:\Users\rache\AppData\Local\zasxvme
2018-05-20 18:15 - 2018-05-20 18:15 - 000142672 _____ C:\WINDOWS\system32\Drivers\zaazcfim.sys
2018-05-20 18:07 - 2018-05-20 18:09 - 113252945 _____ C:\Users\rache\Downloads\msert (2).exe.6hvqpp2.partial
2018-05-20 18:07 - 2018-05-20 18:09 - 090509168 _____ C:\Users\rache\Downloads\msert (1).exe.5gjy3vk.partial
2018-05-20 18:00 - 2018-05-20 18:03 - 166332128 _____ (Microsoft Corporation) C:\Users\rache\Downloads\msert.exe
2018-05-20 17:57 - 2018-05-20 17:57 - 000000000 ____D C:\Users\rache\AppData\Local\niotslc
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\rache\AppData\Local\iadbxrl
2018-05-20 17:11 - 2018-05-20 17:11 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-05-20 17:06 - 2018-05-20 17:06 - 011093688 _____ C:\Users\rache\Downloads\TotalAV_Setup.exe
2018-05-20 17:02 - 2018-05-20 17:02 - 000000000 ____D C:\Users\rache\AppData\Local\wihtlcn
2018-05-20 16:47 - 2018-05-20 16:47 - 000000000 ____D C:\Users\rache\AppData\Local\excpawu
2018-05-20 16:31 - 2018-05-20 16:31 - 000000000 ____D C:\Users\rache\AppData\Local\pchulto
2018-05-20 16:29 - 2018-05-22 02:13 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-20 16:25 - 2018-05-20 16:25 - 000000000 ____D C:\Users\rache\Documents\Log
2018-05-19 14:26 - 2018-05-19 14:26 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill64.com
2018-05-19 14:25 - 2018-05-19 14:26 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\rache\Downloads\rkill.com
2018-05-19 14:20 - 2018-05-19 14:20 - 000000000 ____D C:\Users\rache\Desktop\New folder
2018-05-19 14:14 - 2018-05-19 14:14 - 000000210 _____ C:\Users\rache\Documents\fixlist.txt
2018-05-19 14:09 - 2018-05-22 04:11 - 000031586 _____ C:\Users\rache\Desktop\Rkill.txt
2018-05-19 14:09 - 2018-05-19 14:09 - 000000000 ____D C:\Users\rache\AppData\Local\recopkd
2018-05-19 13:39 - 2018-05-19 13:39 - 000000000 ____D C:\Users\rache\AppData\Local\avbzdlx
2018-05-19 13:02 - 2018-05-19 13:02 - 000000000 ____D C:\Users\rache\AppData\Local\spaecml
2018-05-19 12:56 - 2018-05-19 12:56 - 000000000 ____D C:\Users\rache\AppData\Local\wmhgxse
2018-05-19 11:30 - 2018-05-19 11:30 - 000000000 ____D C:\Users\rache\AppData\Local\mscpbhx
2018-05-19 11:26 - 2018-05-19 11:26 - 000003254 _____ C:\WINDOWS\System32\Tasks\{9D6137D3-F294-4C9A-9A1B-4B3EC07EDEDC}
2018-05-19 11:25 - 2018-05-19 11:25 - 000000000 ____D C:\Users\rache\AppData\Local\niaskml
2018-05-19 11:24 - 2018-05-19 11:24 - 000000000 ____D C:\Users\rache\AppData\Roaming\c
2018-05-19 03:27 - 2018-05-22 20:49 - 000000000 ____D C:\Users\rache\AppData\Local\nihutwx
2018-05-19 03:27 - 2018-05-19 03:28 - 000000000 ____D C:\Users\rache\AppData\Local\wmcagent
2018-05-19 03:27 - 2018-05-19 03:27 - 000000000 ____D C:\Users\rache\AppData\Local\CEF
2018-05-19 03:22 - 2018-05-22 20:53 - 000000000 ____D C:\Users\rache\AppData\Local\sidwcut
2018-05-19 03:22 - 2018-05-19 03:22 - 000000000 ____D C:\Users\rache\AppData\Local\weixbpd
2018-05-19 03:20 - 2018-05-22 20:41 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\psmgbwlsvc.exe
2018-05-19 03:20 - 2018-05-19 12:49 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 11:25 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Users\rache\AppData\Roaming\AGData
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b61555728
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b47778291
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\system32\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Roaming\et
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Local\XService
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\ProgramData\1526714412
2018-05-19 03:18 - 2018-05-22 03:18 - 000000000 ____D C:\Users\rache\AppData\Roaming\ww.fm
2018-05-19 03:18 - 2018-05-19 13:42 - 000000000 ____D C:\Program Files (x86)\uncultivated
2018-05-19 03:18 - 2018-05-19 03:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003854 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003852 _____ C:\WINDOWS\System32\Tasks\hijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003848 _____ C:\WINDOWS\System32\Tasks\waterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003846 _____ C:\WINDOWS\System32\Tasks\seduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003842 _____ C:\WINDOWS\System32\Tasks\reggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\smolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\lomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\mayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\glistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\litman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\gruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\engage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003828 _____ C:\WINDOWS\System32\Tasks\boughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003826 _____ C:\WINDOWS\System32\Tasks\ruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003812 _____ C:\WINDOWS\System32\Tasks\lare
2018-05-19 03:18 - 2018-05-19 03:18 - 000003762 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\hijack diddled anydayhijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbeddrugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003734 _____ C:\WINDOWS\System32\Tasks\waterfront kickerswaterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003724 _____ C:\WINDOWS\System32\Tasks\lomax_californiumlomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003722 _____ C:\WINDOWS\System32\Tasks\mayor_assimilatesmayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003720 _____ C:\WINDOWS\System32\Tasks\reggie-eubanksreggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\seducedseduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\litman amnioticlitman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003706 _____ C:\WINDOWS\System32\Tasks\boughs_chalkerboughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\smolensksmolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\gruel-secogruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003700 _____ C:\WINDOWS\System32\Tasks\glistensglistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003696 _____ C:\WINDOWS\System32\Tasks\ruggednessruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003692 _____ C:\WINDOWS\System32\Tasks\engageengage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003670 _____ C:\WINDOWS\System32\Tasks\larelare
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\tippy
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Msg
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\harewood
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Coherent
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\thoughout
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Subwoofer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\oppressed
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Longer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Disbelieves
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Cutely
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\borrow
2018-05-19 03:17 - 2018-05-19 11:23 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-05-19 03:17 - 2018-05-19 03:17 - 000003368 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-startup-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-05-19 03:17 - 2018-05-19 03:17 - 000002994 _____ C:\WINDOWS\System32\Tasks\Chameleon Task Manager-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000002990 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microleaves
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Local\AdvinstAnalytics
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe
2018-05-19 03:15 - 2018-05-19 04:43 - 000000000 ____D C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54
2018-05-19 03:15 - 2018-05-19 03:44 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-05-19 03:15 - 2018-05-19 03:15 - 001520640 _____ C:\WINDOWS\zwntajurckoojsrj.zwn
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\WINDOWS\muzak.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\WINDOWS\streaked.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Planted.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Cloying.exe
2018-05-18 14:11 - 2018-05-18 15:58 - 000000000 ____D C:\Windows10Upgrade
2018-05-18 14:11 - 2018-05-18 14:11 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ C:\Users\rache\AppData\Roaming\update.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 001871360 _____ C:\WINDOWS\a0d42c4183d802864df49d37648ea35c.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 000311032 _____ C:\WINDOWS\system32\Drivers\dedc2ea731860b7257381e5d9151d85d.sys
2018-05-18 07:16 - 2018-05-18 07:16 - 000041211 _____ C:\WINDOWS\uninstaller.dat
2018-05-17 03:52 - 2018-05-17 03:52 - 000033651 _____ C:\Users\rache\Documents\Rachel Tidwell Resume 2018.pdf
2018-05-16 04:49 - 2018-05-18 14:06 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-05-16 03:02 - 2018-05-16 03:02 - 000000000 ___HD C:\$SysReset
2018-05-16 02:52 - 2018-05-20 19:12 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-15 11:39 - 2018-05-16 02:11 - 000000000 ____D C:\Program Files\VideoLAN
2018-05-14 06:54 - 2018-03-21 23:17 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2018-05-14 06:54 - 2018-03-21 23:13 - 004601856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-05-14 06:54 - 2018-03-21 23:03 - 005854208 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-05-14 06:54 - 2018-03-21 23:03 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-05-14 06:54 - 2018-03-02 04:20 - 000421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2018-05-14 06:54 - 2018-02-12 17:52 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-05-14 06:54 - 2018-02-12 17:49 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-05-14 06:54 - 2018-02-12 17:49 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-05-14 06:54 - 2018-02-12 17:49 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-05-14 06:54 - 2017-08-08 01:12 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2018-05-14 06:54 - 2017-03-28 01:38 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2018-05-14 06:54 - 2017-03-28 01:34 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2018-05-14 06:54 - 2017-03-04 02:20 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2018-05-14 06:54 - 2017-03-04 02:16 - 002221056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2018-05-14 06:54 - 2016-12-14 00:42 - 000384000 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2018-05-14 06:54 - 2016-12-14 00:41 - 000362496 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2018-05-14 06:54 - 2016-12-09 05:45 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2018-05-14 06:54 - 2016-12-09 05:42 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2018-05-14 06:54 - 2016-12-09 05:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2018-05-14 06:54 - 2016-12-09 05:37 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2018-05-14 06:54 - 2016-12-09 05:24 - 006583296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2018-05-14 06:54 - 2016-12-09 05:17 - 004978176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2018-05-14 06:43 - 2018-05-14 06:43 - 001129816 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2018-05-14 03:40 - 2018-05-14 03:40 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easy PC Optimizer
2018-05-14 03:03 - 2018-05-18 15:58 - 000000036 _____ C:\WINDOWS\progress.ini
2018-05-11 03:12 - 2018-05-11 02:25 - 002074540 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
2018-05-11 03:12 - 2018-05-11 02:25 - 000165104 _____ C:\WINDOWS\system32\IntelWifiIhv04.dll
2018-05-11 03:09 - 2018-05-11 03:10 - 000000000 ____D C:\trusted execution
2018-05-11 03:09 - 2018-05-11 02:37 - 000402584 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2018-05-11 03:09 - 2018-05-11 02:37 - 000117392 _____ C:\WINDOWS\system32\Drivers\ibtfw.dat
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easeware
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Program Files\Easeware
2018-05-06 05:24 - 2018-05-06 05:24 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-05-06 04:51 - 2018-05-06 04:51 - 000000340 _____ C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Videos.lnk
2018-05-04 08:13 - 2018-05-14 03:05 - 000007607 _____ C:\Users\rache\AppData\Local\resmon.resmoncfg
2018-05-01 21:35 - 2018-05-01 21:35 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-04-25 23:16 - 2018-04-25 23:16 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-04-25 23:16 - 2018-04-25 23:16 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-04-25 23:16 - 2016-07-15 19:28 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2018-04-25 23:16 - 2016-07-15 19:28 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2018-04-25 23:16 - 2016-07-15 19:27 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2018-04-25 23:16 - 2016-07-15 19:26 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2018-04-25 23:15 - 2016-07-15 19:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2018-04-25 23:15 - 2016-07-15 19:25 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2018-04-25 23:15 - 2016-07-15 19:23 - 014388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2018-04-25 23:15 - 2016-07-15 19:22 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2018-04-25 23:15 - 2016-07-15 19:22 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2018-04-25 23:15 - 2016-07-15 19:19 - 001323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2018-04-25 23:15 - 2016-07-15 19:16 - 004969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2018-04-25 23:15 - 2016-07-15 19:13 - 002005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2018-04-25 23:15 - 2016-07-15 19:13 - 001198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2018-04-25 23:15 - 2016-07-15 19:13 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2018-04-25 23:15 - 2016-07-15 19:12 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2018-04-25 23:15 - 2016-07-15 19:12 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2018-04-25 23:15 - 2016-07-15 19:11 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2018-04-25 23:15 - 2016-07-15 18:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2018-04-25 23:15 - 2016-07-15 18:41 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2018-04-25 23:15 - 2016-07-15 18:39 - 011670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2018-04-25 23:15 - 2016-07-15 18:38 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2018-04-25 23:15 - 2016-07-15 18:37 - 001074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2018-04-25 23:15 - 2016-07-15 18:35 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2018-04-25 23:15 - 2016-07-15 18:32 - 003701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2018-04-25 23:15 - 2016-07-15 18:29 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2018-04-25 23:15 - 2016-07-15 18:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2018-04-25 23:15 - 2016-07-15 18:29 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2018-04-25 23:15 - 2016-07-15 18:28 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2018-04-25 12:49 - 2018-04-25 12:49 - 000000749 _____ C:\Printerdiagnostic10.diagcab
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\rache\AppData\Local\Conexant
2018-04-25 09:27 - 2018-04-25 09:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2018-04-25 08:51 - 2015-08-08 09:22 - 000135288 _____ (Conexant Systems, Inc.) C:\CxUtilSvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-22 20:42 - 2017-10-08 23:55 - 000000000 __SHD C:\Users\rache\IntelGraphicsProfiles
2018-05-22 20:41 - 2017-10-08 19:53 - 000000000 ____D C:\Users\rache
2018-05-22 20:41 - 2016-10-26 07:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-22 20:41 - 2016-10-26 07:19 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-22 20:41 - 2016-10-26 07:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-22 10:10 - 2016-10-26 07:23 - 005741302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-22 03:39 - 2016-07-16 02:04 - 016777216 _____ C:\WINDOWS\system32\config\HARDWARE
2018-05-22 03:39 - 2016-07-16 02:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-22 03:13 - 2017-07-31 20:12 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-22 03:02 - 2016-11-18 07:18 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-22 03:02 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-22 02:47 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-20 17:05 - 2017-10-08 19:53 - 000000000 ____D C:\Users\rache\AppData\Local\Packages
2018-05-20 17:05 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-19 12:10 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2018-05-19 11:39 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Registration
2018-05-19 11:30 - 2017-10-10 05:35 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{066E0E56-C1DE-40AB-B9C0-83D41E5F38BB}
2018-05-19 11:27 - 2018-01-28 21:23 - 000000000 ____D C:\Users\rache\AppData\Local\ElevatedDiagnostics
2018-05-18 16:31 - 2016-10-26 07:40 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2018-05-18 16:31 - 2016-10-26 07:40 - 000001890 _____ C:\WINDOWS\diagerr.xml
2018-05-18 15:07 - 2018-04-20 05:25 - 000000000 ___HD C:\$GetCurrent
2018-05-18 14:01 - 2018-03-29 18:18 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForrache.job
2018-05-17 18:47 - 2018-03-29 18:18 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForrache
2018-05-17 15:31 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-16 04:43 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-16 04:39 - 2018-04-20 10:24 - 000000000 ___RD C:\DriverToolkit
2018-05-16 04:38 - 2018-04-20 10:24 - 000000000 ____D C:\CONEXANT
2018-05-16 04:38 - 2017-07-31 20:22 - 000000000 ____D C:\swsetup
2018-05-16 02:53 - 2016-10-03 14:24 - 000000000 ____D C:\ProgramData\Intel
2018-05-16 02:52 - 2016-10-26 07:19 - 000000000 ____D C:\Program Files\Intel
2018-05-14 03:19 - 2016-01-12 12:38 - 000000000 ___RD C:\Program Files (x86)\Online Services
2018-05-14 02:26 - 2017-08-03 06:30 - 000000000 ____D C:\Program Files\rempl
2018-05-11 02:40 - 2015-01-22 16:00 - 000146200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TXEIx64.sys
2018-05-11 02:37 - 2016-10-15 00:16 - 000542872 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2018-05-11 02:37 - 2016-10-15 00:16 - 000136680 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2018-05-11 02:24 - 2017-07-07 07:50 - 008614464 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw04.sys
2018-05-09 18:48 - 2018-04-04 20:31 - 000000000 ____D C:\Users\rache\AppData\Local\PackageStaging
2018-05-09 00:23 - 2016-10-12 20:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-09 00:15 - 2017-10-18 02:18 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 00:14 - 2016-10-12 20:32 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-05 13:17 - 2016-08-12 22:45 - 000000000 ____D C:\Intel
2018-05-05 03:02 - 2017-08-03 06:29 - 000000000 ____D C:\Program Files\UNP
2018-05-04 13:39 - 2017-10-08 19:54 - 000000000 ____D C:\Users\rache\AppData\Local\Publishers
2018-05-04 08:59 - 2017-10-08 19:29 - 000000000 ____D C:\ProgramData\WildTangentUninstall1770336
2018-05-04 08:39 - 2015-09-03 17:04 - 000000000 ___HD C:\SYSTEM.SAV
2018-05-04 08:29 - 2016-01-12 12:39 - 000000000 ____D C:\Program Files\HP
2018-05-04 08:27 - 2016-07-16 07:47 - 000000000 ____D C:\PerfLogs
2018-04-25 19:28 - 2018-03-01 02:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-25 12:54 - 2018-03-16 05:20 - 000000350 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-04-25 09:15 - 2016-10-26 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2018-04-25 07:27 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2018-05-14 06:43 - 2018-05-14 06:43 - 001129816 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools                                               ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ () C:\Users\rache\AppData\Roaming\update.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ () C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ () C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Planted.exe
2018-05-04 08:13 - 2018-05-14 03:05 - 000007607 _____ () C:\Users\rache\AppData\Local\resmon.resmoncfg
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ () C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\zaafimps.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2016-10-26 07:17
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by rache (22-05-2018 20:53:59)
Running from C:\Users\rache\Desktop
Windows 10 Home Version 1607 14393.2214 (X64) (2016-10-26 11:41:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1237543100-274015457-632876503-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1237543100-274015457-632876503-503 - Limited - Disabled)
Guest (S-1-5-21-1237543100-274015457-632876503-501 - Limited - Enabled)
rache (S-1-5-21-1237543100-274015457-632876503-1002 - Administrator - Enabled) => C:\Users\rache
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Conexant I2S Audio Codec (HKLM\...\CNXT_AUDIO_I2S) (Version: 1.61.0.52 - Conexant)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
SearchAwesome (HKLM\...\d83b8966cc2672f3cfebde6b8c1eeb54) (Version: 13.14.1.236 (i1.0) - SearchAwesome) <==== ATTENTION
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DA171DF3-18B3-446E-BCA6-C08069850FD2}) (Version: 2.36.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237543100-274015457-632876503-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\rache\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-12-01] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02521561-550D-4F20-9297-8A2D1FF9AC6E} - System32\Tasks\engage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {11E4DC0C-5D22-4E36-B333-390C0441CADD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {13960FAE-1E9C-4900-B610-CF19CB98E89F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {1A9D131F-3F32-449F-909C-250244F3DD27} - System32\Tasks\gruel-secogruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {20337AB6-2D23-4710-ACF0-9CF0386CF85D} - System32\Tasks\gruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {2125D389-BC6C-4E7F-BFFF-801B0EDC77ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {2A9039E8-CB59-4784-A8C2-A71A5821578C} - System32\Tasks\reggie-eubanks => C:\Program Files (x86)\oppressed\Goodie.exe [2018-05-19] ()
Task: {31F264F1-A531-43EA-B211-49B75351E726} - System32\Tasks\boughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {357EDC63-2DC2-451E-80EC-8BFBEE9C8300} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {384A672F-FAE1-44FA-95C4-9F9FB72BC926} - System32\Tasks\mayor_assimilatesmayor_assimilates => C:\Users\rache\AppData\Local\Cloying.exe [2018-05-19] ()
Task: {3DD84AA1-C76F-40EB-A002-397911494F9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {438B028B-052E-47C2-B9EB-6EAF09A8A25E} - System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {443FBE41-59A1-4174-BE0B-47A4A33570A4} - System32\Tasks\Chameleon Monitor-rache => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2017-09-09] (NeoSoft Tools)
Task: {48801E12-6FCC-45BF-B699-B7A29CE11231} - System32\Tasks\waterfront kickerswaterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {48895843-3C9F-434A-9547-8B4FE9B55170} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {4ADEE4E8-646B-4C35-8F1D-E2C147BFB85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {4EF30618-3638-4DAF-878A-B2E24173451E} - System32\Tasks\litman amnioticlitman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {4F4E67B1-2412-44CC-B0A6-AC0EFD80937E} - System32\Tasks\seducedseduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {52907940-24B3-4017-93EB-86CFC7FB207D} - System32\Tasks\DriverToolkit Autorun => C:\DriverToolkit\DriverToolkit.exe
Task: {54A9BEED-443D-41A4-8490-43B0C89ACD09} - System32\Tasks\waterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {62C46639-0797-4A88-9026-25D6A7FB91EC} - System32\Tasks\ruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
Task: {64687CB4-8684-4F05-86BC-CA2DF75F6410} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {67D0453C-A896-4F5D-96B1-C90D0ED4B68A} - System32\Tasks\lare => C:\Program Files (x86)\borrow\borrow.exe [2018-05-19] ()
Task: {6C2AF64E-559E-444F-8338-815845F9EE57} - System32\Tasks\lomax_californiumlomax_californium => C:\Users\rache\AppData\Local\Goodie.exe [2018-05-19] ()
Task: {6DC818BB-0C69-46AA-A287-F537F2C93092} - System32\Tasks\reggie-eubanksreggie-eubanks => C:\Program Files (x86)\oppressed\Goodie.exe [2018-05-19] ()
Task: {6EEDCE71-8E19-4292-B98C-D841E2400FEC} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {701BA9B9-4622-4103-8DCC-60B106633B3F} - System32\Tasks\{9D6137D3-F294-4C9A-9A1B-4B3EC07EDEDC} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\a0d42c4183d802864df49d37648ea35c.exe
Task: {71AF7BA1-DD58-49D8-B050-140B2DCE827A} - System32\Tasks\drugstores_riverbed => C:\Program Files (x86)\Coherent\Outspent.exe [2018-05-19] ()
Task: {767D0EC0-AF21-4966-81F4-B33141999861} - System32\Tasks\smolensksmolensk => C:\Program Files (x86)\Disbelieves\betweens.exe [2018-05-19] ()
Task: {7A471A73-BABF-4754-92D9-78730528FF00} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\alvat\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7D4E0D4C-CD20-4A9E-B483-53EB6C11D8EE} - System32\Tasks\{48BBE404-92B9-4D2B-A833-EB93E7CAB1E9} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {8BC87EAF-1502-4E6D-8F80-CB82987669CF} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {91D9149C-EE16-4449-AE6F-FCC120A7ADC4} - System32\Tasks\hijack diddled anydayhijack diddled anyday => C:\Users\rache\AppData\Local\Outspent.exe [2018-05-19] ()
Task: {9D0286BE-76C6-4698-B49E-76554C212BDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {9E0D65B2-372E-423F-B3EB-EC88F8280775} - System32\Tasks\HPCeeScheduleForrache => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9F1018F8-4132-407C-B285-5E82B555983E} - System32\Tasks\mayor_assimilates => C:\Users\rache\AppData\Local\Cloying.exe [2018-05-19] ()
Task: {A200FFAB-4222-46C3-8F3C-6A35AD57B487} - System32\Tasks\{9AE50BD4-F99E-4280-9163-AD86FDC0EF41} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\rache\Downloads\sp74466.exe -d C:\Users\rache\Downloads
Task: {A3BE3569-E8D9-4C58-A9EA-BED3398F874A} - System32\Tasks\boughs_chalkerboughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {A4EA1899-1FCB-434F-92FE-4515022D7225} - System32\Tasks\hijack diddled anyday => C:\Users\rache\AppData\Local\Outspent.exe [2018-05-19] ()
Task: {AEB99A16-FDD4-4218-A40E-CF48AD8291F5} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {B646421B-6C7A-4DC7-8FFA-4AECC986824D} - System32\Tasks\ruggednessruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
Task: {B85ED329-4F45-4456-B4D8-5517CD440C32} - System32\Tasks\larelare => C:\Program Files (x86)\borrow\borrow.exe [2018-05-19] ()
Task: {B8E332BC-5429-4456-983D-FE52524460AF} - System32\Tasks\litman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {BC2FB2C1-6491-42B6-93AB-7DFA364F0E53} - System32\Tasks\lomax_californium => C:\Users\rache\AppData\Local\Goodie.exe [2018-05-19] ()
Task: {C77C8302-60BC-4AC3-8199-2F23F9854CC8} - System32\Tasks\engageengage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {C9E09DFD-486E-4B5F-8CF7-B835FF19AF83} - System32\Tasks\glistensglistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()
Task: {CE043B53-15B1-44C7-B7FC-41EC8AA7F087} - System32\Tasks\seduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {D0CC6780-2BE9-4D89-9E59-7E0B815C8646} - System32\Tasks\possiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {D1FA3ACC-5F4D-4F31-8A48-35986B9398AB} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D4E7C18F-11C0-4C62-9D5B-E4202CAE17FE} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D7638897-B50B-4684-A7E8-869A43A96B05} - System32\Tasks\smolensk => C:\Program Files (x86)\Disbelieves\betweens.exe [2018-05-19] ()
Task: {D9447C12-3DF0-4D72-86B0-90362D606F7F} - System32\Tasks\{63FC1E0D-E4E4-457A-A7E3-F291D845E281} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\DriverToolkit\unins000.exe"
Task: {DB4F1DCD-DAD0-4D8F-8671-9D8B91118FC7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1237543100-274015457-632876503-1001 => C:\Users\rache\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E1113BFD-F906-483B-BCDE-C6F914322FF0} - System32\Tasks\drugstores_riverbeddrugstores_riverbed => C:\Program Files (x86)\Coherent\Outspent.exe [2018-05-19] ()
Task: {E4625910-9AB4-4F8D-A414-B2402DFF003E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {E5097B5E-3B06-4863-837E-9B79A14A1D0F} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {F0449E94-784A-42F1-BB3D-A45F89BF233C} - System32\Tasks\Chameleon Task Manager-rache => C:\Program Files (x86)\Chameleon Task Manager\manager_task.exe
Task: {F2B3FF17-21B2-482D-B192-749BDAAC158E} - System32\Tasks\{7A16580D-19CA-4AF5-945E-304E7624BBD2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeDVDVideoConverter
Task: {F8531B2B-FC54-4947-BD61-A735CE1E13E6} - System32\Tasks\{7B09D9C6-C128-4129-B018-C569A696D3BD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\unins000.exe"
Task: {FC78D358-D94A-42E8-A330-B281D2647FF0} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {FD516DDF-FD21-4D84-BC23-39F641AD2CA4} - System32\Tasks\Chameleon Monitor-startup-rache => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2017-09-09] (NeoSoft Tools)
Task: {FED53143-3D8C-4952-BCF1-A58211A097A3} - System32\Tasks\glistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForrache.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2018-04-11 21:03 - 2018-03-21 23:45 - 002681712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-02 06:51 - 2017-11-02 06:51 - 000199864 _____ () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Program Files (x86)\Subwoofer\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Program Files (x86)\thoughout\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Program Files (x86)\oppressed\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Program Files (x86)\Msg\Planted.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Program Files (x86)\Coherent\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Program Files (x86)\Longer\Planted.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000009216 _____ () C:\Program Files (x86)\borrow\borrow.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Program Files (x86)\Coherent\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Program Files (x86)\Msg\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Planted.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000078276 _____ () C:\Program Files (x86)\Disbelieves\betweens.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000078277 _____ () C:\Program Files (x86)\Cutely\desensitizing.exe
2016-10-27 14:28 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-08-03 05:30 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-04-20 04:57 - 2018-04-02 23:45 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-20 04:57 - 2018-04-02 23:34 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2018-04-20 04:57 - 2018-04-02 23:35 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-04-20 04:57 - 2018-04-02 23:38 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-04-20 04:57 - 2018-04-02 23:33 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2018-05-19 03:20 - 2018-05-19 03:20 - 000585216 _____ () c:\users\rache\appdata\local\xservice\xservice.dll
2018-05-19 03:15 - 2018-05-19 03:15 - 001520640 _____ () C:\WINDOWS\zwntajurckoojsrj.zwn
2018-05-22 20:42 - 2018-05-22 20:42 - 000022016 _____ () C:\Users\rache\AppData\Local\Temp\nss29DB.tmp\INetC.dll
2018-05-22 20:44 - 2018-05-22 20:44 - 000022016 _____ () C:\Users\rache\AppData\Local\Temp\nst5B80.tmp\INetC.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ () C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-22 20:44 - 2018-05-22 20:44 - 000022016 _____ () C:\Users\rache\AppData\Local\Temp\nsr5788.tmp\INetC.dll
2018-05-22 20:45 - 2018-05-22 20:45 - 000022016 _____ () C:\Users\rache\AppData\Local\Temp\nsfF81E.tmp\INetC.dll
2018-05-19 02:17 - 2018-05-19 02:17 - 000049942 _____ () C:\Program Files (x86)\harewood\axford.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000049943 _____ () C:\Program Files (x86)\tippy\dioxide.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [124]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\google.com -> hxxps://google.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2018-05-19 03:19 - 000001781 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
104.251.211.173 clients2.google.com
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1237543100-274015457-632876503-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rache\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{86523009-7D94-4EFD-BEF9-DEB6D18CAAAF}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{D7593720-C446-45A3-B20A-C1AC8F6DA8D9}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{369B2652-DD40-4542-81E6-1EAF9B32B85B}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{17D885AD-C180-407A-A93D-EEB9A6DFA800}] => (Allow) C:\Windows\System32\TCPSVCS.EXE
FirewallRules: [{39CF52AF-7CA7-4970-9F42-189F32EEA4E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/22/2018 08:44:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABLET-MQNK2CAL)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/22/2018 08:41:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 31487 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 111
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply controls...
Participant:  TCPU [4]
Policy:  DBPT Policy [2]
 
Error: (05/22/2018 08:41:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 31469 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]
 
Error: (05/22/2018 08:41:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 31459 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]
 
Error: (05/22/2018 08:41:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 31444 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]
 
Error: (05/22/2018 08:41:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 30809 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\LpmPolicy\LpmPolicy.cpp @ line 1086
Executing Function:  LpmPolicy::getLpmModeFromPowerSettingsValue
Message:  Invalid version in validateLpm
Policy:  LPM Policy [3]
 
Error: (05/22/2018 08:41:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 30806 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]
 
Error: (05/22/2018 08:41:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.9999.1651) TYPE: ERROR MODULE: DPTF TIME 30779 ms
 
DPTF Build Version:  8.1.9999.1651
DPTF Build Date:  Jul  9 2015 19:47:02
Source File:  ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 106
Executing Function:  DbptManager::executePdrtControlKnobs
Message:  Failed to apply control - The participant at the given index is not valid.
Policy:  DBPT Policy [2]
 
 
System errors:
=============
Error: (05/22/2018 08:56:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:56:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:56:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:56:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:56:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:56:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (05/22/2018 08:55:37 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (05/22/2018 08:55:37 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Windows Defender:
===================================
Date: 2018-05-16 22:21:25.847
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {135A43E5-7E12-48B7-AB3F-4C24F2025A81}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-14 04:22:30.054
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {3FD7CB0E-74A9-4D67-9BC8-2359358A71CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-08 01:49:32.080
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {88CCD560-6615-4022-8B31-86C232D6CAD2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-07 13:07:28.622
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {5A0C14BF-7195-4A2B-9156-535522E4A52F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-03 18:06:18.462
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9FFC360D-9289-4F74-999A-F1C4A7AE50F0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-16 14:11:27.657
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1442.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-16 04:55:49.459
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1442.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-16 03:05:53.628
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-16 02:39:40.536
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-16 02:16:46.694
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1424.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-05-13 21:03:06.775
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-13 21:03:06.634
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-04 19:35:16.844
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-04 19:35:16.739
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-04 01:19:59.987
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-04 01:19:59.840
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-25 19:28:35.098
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-25 19:28:35.092
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ x5-Z8300 CPU @ 1.44GHz
Percentage of memory in use: 96%
Total physical RAM: 1970.05 MB
Available physical RAM: 59.58 MB
Total Virtual: 5140.86 MB
Available Virtual: 636.64 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:27.72 GB) (Free:0.86 GB) NTFS
 
\\?\Volume{241c92a0-421a-4a8a-a7ce-791f7b992584}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 29.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 24 May 2018 - 05:36 PM

Greetings and thank you for going through all of that to get the reports.

In backing up your information it refers data such as photos, music, documents, etc. There is always a possibility malware will sneak in there but we have ways of dealing with that. We will be careful as to not lose any of your data so in your situation we will hold off on backing up things. It would be difficult for you to accomplish that now.

Your computer is highly infected and in need of some major surgery. I would like to try to create a Restore Point before we do anything. Please attempt to complete the below.

Do you have a Windows 10 Home 64 bit installation disk? If not, do you have a valid Windows Product Key sticker on your computer?

===================================================

Enabling System Restore in Windows 10 and Creating System Restore Point

--------------------
  • Press the Windows Key + R at the same time
  • Type sysdm.cpl and hit Enter
  • Click System Protection
  • Under Protection Settings left click on Local Disk (C:) (System) to highlight the entry
  • Click Configure
  • Select Turn on system protection
  • Click Apply, then OK
  • On the System Properties window Click Create...
  • Type BC Restore Point then click Create
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Installation disk or Product Key?
  • Restore Point created?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 May 2018 - 07:33 PM

I got the restore point, a dialogue box popped up and it was successful. I have a sicker on the box it came in that says WINDOWS 10 pre-installed and the sticker with the bar code says Windows 10 [8] [21]. The guide inside the box says depending on your product a service label is on the bottom of your computer or inside the battery bay or beneath the service door. There is no sticker on my device and I have no idea where the battery bay or service door are. I have the serial number, a product number, FICC ID, all that stuff if but no key.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 24 May 2018 - 07:39 PM

Greetings.

Thanks for the information.

Please do this. Just let me know if you have the Product Key. Do not post the information in your reply.

===================================================

Obtaining Windows Product Key Code

--------------------
  • Hit the Windows Key + R at the same time
  • Type notepad and hit Enter
  • Copy and paste the following into the Notepad document
Set WshShell = CreateObject("WScript.Shell")
MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"))
Function ConvertToKey(Key)
Const KeyOffset = 52
i = 28
Chars = "BCDFGHJKMPQRTVWXY2346789"
Do
Cur = 0
x = 14
Do
Cur = Cur * 256
Cur = Key(x + KeyOffset) + Cur
Key(x + KeyOffset) = (Cur \ 24) And 255
Cur = Cur Mod 24
x = x -1
Loop While x >= 0
i = i -1
KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput
If (((29 - i) Mod 6) = 0) And (i <> -1) Then
i = i -1
KeyOutput = "-" & KeyOutput
End If
Loop While i >= 0
ConvertToKey = KeyOutput
End Function
  • Click File, then Save As...
  • Next to Save as type: select All Files
  • Name the document ProductKey.vbs and save it to your Desktop
  • Double click the ProductKey.vbs icon on your Desktop
  • Copy down the Product Key number that should appear
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Product Key?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 27 May 2018 - 07:49 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 27 May 2018 - 10:29 PM

I have had no access to the internet...our lines were cut while installing a sprinkler system so your  last message was received tonight. So sorry, I will attempt to complete your last immediately.



#13 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 May 2018 - 06:46 AM

I got the key!

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:42 AM

Posted 28 May 2018 - 02:32 PM

No problem, glad you are up and running.

Glad you have the key. We are going to try to clean your computer as detailed below but if it doesn't work we are going to utilize your Product Key to download and create a Windows Operating System disk.

Please do this after booting into Safe Mode.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Online Application
SearchAwesome

  • Reboot your computer back into Safe Mode
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
HKLM\...\Run: [Logistical] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Vixen] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM\...\Run: [Bergstein] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM\...\Run: [Hadi] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM\...\Run: [Guzzles] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM\...\Run: [Jm] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Phoning] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Deason] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Initials] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKLM-x32\...\Run: [Oversize] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Luxuriated] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKLM-x32\...\Run: [Bearish] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [hiakbk] => rundll32.exe "C:\Users\rache\AppData\Local\hiakbk.dll",hiakbk <==== ATTENTION
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Weakening] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Pickard] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Nunn] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Hoyt] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Rodale] => C:\Program Files (x86)\oppressed\Goodie.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Cutie] => C:\Program Files (x86)\Coherent\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Eleemosynary] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Amazon] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Virgins] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Kas] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Erwin] => C:\Program Files (x86)\thoughout\Cloying.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [Honourable] => C:\Program Files (x86)\Msg\Planted.exe [82432 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [axford] => C:\Program Files (x86)\harewood\axford.exe [49942 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [bouche] => C:\Program Files (x86)\Subwoofer\Outspent.exe [20992 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [dioxide] => C:\Program Files (x86)\tippy\dioxide.exe [49943 2018-05-19] ()
HKU\S-1-5-21-1237543100-274015457-632876503-1002\...\Run: [nihilists] => C:\Program Files (x86)\Longer\Planted.exe [82432 2018-05-19] ()
C:\Program Files (x86)\Subwoofer
C:\Program Files (x86)\oppressed
C:\Program Files (x86)\Coherent
C:\Program Files (x86)\Longer
C:\Program Files (x86)\Msg
C:\Users\rache\AppData\Local\hiakbk.dll",hiakbk
C:\Program Files (x86)\harewood
C:\Program Files (x86)\tippy
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlock.lnk [2018-05-19]
ShortcutTarget: headlock.lnk -> C:\Program Files (x86)\Longer\Planted.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\headlockheadlock.lnk [2018-05-19]
ShortcutTarget: headlockheadlock.lnk -> C:\Program Files (x86)\thoughout\Cloying.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworski.lnk [2018-05-19]
ShortcutTarget: jaworski.lnk -> C:\Program Files (x86)\Subwoofer\Outspent.exe ()
Startup: C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jaworskijaworski.lnk [2018-05-19]
ShortcutTarget: jaworskijaworski.lnk -> C:\Program Files (x86)\oppressed\Goodie.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237543100-274015457-632876503-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
S2 d83b8966cc2672f3cfebde6b8c1eeb54; C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54\c177eee7774d1cf0d276967bc39dd5b4.exe [1574336 2018-05-18] ()
C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54
S2 MicroService; C:\Users\rache\AppData\Local\XService\XService.dll [585216 2018-05-19] () [File not signed]
C:\Users\rache\AppData\Local\XService
S2 e1ab6ed85e93af0a7a4033471fb856c3; rundll32.exe C:\WINDOWS\zwntajurckoojsrj.zwn fJmAxyAy [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
C:\WINDOWS\zwntajurckoojsrj.zwn fJmAxyAy
R1 dedc2ea731860b7257381e5d9151d85d; C:\WINDOWS\System32\drivers\dedc2ea731860b7257381e5d9151d85d.sys [311032 2018-05-18] ()
C:\WINDOWS\System32\drivers\dedc2ea731860b7257381e5d9151d85d.sys
S3 cpuz140; \??\C:\Users\rache\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 dnbawkg; System32\drivers\dtmiupcs.sys [X]
S3 nqtxad; system32\drivers\txadgk.sys [X]
2018-05-21 19:33 - 2018-05-21 19:33 - 000000000 ____D C:\Users\rache\AppData\Local\niemdwg
2018-05-21 19:24 - 2018-05-21 19:24 - 000142672 ____N C:\WINDOWS\system32\Drivers\zaagjmpt.sys
2018-05-21 19:11 - 2018-05-21 18:42 - 074288784 _____ (Malwarebytes ) C:\Users\rache\Desktop\bitemywart.exe
2018-05-21 15:33 - 2018-05-21 15:33 - 000000000 ____D C:\Users\rache\AppData\Local\wekczsx
2018-05-20 21:35 - 2018-05-20 21:35 - 000000000 ____D C:\Users\rache\AppData\Local\vscprnu
2018-05-20 21:11 - 2018-05-20 21:11 - 000000000 ____D C:\Users\rache\AppData\Local\weivlgo
2018-05-20 21:03 - 2018-05-20 21:03 - 000000000 ____D C:\Users\rache\AppData\Local\widpzvn
2018-05-20 19:52 - 2018-05-20 19:52 - 000000000 ____D C:\Users\rache\AppData\Local\sbndawx
2018-05-20 18:48 - 2018-05-20 18:48 - 000000000 ____D C:\Users\rache\AppData\Local\iaawvrd
2018-05-20 18:26 - 2018-05-20 18:26 - 000000000 ____D C:\Users\rache\AppData\Local\zasxvme
2018-05-20 18:15 - 2018-05-20 18:15 - 000142672 _____ C:\WINDOWS\system32\Drivers\zaazcfim.sys
2018-05-20 18:07 - 2018-05-20 18:09 - 113252945 _____ C:\Users\rache\Downloads\msert (2).exe.6hvqpp2.partial
2018-05-20 18:07 - 2018-05-20 18:09 - 090509168 _____ C:\Users\rache\Downloads\msert (1).exe.5gjy3vk.partial
2018-05-20 17:57 - 2018-05-20 17:57 - 000000000 ____D C:\Users\rache\AppData\Local\niotslc
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\rache\AppData\Local\iadbxrl
2018-05-20 17:15 - 2018-05-20 17:15 - 000000000 ____D C:\Users\rache\Documents\TotalAV
2018-05-20 17:11 - 2018-05-20 17:11 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-05-20 17:06 - 2018-05-20 17:06 - 011093688 _____ C:\Users\rache\Downloads\TotalAV_Setup.exe
2018-05-20 17:02 - 2018-05-20 17:02 - 000000000 ____D C:\Users\rache\AppData\Local\wihtlcn
2018-05-20 16:47 - 2018-05-20 16:47 - 000000000 ____D C:\Users\rache\AppData\Local\excpawu
2018-05-20 16:31 - 2018-05-20 16:31 - 000000000 ____D C:\Users\rache\AppData\Local\pchulto
2018-05-19 14:09 - 2018-05-19 14:09 - 000000000 ____D C:\Users\rache\AppData\Local\recopkd
2018-05-19 13:39 - 2018-05-19 13:39 - 000000000 ____D C:\Users\rache\AppData\Local\avbzdlx
2018-05-19 13:02 - 2018-05-19 13:02 - 000000000 ____D C:\Users\rache\AppData\Local\spaecml
2018-05-19 12:56 - 2018-05-19 12:56 - 000000000 ____D C:\Users\rache\AppData\Local\wmhgxse
2018-05-19 11:45 - 2018-05-19 11:58 - 172661090 _____ (alch ) C:\Users\rache\Documents\clamwin-0.99.4-setup.exe
2018-05-19 11:36 - 2018-05-19 12:27 - 000000000 ____D C:\Users\rache\Documents\Chameleon files
2018-05-19 11:30 - 2018-05-19 11:30 - 000000000 ____D C:\Users\rache\AppData\Local\mscpbhx
2018-05-19 11:26 - 2018-05-19 11:26 - 000003254 _____ C:\WINDOWS\System32\Tasks\{9D6137D3-F294-4C9A-9A1B-4B3EC07EDEDC}
2018-05-19 11:25 - 2018-05-19 11:25 - 000000000 ____D C:\Users\rache\AppData\Local\niaskml
2018-05-19 11:24 - 2018-05-19 11:24 - 000000000 ____D C:\Users\rache\AppData\Roaming\c
2018-05-19 03:27 - 2018-05-20 19:57 - 000000000 ____D C:\Users\rache\AppData\Local\nihutwx
2018-05-19 03:27 - 2018-05-19 03:28 - 000000000 ____D C:\Users\rache\AppData\Local\wmcagent
2018-05-19 03:27 - 2018-05-19 03:27 - 000000000 ____D C:\Users\rache\AppData\Local\CEF
2018-05-19 03:22 - 2018-05-21 19:33 - 000000000 ____D C:\Users\rache\AppData\Local\sidwcut
2018-05-19 03:22 - 2018-05-19 03:22 - 000000000 ____D C:\Users\rache\AppData\Local\weixbpd
2018-05-19 03:20 - 2018-05-21 19:25 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\psmgbwlsvc.exe
2018-05-19 03:20 - 2018-05-19 12:49 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 11:25 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Users\rache\AppData\Roaming\AGData
2018-05-19 03:20 - 2018-05-19 03:36 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b61555728
2018-05-19 03:20 - 2018-05-19 03:20 - 000000012 _____ C:\WINDOWS\b47778291
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\SysWOW64\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\WINDOWS\system32\cssxwtu
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Roaming\et
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\Users\rache\AppData\Local\XService
2018-05-19 03:20 - 2018-05-19 03:20 - 000000000 ____D C:\ProgramData\1526714412
2018-05-19 03:18 - 2018-05-19 13:42 - 000000000 ____D C:\Program Files (x86)\uncultivated
2018-05-19 03:18 - 2018-05-19 03:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003854 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003852 _____ C:\WINDOWS\System32\Tasks\hijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003848 _____ C:\WINDOWS\System32\Tasks\waterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003846 _____ C:\WINDOWS\System32\Tasks\seduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003842 _____ C:\WINDOWS\System32\Tasks\reggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\smolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003838 _____ C:\WINDOWS\System32\Tasks\lomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\mayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003834 _____ C:\WINDOWS\System32\Tasks\glistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\litman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\gruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003830 _____ C:\WINDOWS\System32\Tasks\engage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003828 _____ C:\WINDOWS\System32\Tasks\boughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003826 _____ C:\WINDOWS\System32\Tasks\ruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003812 _____ C:\WINDOWS\System32\Tasks\lare
2018-05-19 03:18 - 2018-05-19 03:18 - 000003762 _____ C:\WINDOWS\System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\hijack diddled anydayhijack diddled anyday
2018-05-19 03:18 - 2018-05-19 03:18 - 000003742 _____ C:\WINDOWS\System32\Tasks\drugstores_riverbeddrugstores_riverbed
2018-05-19 03:18 - 2018-05-19 03:18 - 000003734 _____ C:\WINDOWS\System32\Tasks\waterfront kickerswaterfront kickers
2018-05-19 03:18 - 2018-05-19 03:18 - 000003724 _____ C:\WINDOWS\System32\Tasks\lomax_californiumlomax_californium
2018-05-19 03:18 - 2018-05-19 03:18 - 000003722 _____ C:\WINDOWS\System32\Tasks\mayor_assimilatesmayor_assimilates
2018-05-19 03:18 - 2018-05-19 03:18 - 000003720 _____ C:\WINDOWS\System32\Tasks\reggie-eubanksreggie-eubanks
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\seducedseduced
2018-05-19 03:18 - 2018-05-19 03:18 - 000003710 _____ C:\WINDOWS\System32\Tasks\litman amnioticlitman amniotic
2018-05-19 03:18 - 2018-05-19 03:18 - 000003706 _____ C:\WINDOWS\System32\Tasks\boughs_chalkerboughs_chalker
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\smolensksmolensk
2018-05-19 03:18 - 2018-05-19 03:18 - 000003702 _____ C:\WINDOWS\System32\Tasks\gruel-secogruel-seco
2018-05-19 03:18 - 2018-05-19 03:18 - 000003700 _____ C:\WINDOWS\System32\Tasks\glistensglistens
2018-05-19 03:18 - 2018-05-19 03:18 - 000003696 _____ C:\WINDOWS\System32\Tasks\ruggednessruggedness
2018-05-19 03:18 - 2018-05-19 03:18 - 000003692 _____ C:\WINDOWS\System32\Tasks\engageengage
2018-05-19 03:18 - 2018-05-19 03:18 - 000003670 _____ C:\WINDOWS\System32\Tasks\larelare
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\tippy
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Msg
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\harewood
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ___HD C:\Program Files (x86)\Coherent
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Users\rache\AppData\Roaming\ww.fm
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\thoughout
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Subwoofer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\oppressed
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Longer
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Disbelieves
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\Cutely
2018-05-19 03:18 - 2018-05-19 03:18 - 000000000 ____D C:\Program Files (x86)\borrow
2018-05-19 03:17 - 2018-05-19 11:23 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-05-19 03:17 - 2018-05-19 11:23 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-05-19 03:17 - 2018-05-19 03:17 - 000003368 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-startup-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-05-19 03:17 - 2018-05-19 03:17 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-05-19 03:17 - 2018-05-19 03:17 - 000002994 _____ C:\WINDOWS\System32\Tasks\Chameleon Task Manager-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000002990 _____ C:\WINDOWS\System32\Tasks\Chameleon Monitor-rache
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Roaming\Microleaves
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Users\rache\AppData\Local\AdvinstAnalytics
2018-05-19 03:17 - 2018-05-19 03:17 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe
2018-05-19 03:15 - 2018-05-19 04:43 - 000000000 ____D C:\Program Files\d83b8966cc2672f3cfebde6b8c1eeb54
2018-05-19 03:15 - 2018-05-19 03:44 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-05-19 03:15 - 2018-05-19 03:15 - 001520640 _____ C:\WINDOWS\zwntajurckoojsrj.zwn
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\WINDOWS\muzak.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\WINDOWS\streaked.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Planted.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ C:\Users\rache\AppData\Local\Cloying.exe
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ C:\Users\rache\AppData\Roaming\update.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 001871360 _____ C:\WINDOWS\a0d42c4183d802864df49d37648ea35c.exe
2018-05-18 07:16 - 2018-05-18 07:16 - 000311032 _____ C:\WINDOWS\system32\Drivers\dedc2ea731860b7257381e5d9151d85d.sys
2018-05-18 07:16 - 2018-05-18 07:16 - 000041211 _____ C:\WINDOWS\uninstaller.dat
2018-05-14 03:40 - 2018-05-14 03:40 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easy PC Optimizer
2018-05-14 03:03 - 2018-05-18 15:58 - 000000036 _____ C:\WINDOWS\progress.ini
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Users\rache\AppData\Roaming\Easeware
2018-05-11 02:17 - 2018-05-16 02:25 - 000000000 ____D C:\Program Files\Easeware
2018-05-16 04:39 - 2018-04-20 10:24 - 000000000 ___RD C:\DriverToolkit
2018-04-25 12:54 - 2018-03-16 05:20 - 000000350 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-05-14 06:43 - 2018-05-14 06:43 - 001129816 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2018-05-18 08:11 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\rache\AppData\Roaming\ctask.exe
2018-05-18 08:07 - 2018-05-18 08:07 - 001831936 _____ () C:\Users\rache\AppData\Roaming\update.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Cloying.exe
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Goodie.exe
2018-05-19 03:16 - 2018-05-19 03:16 - 000043520 _____ () C:\Users\rache\AppData\Local\hiakbk.dll
2018-05-19 03:16 - 2018-05-19 03:16 - 000194048 _____ () C:\Users\rache\AppData\Local\miakhad.dll
2018-05-19 02:17 - 2018-05-19 02:17 - 000020992 _____ () C:\Users\rache\AppData\Local\Outspent.exe
2018-05-19 02:09 - 2018-05-19 02:09 - 000082432 _____ () C:\Users\rache\AppData\Local\Planted.exe
2018-05-19 03:16 - 2018-05-19 03:16 - 000003072 _____ () C:\Users\rache\AppData\Local\setupHTTPBalancer_v2.15.exe
C:\WINDOWS\system32\drivers\zaagjmpt.sys -> Access Denied <======= ATTENTION
Task: {02521561-550D-4F20-9297-8A2D1FF9AC6E} - System32\Tasks\engage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {1A9D131F-3F32-449F-909C-250244F3DD27} - System32\Tasks\gruel-secogruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {20337AB6-2D23-4710-ACF0-9CF0386CF85D} - System32\Tasks\gruel-seco => C:\Program Files (x86)\thoughout\Cloying.exe [2018-05-19] ()
Task: {2A9039E8-CB59-4784-A8C2-A71A5821578C} - System32\Tasks\reggie-eubanks => C:\Program Files (x86)\oppressed\Goodie.exe [2018-05-19] ()
Task: {31F264F1-A531-43EA-B211-49B75351E726} - System32\Tasks\boughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {384A672F-FAE1-44FA-95C4-9F9FB72BC926} - System32\Tasks\mayor_assimilatesmayor_assimilates => C:\Users\rache\AppData\Local\Cloying.exe [2018-05-19] ()
C:\Users\rache\AppData\Local\Cloying.exe
Task: {438B028B-052E-47C2-B9EB-6EAF09A8A25E} - System32\Tasks\possiblity chichi scrimmagepossiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {48801E12-6FCC-45BF-B699-B7A29CE11231} - System32\Tasks\waterfront kickerswaterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {48895843-3C9F-434A-9547-8B4FE9B55170} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] ()
Task: {4EF30618-3638-4DAF-878A-B2E24173451E} - System32\Tasks\litman amnioticlitman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {4F4E67B1-2412-44CC-B0A6-AC0EFD80937E} - System32\Tasks\seducedseduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {52907940-24B3-4017-93EB-86CFC7FB207D} - System32\Tasks\DriverToolkit Autorun => C:\DriverToolkit\DriverToolkit.exe
Task: {54A9BEED-443D-41A4-8490-43B0C89ACD09} - System32\Tasks\waterfront kickers => C:\Program Files (x86)\Coherent\Goodie.exe [2018-05-19] ()
Task: {62C46639-0797-4A88-9026-25D6A7FB91EC} - System32\Tasks\ruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
C:\Program Files (x86)\Msg
Task: {A3BE3569-E8D9-4C58-A9EA-BED3398F874A} - System32\Tasks\boughs_chalkerboughs_chalker => C:\Program Files (x86)\Msg\Planted.exe [2018-05-19] ()
Task: {A4EA1899-1FCB-434F-92FE-4515022D7225} - System32\Tasks\hijack diddled anyday => C:\Users\rache\AppData\Local\Outspent.exe [2018-05-19] ()
Task: {AEB99A16-FDD4-4218-A40E-CF48AD8291F5} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {B646421B-6C7A-4DC7-8FFA-4AECC986824D} - System32\Tasks\ruggednessruggedness => C:\Program Files (x86)\Longer\Planted.exe [2018-05-19] ()
Task: {B85ED329-4F45-4456-B4D8-5517CD440C32} - System32\Tasks\larelare => C:\Program Files (x86)\borrow\borrow.exe [2018-05-19] ()
Task: {B8E332BC-5429-4456-983D-FE52524460AF} - System32\Tasks\litman amniotic => C:\Program Files (x86)\Msg\Cloying.exe [2018-05-19] ()
Task: {BC2FB2C1-6491-42B6-93AB-7DFA364F0E53} - System32\Tasks\lomax_californium => C:\Users\rache\AppData\Local\Goodie.exe [2018-05-19] ()
Task: {C77C8302-60BC-4AC3-8199-2F23F9854CC8} - System32\Tasks\engageengage => C:\Program Files (x86)\Subwoofer\Outspent.exe [2018-05-19] ()
Task: {C9E09DFD-486E-4B5F-8CF7-B835FF19AF83} - System32\Tasks\glistensglistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()
Task: {CE043B53-15B1-44C7-B7FC-41EC8AA7F087} - System32\Tasks\seduced => C:\Program Files (x86)\uncultivated\uncultivated.exe
Task: {D0CC6780-2BE9-4D89-9E59-7E0B815C8646} - System32\Tasks\possiblity chichi scrimmage => C:\Users\rache\AppData\Local\Planted.exe [2018-05-19] ()
Task: {D1FA3ACC-5F4D-4F31-8A48-35986B9398AB} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D4E7C18F-11C0-4C62-9D5B-E4202CAE17FE} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D7638897-B50B-4684-A7E8-869A43A96B05} - System32\Tasks\smolensk => C:\Program Files (x86)\Disbelieves\betweens.exe [2018-05-19] ()
Task: {D9447C12-3DF0-4D72-86B0-90362D606F7F} - System32\Tasks\{63FC1E0D-E4E4-457A-A7E3-F291D845E281} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\DriverToolkit\unins000.exe"
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\Longer
C:\Program Files (x86)\borrow
C:\Program Files (x86)\Subwoofer
Task: {E1113BFD-F906-483B-BCDE-C6F914322FF0} - System32\Tasks\drugstores_riverbeddrugstores_riverbed => C:\Program Files (x86)\Coherent\Outspent.exe [2018-05-19] ()
Task: {E5097B5E-3B06-4863-837E-9B79A14A1D0F} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {F0449E94-784A-42F1-BB3D-A45F89BF233C} - System32\Tasks\Chameleon Task Manager-rache => C:\Program Files (x86)\Chameleon Task Manager\manager_task.exe
Task: {F2B3FF17-21B2-482D-B192-749BDAAC158E} - System32\Tasks\{7A16580D-19CA-4AF5-945E-304E7624BBD2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeDVDVideoConverter
Task: {F8531B2B-FC54-4947-BD61-A735CE1E13E6} - System32\Tasks\{7B09D9C6-C128-4129-B018-C569A696D3BD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\unins000.exe"
Task: {FC78D358-D94A-42E8-A330-B281D2647FF0} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {FD516DDF-FD21-4D84-BC23-39F641AD2CA4} - System32\Tasks\Chameleon Monitor-startup-rache => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2017-09-09] (NeoSoft Tools)
Task: {FED53143-3D8C-4952-BCF1-A58211A097A3} - System32\Tasks\glistens => C:\Program Files (x86)\Cutely\desensitizing.exe [2018-05-19] ()
C:\Program Files (x86)\Chameleon Task Manager
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [124]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Services\rclwb <==== ATTENTION (Rootkit!)
File: C:\CxUtilSvc.exe
hosts:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ratidwell

ratidwell
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 May 2018 - 03:02 PM

Searchawesome will not delete or uninstall. There is a file called chameleon that is acting the same. I can not delete or uninstall either one and the device is in sad condition. Anything else I can try to get the searchawesome to uninstall?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users