Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bing redirect virus, cant seem to remove


  • This topic is locked This topic is locked
10 replies to this topic

#1 bhg0688

bhg0688

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 12 August 2018 - 10:24 AM

Has anyone had success removing this virus/malware? This is a recording of the behavior: https://cl.ly/001o38303v08

 

I can't seem to get rid of it even after running adwcleaner, roguekiller, malware bytes etc.

 

Thanks for any help!

 

-Brad

 

P.S. Sorry for posting before creating log, im doing so now:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Brad7 (administrator) on BRAD7-PC (12-08-2018 11:29:05)
Running from C:\Users\Brad7\Downloads
Loaded Profiles: Brad7 (Available Profiles: Brad7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(f.lux Software LLC) C:\Users\Brad7\AppData\Local\FluxSoftware\Flux\flux.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boinc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
() C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(CloudApp) C:\Program Files (x86)\CloudApp\CloudApp.exe
(The CefSharp Authors) C:\Program Files (x86)\CloudApp\CefSharp.BrowserSubprocess.exe
(CloudApp) C:\Program Files (x86)\CloudApp\CloudApp.exe
(The CefSharp Authors) C:\Program Files (x86)\CloudApp\CefSharp.BrowserSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mip1_rosetta_7.11_windows_intelx86
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_scc1_vina_7.08_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_zika_7.08_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_zika_7.08_windows_x86_64
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.18_windows_intelx86
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.18_windows_intelx86
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.18_windows_intelx86
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.18_windows_intelx86
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [4543232 2010-09-23] (World Community Grid)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-09-23] (Space Sciences Laboratory)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Run: [f.lux] => C:\Users\Brad7\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Run: [Google Update] => C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Policies\Explorer: [NoDrives] 1
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\MountPoints2: G - G:\setup.exe
Startup: C:\Users\Brad7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-02-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6F7F5E96-64AA-4318-96CE-614E83163A73}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{FDD8FDDB-C1D1-4E54-B447-845C3605D6E9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com
SearchScopes: HKLM -> DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3827144536-1174243085-782075232-1000 -> DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = 
SearchScopes: HKU\S-1-5-21-3827144536-1174243085-782075232-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3827144536-1174243085-782075232-1000 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = 
BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-27] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-23] (Oracle Corporation)
BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-27] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-08-24] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-02-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-08-24] (Oracle Corporation)
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} hxxps://webvpn.navimedix.com/+CSCOL+/cscopf.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default [2018-08-12]
FF Homepage: Mozilla\Firefox\Profiles\ignszzc4.default -> hxxps://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\ignszzc4.default -> type", 0
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\artur.dubovoy@gmail.com [2018-01-01] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-12-29] [Legacy]
FF Extension: (Download Status Bar) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2017-12-29] [Legacy]
FF Extension: (iMacros for Firefox) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2018-01-01] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-12-29] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-29] [Legacy]
FF Extension: (QuickJava) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2018-07-12] [Legacy]
FF Extension: (Google Code Correction) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\features\{03873bda-ea7a-4bbd-a842-5f0994090a76}\google-code-correction@mozilla.org.xpi [2018-06-18] [Legacy]
FF SearchPlugin: C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\searchplugins\bing-lavasoft-ff59.xml [2018-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-29] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-29] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-18] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-08-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-09] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-3827144536-1174243085-782075232-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Brad7\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3827144536-1174243085-782075232-1000: @talk.google.com/O1DPlugin -> C:\Users\Brad7\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3827144536-1174243085-782075232-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3827144536-1174243085-782075232-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3827144536-1174243085-782075232-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-09] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Brad7\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Brad7\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Google Translate) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-17]
CHR Extension: (YouTube) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-05]
CHR Extension: (OneTab) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-15]
CHR Extension: (Google Search) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Spanish Characters) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljimcnjopajndeefmkfcagfbhgfccid [2017-12-17]
CHR Extension: (AdBlock) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-29]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Bandcamp Downloader) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmoobgpmablfmgchfjnhkbloaobiogeh [2018-05-12]
CHR Extension: (Gmail) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR Profile: C:\Users\Brad7\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-24]
StartMenuInternet: Google Chrome.UHHCRGHVEJZUFM6J7NVWTMGBBY - C:\Users\Brad7\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2017-12-17] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
S3 ESLoadService; C:\Program Files (x86)\EaseUS\EaseUS MobiMover\bin\ESLoadService.exe [47840 2017-10-30] (TODO: <Company name>)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-13] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-29] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-01] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-06-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Brad7\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 11:29 - 2018-08-12 11:29 - 000026341 _____ C:\Users\Brad7\Downloads\FRST.txt
2018-08-12 11:28 - 2018-08-12 11:29 - 000000000 ____D C:\FRST
2018-08-12 11:28 - 2018-08-12 11:28 - 002412544 _____ (Farbar) C:\Users\Brad7\Downloads\FRST64.exe
2018-08-12 11:22 - 2018-08-12 11:23 - 000000000 ____D C:\Users\Brad7\AppData\Local\CloudApp
2018-08-12 11:21 - 2018-08-12 11:22 - 000000000 ____D C:\Program Files (x86)\CloudApp
2018-08-12 11:21 - 2018-08-12 11:21 - 055058432 _____ C:\Users\Brad7\Downloads\CloudApp.msi
2018-08-12 11:21 - 2018-08-12 11:21 - 000000923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloudApp.lnk
2018-08-12 11:21 - 2018-08-12 11:21 - 000000911 _____ C:\Users\Public\Desktop\CloudApp.lnk
2018-08-12 11:20 - 2018-08-12 11:20 - 000000000 __SHD C:\Users\Brad7\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-08-12 11:20 - 2018-08-12 11:20 - 000000000 ___HD C:\Users\Brad7\Documents\Xresources12
2018-08-12 11:20 - 2018-08-12 11:20 - 000000000 ___HD C:\Users\Brad7\Documents\3Cdate83
2018-08-12 11:19 - 2018-08-12 11:19 - 000514646 ____N C:\Users\Akkyltv\motor.valid.then.conscious.xlsx
2018-08-12 11:19 - 2018-08-12 11:19 - 000505203 ____N C:\Users\Qblzp\journalapprovetaxpayers.xlsx
2018-08-12 11:19 - 2018-08-12 11:19 - 000220580 ____N C:\Users\Qblzp\terrormonkeyhenry.mdb
2018-08-12 11:19 - 2018-08-12 11:19 - 000216675 ____N C:\Users\Akkyltv\realizedrehabilitationexceptions.mdb
2018-08-12 11:19 - 2018-08-12 11:19 - 000075926 ____N C:\Users\Akkyltv\record elaborate members.xls
2018-08-12 11:19 - 2018-08-12 11:19 - 000070081 ____N C:\Users\Qblzp\diffusehopingheroicbob.xls
2018-08-12 11:19 - 2018-08-12 11:19 - 000058856 ____N C:\Users\Qblzp\revenue great onset.pem
2018-08-12 11:19 - 2018-08-12 11:19 - 000055592 ____N C:\Users\Akkyltv\modesty british.pem
2018-08-12 11:19 - 2018-08-12 11:19 - 000042448 ____N C:\Users\Akkyltv\experiences-outlook.txt
2018-08-12 11:19 - 2018-08-12 11:19 - 000039568 ____N C:\Users\Qblzp\instancesdamn.txt
2018-08-12 11:19 - 2018-08-12 11:19 - 000021786 ____N C:\Users\Akkyltv\import_african_enormous.sql
2018-08-12 11:19 - 2018-08-12 11:19 - 000011322 ____N C:\Users\Qblzp\efforts_restrictions_eating_interpret.sql
2018-08-12 11:19 - 2018-08-12 11:19 - 000000000 ___HD C:\Users\Qblzp
2018-08-12 11:19 - 2018-08-12 11:19 - 000000000 ___HD C:\Users\Akkyltv
2018-08-12 11:18 - 2018-08-12 11:18 - 000000000 ____D C:\Xcaches36
2018-08-12 11:18 - 2018-08-12 11:18 - 000000000 ____D C:\833650065972511557 storage186
2018-08-12 11:14 - 2018-08-12 11:17 - 000000000 ____D C:\Users\Brad7\AppData\Local\Screencast-O-Matic-v2
2018-08-12 11:14 - 2018-08-12 11:14 - 000000000 ____D C:\Users\Brad7\Documents\Screencast-O-Matic
2018-08-12 11:14 - 2018-08-12 11:14 - 000000000 ____D C:\Users\Brad7\AppData\Local\Screen Recorder Launcher
2018-08-12 11:13 - 2018-08-12 11:13 - 017935112 _____ C:\Users\Brad7\Downloads\InstallScreenRecorderLauncher-2.0.exe
2018-08-11 18:26 - 2018-08-11 22:15 - 000000000 ____D C:\Users\Brad7\Downloads\Izzy True
2018-08-11 18:15 - 2018-08-11 18:15 - 029299210 _____ C:\Users\Brad7\Downloads\Izzy True - Sad Bad.zip
2018-08-11 17:27 - 2018-08-11 17:27 - 000017859 _____ C:\Users\Brad7\Downloads\Tirzah-�-Devotion-[2018][EDM-RG].torrent
2018-08-11 17:21 - 2018-08-11 17:21 - 000000000 ____D C:\Users\Brad7\AppData\LocalLow\uTorrent
2018-08-11 17:12 - 2018-08-11 17:12 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-11 17:11 - 2018-08-11 17:59 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-11 17:11 - 2018-08-11 17:11 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-11 17:11 - 2018-08-11 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-11 17:10 - 2018-08-11 17:11 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-11 17:09 - 2018-08-11 17:09 - 036826200 _____ (Adlice Software ) C:\Users\Brad7\Downloads\RogueKiller_setup.exe
2018-08-11 17:04 - 2018-08-11 17:04 - 007417040 _____ (Malwarebytes) C:\Users\Brad7\Downloads\adwcleaner_7.2.2.exe
2018-08-11 16:53 - 2018-08-11 16:53 - 012991286 _____ C:\Users\Brad7\Downloads\Tirzah - Make It Up.zip
2018-07-29 17:35 - 2018-07-29 17:35 - 001196772 _____ C:\Users\Brad7\Downloads\IMG_8878.HEIC
2018-07-29 17:34 - 2018-07-29 17:34 - 001374552 _____ C:\Users\Brad7\Downloads\IMG_8837.HEIC
2018-07-29 17:34 - 2018-07-29 17:34 - 001121051 _____ C:\Users\Brad7\Downloads\IMG_8884.HEIC
2018-07-29 11:12 - 2018-07-29 11:12 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-07-29 11:12 - 2018-07-29 11:12 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-07-29 11:12 - 2018-07-29 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-07-29 11:06 - 2018-07-29 11:06 - 041196184 _____ (AMD Inc.) C:\Users\Brad7\Downloads\radeon-software-adrenalin-18.7.1-minimalsetup-180712_web.exe
2018-07-29 11:03 - 2018-07-29 11:03 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-29 10:43 - 2018-07-29 10:43 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Brad7\Downloads\flashplayer30ppau_ha_install.exe
2018-07-28 23:06 - 2018-07-28 23:06 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-07-28 23:06 - 2018-07-28 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-28 23:06 - 2018-07-28 23:06 - 000000000 ____D C:\Program Files\iTunes
2018-07-28 23:06 - 2018-07-28 23:06 - 000000000 ____D C:\Program Files\iPod
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 11:28 - 2012-06-07 01:09 - 000000000 ____D C:\ProgramData\BOINC
2018-08-12 11:26 - 2009-07-14 00:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-12 11:26 - 2009-07-14 00:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-12 11:25 - 2012-06-06 00:45 - 007585426 _____ C:\IFRToolLog.txt
2018-08-12 11:24 - 2009-07-14 01:13 - 000803526 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-12 11:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-08-12 11:19 - 2018-05-19 09:34 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-12 11:19 - 2012-05-26 18:18 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2018-08-12 11:18 - 2018-07-11 04:18 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2018-08-12 11:18 - 2017-12-26 15:11 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-08-12 11:18 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-12 10:09 - 2012-06-04 21:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-08-11 17:36 - 2012-06-06 19:59 - 000000000 ____D C:\Users\Brad7\AppData\Roaming\uTorrent
2018-08-11 10:12 - 2017-12-17 22:48 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-11 10:12 - 2017-12-17 22:48 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-07 22:53 - 2017-12-18 23:47 - 000000000 ____D C:\Users\Brad7\Desktop\WORK
2018-08-05 15:33 - 2012-06-11 21:46 - 000000000 ____D C:\Users\Brad7\AppData\Local\ElevatedDiagnostics
2018-08-01 22:10 - 2012-06-04 20:57 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-01 22:01 - 2017-12-26 15:21 - 000000000 ____D C:\Users\Brad7\AppData\Local\AMD
2018-08-01 22:01 - 2017-12-26 15:12 - 000000000 ____D C:\Users\Brad7\AppData\LocalLow\AMD
2018-08-01 21:59 - 2009-07-14 00:45 - 005183400 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-29 19:11 - 2012-06-04 17:28 - 000185632 _____ C:\Users\Brad7\AppData\Local\GDIPFONTCACHEV1.DAT
2018-07-29 19:09 - 2012-05-26 18:18 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2018-07-29 11:12 - 2017-12-26 15:12 - 000000000 ____D C:\Program Files (x86)\AMD
2018-07-29 11:12 - 2014-11-18 02:10 - 000000000 ____D C:\Program Files\AMD
2018-07-29 11:09 - 2012-06-21 19:43 - 000000000 ____D C:\AMD
2018-07-29 11:07 - 2009-07-14 01:08 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-07-29 11:03 - 2012-06-17 22:58 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-29 11:03 - 2012-06-11 21:58 - 000000000 ____D C:\Users\Brad7\AppData\Local\Adobe
2018-07-29 11:03 - 2012-06-04 21:05 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-29 11:03 - 2012-06-04 21:05 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-29 10:45 - 2017-12-17 23:01 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-29 09:50 - 2018-05-19 09:34 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-07-16 18:02 - 2010-11-20 23:27 - 000563832 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-02-24 18:56 - 2018-03-13 10:40 - 000000132 _____ () C:\Users\Brad7\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-19 20:24 - 2012-06-19 20:24 - 000000003 _____ () C:\Users\Brad7\AppData\Local\user_data.ini
 
Some files in TEMP:
====================
2018-08-11 17:11 - 2018-06-08 12:22 - 001665344 _____ (Microsoft Corporation) C:\Users\Brad7\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-07 19:54
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Brad7 (12-08-2018 11:29:57)
Running from C:\Users\Brad7\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-04 21:28:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3827144536-1174243085-782075232-500 - Administrator - Disabled)
Brad7 (S-1-5-21-3827144536-1174243085-782075232-1000 - Administrator - Enabled) => C:\Users\Brad7
Guest (S-1-5-21-3827144536-1174243085-782075232-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3827144536-1174243085-782075232-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5105 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.50 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.50 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.7.1 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Any Video Converter 3.5.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.220 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
calibre (HKLM-x32\...\{EABB2526-079D-4951-8E81-65D1A7A08245}) (Version: 3.26.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CloudApp for Windows (HKLM-x32\...\{E1D35426-1711-4990-A9ED-E73E3CEAECFD}) (Version: 4.3.9.12578 - CloudPlus, Inc.)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corsair USB Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EaseUS MobiMover 3.0 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Evernote v. 6.9.7 (HKLM-x32\...\{531A27D2-11C0-11E8-B634-005056951CAD}) (Version: 6.9.7.6770 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Flux) (Version:  - f.lux Software LLC)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
foobar2000 v1.2.3 (HKLM-x32\...\foobar2000) (Version: 1.2.3 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Git version 2.16.1 (HKLM\...\Git_is1) (Version: 2.16.1 - The Git Development Community)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
iMacros Version 10.0.2.2823 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.0.2.2823 - Ipswitch, Inc)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 7 Update 6 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink Media Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.19.2 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Node.js (HKLM\...\{4219DF19-09C9-47A4-88C0-49778E491E54}) (Version: 8.9.4 - Node.js Foundation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
Rosetta Stone TOTALe (HKLM-x32\...\{4010ADCB-1347-D570-FCF1-3002CABEBD2F}) (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Screen Recorder Launcher (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\ScreenRecorderLauncher) (Version: 2.0 - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\slack) (Version: 3.1.1 - Slack Technologies)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Who Is On My Wifi version 3.0.2 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 3.0.2 - IO3O LLC)
Window On Top version 3.8 (HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
World Community Grid (HKLM-x32\...\{31B25CCC-C459-4A7B-8059-0D9913D4FAA1}) (Version: 6.10.58 - World Community Grid)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Brad7\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827144536-1174243085-782075232-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brad7\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-08-21] (Acronis)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-07-11] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-10] (Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-08-21] (Acronis)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers1_S-1-5-21-3827144536-1174243085-782075232-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3827144536-1174243085-782075232-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3827144536-1174243085-782075232-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Brad7\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1858FD03-84DD-43A7-A7BF-0E29A15B3903} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {1C717379-9D43-4E2E-A7F9-D5DF819D33EE} - System32\Tasks\Asrsetup => E:\ASRSetup.exe
Task: {2CBEF71D-636F-4F52-BA24-9E8CA99930A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3827144536-1174243085-782075232-1000UA => C:\Users\Brad7\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {35B871ED-2A0F-4448-9144-A7281ECC5F36} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {4BF64221-AF9D-44F5-A5B2-01E706AD944D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {6423839B-071D-4F67-B1B7-23F7C5AD9E00} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-29] (Adobe Systems Incorporated)
Task: {642F3C01-BDA1-41D4-A01D-DEDAD7D4838E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {6E5A4960-9A90-4880-A4DF-E567A14304A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3827144536-1174243085-782075232-1000Core1d377aa60068404 => C:\Users\Brad7\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6EA78584-3D6A-44E8-B09E-E24374A4EA0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-17] (Google Inc.)
Task: {808CA304-9717-48B8-8D0A-5C81CFA20CC6} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {8F0CB3F3-9EDA-4312-8B84-478BA064CF02} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-07-11] (Advanced Micro Devices, Inc.)
Task: {913040A4-579D-451C-B466-748B7CBBB1FE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-29] (Adobe Systems Incorporated)
Task: {A4BA1C2B-0407-4903-A2FE-8FA10ECDA1D0} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {CB005786-DB56-45B2-972E-E4223190FB97} - System32\Tasks\{EB71FB7E-36C1-47AC-8469-74C61F0F0E33} => C:\Windows\system32\pcalua.exe -a C:\AMD\AMD_Catalyst_12.6_beta_win7_32-64\Setup.exe -d C:\AMD\AMD_Catalyst_12.6_beta_win7_32-64
Task: {D9CC3B1C-3686-4B93-BC45-2FD310579D0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3827144536-1174243085-782075232-1000Core => C:\Users\Brad7\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F9C88DE3-98D8-47E5-83EA-2F75C021FCE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-17] (Google Inc.)
Task: {FA673E0A-5280-4954-97F9-93EE934ED15C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-26 18:18 - 2012-02-07 20:27 - 000121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-06-06 20:47 - 2013-10-29 22:38 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-05-19 09:34 - 2018-07-29 09:50 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-07-03 12:40 - 2018-07-03 12:40 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-03 12:40 - 2018-07-03 12:40 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2012-05-26 18:14 - 2012-01-05 05:24 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-17 15:51 - 2017-12-17 15:51 - 000009216 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
2017-12-17 15:51 - 2017-12-17 15:51 - 000077312 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
2017-12-17 15:51 - 2017-12-17 15:51 - 000011264 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
2017-12-17 15:51 - 2017-12-17 15:51 - 000060928 _____ () C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
2018-08-11 10:12 - 2018-08-07 20:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-11 10:12 - 2018-08-07 20:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-12-19 23:24 - 2017-12-19 23:25 - 050686464 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mip1_rosetta_7.11_windows_intelx86
2017-04-01 12:51 - 2017-04-01 12:51 - 001983488 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_scc1_vina_7.08_windows_x86_64
2016-07-06 17:43 - 2016-07-06 17:43 - 001983488 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_zika_7.08_windows_x86_64
2017-12-18 17:38 - 2017-12-18 17:38 - 005328896 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.18_windows_intelx86
2018-02-14 14:12 - 2018-02-14 14:12 - 000668384 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2009-08-18 12:02 - 2009-08-18 12:02 - 000061952 _____ () C:\Program Files (x86)\BOINC\zlib1.dll
2012-05-26 18:16 - 2011-11-29 23:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-26 18:17 - 2012-02-07 20:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-01-29 01:44 - 2016-01-29 01:44 - 000997888 _____ () C:\Program Files (x86)\CloudApp\CefSharp.Core.dll
2015-12-17 10:45 - 2015-12-17 10:45 - 053437440 _____ () C:\Program Files (x86)\CloudApp\libcef.dll
2016-01-29 01:44 - 2016-01-29 01:44 - 000683520 _____ () C:\Program Files (x86)\CloudApp\CefSharp.BrowserSubprocess.Core.dll
2015-12-17 10:45 - 2015-12-17 10:45 - 001976832 _____ () C:\Program Files (x86)\CloudApp\libglesv2.dll
2015-12-17 10:45 - 2015-12-17 10:45 - 000075264 _____ () C:\Program Files (x86)\CloudApp\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\System:qaubFdhuaDzHBaTzzQCXZzaKZqV [2240]
AlternateDataStreams: C:\ProgramData\Microsoft:efFq13AQ8agLLeWpqfQK0BMYHbS [2464]
AlternateDataStreams: C:\ProgramData\Microsoft:nAAka8AjvtXTTG00om3IBEJ [2590]
AlternateDataStreams: C:\Users\Brad7\Cookies:IL45Dp6Wk6ywPQLSFuEbjKH [640]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3827144536-1174243085-782075232-1000\...\navimedix.com -> hxxps://webvpn.navimedix.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2012-06-11 22:05 - 000000854 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3827144536-1174243085-782075232-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brad7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Brad7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Brad7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: Google Update => C:\Users\Brad7\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Brad7\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Brad7\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: WLAN Optimizer => C:\Users\Brad7\Downloads\wopt021\WLAN Optimizer.exe
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C94B7BBA-7528-4065-A327-32837718CFBA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D780D2D3-2C6E-4A4B-808C-291839ED713A}] => (Allow) svchost.exe
FirewallRules: [{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6643A2CC-DB99-43B8-81D5-CD98A28B21E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{E2346CCB-F717-49EF-938B-CA61B18EC432}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FC25860E-92F2-48A6-AE5E-A63FEBD0A2E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48992654-522F-4DA6-AF62-ED0566038AE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{57F57CC4-725A-44D0-A384-CE1BC124C379}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F1AF704E-F44E-44B5-866A-E2C643F1D344}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{D4A6C067-BD7F-4FE7-9686-B9F29B84C12F}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F7DB87DF-0F56-486F-9D3E-765F14C06C60}C:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{0CF50598-64A1-4F60-95EC-266DE295015F}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8EBC21EB-612A-4544-811E-D4F12B4F0607}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{6736D789-94B2-4968-8193-BD8C8B123C87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe
FirewallRules: [{217CA40D-BCC0-42A8-86AF-E6D431CD2C89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{0A2E78BC-B5FF-478B-9F7F-AFAA8874F9DF}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{BB57AA58-DED7-4453-9DC3-707E6E9748A2}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [TCP Query User{FDA7290C-7300-439F-96BE-3DE4A6CC182D}C:\program files (x86)\steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{F40869E3-755E-46F4-9FB6-5960CF69684D}C:\program files (x86)\steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\firebhaal@yahoo.com\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{897FACB0-C10B-4E8B-BE5F-8194CF30FA53}C:\users\brad7\appdata\local\temp\gw2.exe] => (Allow) C:\users\brad7\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{297D4F3E-CFE4-4426-A0AF-DDCDD29BD5C4}C:\users\brad7\appdata\local\temp\gw2.exe] => (Allow) C:\users\brad7\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{DA8ACBA1-3428-4B0B-8C8D-D4F1B5AFD82F}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{16F31041-0DF2-4BD8-AAC3-EB01DE9C2E15}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{F935CC95-38B0-404F-ABBA-4B485F5DA6B4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CFD8C778-FB54-4B88-93B8-B34E2F904F37}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5EBB645B-EBE3-4AE6-BA0A-8D29F936D1FF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CD1386F0-00A7-4C89-AE85-8072DF57ECFF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8148B12D-522E-4D58-93F4-A22BD0D77F40}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{AD5837EB-E964-4475-8692-EBF55E8FF941}C:\users\brad7\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\brad7\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7EE58B4E-6FA0-4BDC-ACB0-67B39838A4FB}C:\users\brad7\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\brad7\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7CE5581B-2FE6-47F2-9B17-98E1A00EEC1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{634A491A-E055-4785-BEC1-64C9BAFB305C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{08036E2C-547D-4E85-BC68-ABCC3BD3876D}E:\guild wars 2\gw2.exe] => (Allow) E:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0CA2A85D-E407-4F15-886C-30556231D409}E:\guild wars 2\gw2.exe] => (Allow) E:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{40A1BFF5-77E0-40BB-AD33-E821D972B213}E:\steamlibrary\steamapps\common\mass effect 2\binaries\masseffect2.exe] => (Allow) E:\steamlibrary\steamapps\common\mass effect 2\binaries\masseffect2.exe
FirewallRules: [UDP Query User{20D6B2CB-FDE1-449C-A989-114F19F14F77}E:\steamlibrary\steamapps\common\mass effect 2\binaries\masseffect2.exe] => (Allow) E:\steamlibrary\steamapps\common\mass effect 2\binaries\masseffect2.exe
FirewallRules: [{C8FD6E23-0350-4FA5-8612-6EC8C85D80BC}] => (Allow) C:\Users\Brad7\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7B505448-8735-49D0-8CEF-7B89E4D21653}] => (Allow) C:\Users\Brad7\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{3F505839-FEC3-4B5F-A01D-DC81724BAAAB}E:\steamlibrary\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) E:\steamlibrary\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{BAE95C37-DF38-4C0B-B952-29281D976D14}E:\steamlibrary\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) E:\steamlibrary\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{67C0A419-1297-452E-B491-BDD2AB1D4248}] => (Allow) C:\Users\Brad7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{610D96CF-5A0A-4E64-A774-0EBEF665D2FA}] => (Allow) C:\Users\Brad7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{06920E1C-C4BD-44AF-8ABD-124EA3A8C58E}E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{25399B4D-99FE-4BFB-AE76-58F6FB1BDCD6}E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [{849BD46D-FB30-476D-BCAF-3931285E207B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DA7948FF-FB8B-4A66-90B7-3D4D0B776EF4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AA45A52B-4BC5-487C-AC9B-3AE12C3C773E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FC032CF8-4B7D-44B6-899E-40FF002E862A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1D9168B4-7B8B-40BC-820D-CA88B31539C6}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B373335B-14FE-4526-97CC-0BA6980BB072}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{D1472DDF-C001-4389-877A-57B9077F0C9A}] => (Allow) C:\Users\Brad7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6EE2A0A-6621-442C-9DEF-97C7D2301BA8}] => (Allow) C:\Users\Brad7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F6AB456-30BF-4EB2-B27B-700073A882BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EB09969F-9E70-4048-AF6D-6684043BFBE9}] => (Allow) C:\Users\Brad7\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E824C61B-5591-4871-AE98-B8354DB4E279}] => (Allow) C:\Users\Brad7\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{938FDD0D-A7E7-4E1B-9C66-AFB4D2AEC73E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0BF7B61D-ED42-40EF-956C-0A6D95CBC970}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E222D36E-AF78-4EA7-B2B9-DF367E88DFAB}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\Rosetta Stone TOTALe.exe
FirewallRules: [{8F20061D-2644-4764-B14A-3DD6038901BA}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{610B2684-3330-484B-80D9-086A4B7D4644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{DCEEBC19-388D-431F-B29B-50C88018A383}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{3289125D-CB66-494C-A344-15923F28A772}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEA028F4-2D7E-4AB6-A9EC-375B738FCB74}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1D887FBF-057D-4A1A-B2BA-DB52BAC0B099}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B223FA51-7464-4A7A-A0A7-6510B54C31A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F0A9689C-E007-46CB-BB8B-ABBA65DE6F75}] => (Block) E:\MESOM\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
FirewallRules: [TCP Query User{6418623C-F4EE-402C-BB84-EC543E3AC9C1}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{6B5EAC55-1B1E-4643-A94C-4FB6E0376A0F}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{26F2BB90-9401-4DD2-825B-103782F1FA25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ED46BCF-1355-4CF8-BC26-E64F7FFB63BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13274185-DEDE-4951-B270-6873BF254546}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{2A7F6578-4405-4BFD-8875-F9A8FEC721D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{99204B64-1A71-4E4D-84D7-4839960D267E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{EADDE7B6-57F5-4340-9E80-6E6E2C86BC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{65A8EE94-6CB0-4AD1-B351-E9E4B7382413}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{7CED6EB9-668C-4EE5-B795-5543B223666A}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{D077E2A5-9492-48E4-A9D8-C8A2918A7E24}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{986441D2-C51C-437C-AEEE-DE464A51F6D5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7F442492-48CD-4FB6-8017-2449D33E3FA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E700D63A-F50E-44F6-BF23-187B39795D97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9154BC3-B977-4A9D-B660-2F09EC64932F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0659818-3DA3-4187-AA51-EA64A9AA403E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2EBDA529-5C0C-4E77-B301-FA32D2ED40A0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B7982629-9935-4CA7-A239-5EE449B3A983}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9B097BA2-A5AC-4CA3-93C3-E697F9D9EA9F}] => (Allow) E:\SteamLibrary\SteamApps\common\FINAL FANTASY XV\ffxv_s.exe
FirewallRules: [{55BA9264-736C-4857-9374-147C268D9F16}] => (Allow) E:\SteamLibrary\SteamApps\common\FINAL FANTASY XV\ffxv_s.exe
FirewallRules: [{707E9A04-799C-4657-A150-A3059D4A9368}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{114582B8-9599-4939-A8EC-81B54707F787}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2018 11:20:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/11/2018 07:03:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error: (08/11/2018 07:03:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
Error: (08/11/2018 07:03:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/11/2018 07:03:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (08/11/2018 07:03:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (08/11/2018 07:03:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/11/2018 07:03:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
 
 
System errors:
=============
Error: (08/12/2018 11:22:18 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (08/12/2018 11:20:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/12/2018 11:20:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/12/2018 11:20:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/12/2018 11:20:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/12/2018 11:20:17 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/12/2018 11:20:17 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/12/2018 11:20:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
CodeIntegrity:
===================================
 
Date: 2012-06-04 20:48:53.307
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brad7\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2012-06-04 20:48:53.307
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Brad7\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2012-06-04 20:48:53.307
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2012-06-04 20:48:53.307
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 51%
Total physical RAM: 8086.38 MB
Available physical RAM: 3927.66 MB
Total Virtual: 15117.85 MB
Available Virtual: 9592.94 MB
 
==================== Drives ================================
 
Drive a: () (Network) (Total:111.69 GB) (Free:1.88 GB) NTFS
Drive c: () (Fixed) (Total:111.69 GB) (Free:1.88 GB) NTFS
Drive e: (Secondary Disk) (Fixed) (Total:223.57 GB) (Free:4.9 GB) NTFS
 
\\?\Volume{046eb131-a77c-11e1-bd3b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: AD7DCDDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: EC6BFBD0)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by bhg0688, 12 August 2018 - 10:31 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 13 August 2018 - 01:21 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\artur.dubovoy@gmail.com [2018-01-01] [Legacy]
StartMenuInternet: Google Chrome.UHHCRGHVEJZUFM6J7NVWTMGBBY - C:\Users\Brad7\AppData\Local\Google\Chrome\Application\chrome.exe

AlternateDataStreams: C:\Program Files\Common Files\System:qaubFdhuaDzHBaTzzQCXZzaKZqV [2240]
AlternateDataStreams: C:\ProgramData\Microsoft:efFq13AQ8agLLeWpqfQK0BMYHbS [2464]
AlternateDataStreams: C:\ProgramData\Microsoft:nAAka8AjvtXTTG00om3IBEJ [2590]
AlternateDataStreams: C:\Users\Brad7\Cookies:IL45Dp6Wk6ywPQLSFuEbjKH [640]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know if the problem persists.

#3 bhg0688

bhg0688
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 15 August 2018 - 10:25 PM

Hi nasdaq thanks for your help. It seems the issue is improving but its still occurring here and there. Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Brad7 (15-08-2018 23:20:19) Run:1
Running from C:\Users\Brad7\Downloads
Loaded Profiles: Brad7 (Available Profiles: Brad7)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\artur.dubovoy@gmail.com [2018-01-01] [Legacy]
StartMenuInternet: Google Chrome.UHHCRGHVEJZUFM6J7NVWTMGBBY - C:\Users\Brad7\AppData\Local\Google\Chrome\Application\chrome.exe
 
AlternateDataStreams: C:\Program Files\Common Files\System:qaubFdhuaDzHBaTzzQCXZzaKZqV [2240]
AlternateDataStreams: C:\ProgramData\Microsoft:efFq13AQ8agLLeWpqfQK0BMYHbS [2464]
AlternateDataStreams: C:\ProgramData\Microsoft:nAAka8AjvtXTTG00om3IBEJ [2590]
AlternateDataStreams: C:\Users\Brad7\Cookies:IL45Dp6Wk6ywPQLSFuEbjKH [640]
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => not found
C:\Users\Brad7\AppData\Roaming\Mozilla\Firefox\Profiles\ignszzc4.default\Extensions\artur.dubovoy@gmail.com => moved successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.UHHCRGHVEJZUFM6J7NVWTMGBBY\shell\open\command\\Default => value restored successfully
C:\Program Files\Common Files\System => ":qaubFdhuaDzHBaTzzQCXZzaKZqV" ADS removed successfully
C:\ProgramData\Microsoft => ":efFq13AQ8agLLeWpqfQK0BMYHbS" ADS removed successfully
C:\ProgramData\Microsoft => ":nAAka8AjvtXTTG00om3IBEJ" ADS removed successfully
C:\Users\Brad7\Cookies => ":IL45Dp6Wk6ywPQLSFuEbjKH" ADS removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 23:20:33 ====

Edited by bhg0688, 15 August 2018 - 10:27 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 16 August 2018 - 06:37 AM

Hi,

Did you install this process?
CloudApp for Windows (HKLM-x32\...\{E1D35426-1711-4990-A9ED-E73E3CEAECFD}) (Version: 4.3.9.12578 - CloudPlus, Inc.)
===

The video you provided in you first post stops at Cloudapp...

Error: (08/12/2018 11:22:18 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.


Your Drive C: does not have enough free space.

Drive c: () (Fixed) (Total:111.69 GB) (Free:1.88 GB) NTFS

Delete of backup some files/programs to an external drive.

#5 bhg0688

bhg0688
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 16 August 2018 - 08:19 PM

Yes, thats the app that recorded the video! okay i've deleted lots of temp files now I have plenty of room



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 17 August 2018 - 08:27 AM

Any remaining issues?

#7 bhg0688

bhg0688
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 18 August 2018 - 09:37 AM

Hi, yes, the same problem is still occuring...



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 18 August 2018 - 12:24 PM

Your copy of Chrome may have been compromised

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
<<<>>>

This could be a Syncing issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

#9 bhg0688

bhg0688
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 19 August 2018 - 07:41 PM

Reinstalling appears to have fixed it!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 20 August 2018 - 07:00 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 bhg0688

bhg0688
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 21 August 2018 - 09:26 PM

Thanks for all your work!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users