Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malwarebytes keeps blocking svchost.exe

This is a discussion on Malwarebytes keeps blocking svchost.exe within the Resolved HJT Threads forums, part of the Tech Support Forum category. Malwarebytes keeps randomly popping up a notice that says: Website blocked You may exclude sites or applications from website protection


 
 
Thread Tools Search this Thread
Old 08-01-2017, 08:16 AM   #1
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



Malwarebytes keeps randomly popping up a notice that says:

Website blocked
You may exclude sites or applications from website protection by clicking Manage Exclusions.

IP Address 93.171.173.13
Port 52154
Type: Outbound
File: C:\Windows\System32\svchost.exe

Yes. I have install disc.

DDS Follows:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18739
Run by April at 10:05:14 on 2017-08-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8122.5837 [GMT -5:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\Masterkeys pro L RGB HID.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 8.8.8.8:80
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4851209F05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [MasterKeys Pro L] "C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\MasterKeys Pro L RGB HID.exe"
mRun: [OnScreen Control] C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1464027202442
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F2F74FFE-E676-4DB8-9FFA-4E0EDFD6D63E} : DHCPNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\0s5eb2ct.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-11-20 22768]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-1 320008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2016-5-20 1015848]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2016-5-20 585608]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-7-26 77376]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetLwf.sys [2017-7-17 205952]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2016-5-20 146696]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2016-5-20 198768]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-7-26 263312]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-10-25 4412104]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DraftSight API Service;DraftSight API Service;C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2017-2-21 121344]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2017-4-28 2273432]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-3-15 1659592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2016-5-23 131544]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-8 195336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2016-5-23 169432]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2017-4-5 225400]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MBAMChameleon.sys [2017-7-26 188352]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-7-26 4470736]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-9-7 495224]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-2-14 464440]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-29 450168]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-7-26 7430992]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-5-30 495376]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-11-20 395504]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-11-20 806128]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2017-4-5 36496]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\Windows\System32\drivers\LGJoyXlCore.sys [2017-4-5 67736]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2017-4-5 26008]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-7-26 101784]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2016-11-24 45472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-11-24 253856]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-7-26 84256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2017-5-22 48248]
R3 nvvhci;NVVHCI Enumerator Service;C:\Windows\System32\drivers\nvvhci.sys [2017-5-22 57976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S2 Origin Web Helper Service;Origin Web Helper Service;C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-3-22 3148184]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2016-5-20 46984]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2017-3-21 1595400]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2016-5-24 342456]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2017-3-24 512576]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2017-3-24 7942208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-8-1 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 mt7612US;Xbox Wireless Adapter for Windows;C:\Windows\System32\drivers\mt7612US.sys [2015-12-8 376200]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-9-7 495224]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-5-22 30328]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2017-3-22 2168208]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-7-18 260288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-9-13 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-9-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-9-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-5-22 1255736]
S3 xb1usb;Xbox Peripherals (legacy) Driver;C:\Windows\System32\drivers\xb1usb.sys [2016-2-21 42760]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2015-12-8 243080]
.
=============== File Associations ===============
.
ShellExec: pycharm.exe: open=C:\Program Files\JetBrains\PyCharm Community Edition 2017.1.5\bin\pycharm64.exe "%1"
.
=============== Created Last 30 ================
.
2017-08-01 15:03:53 -------- d-----w- C:\ProgramData\SWCUTemp
2017-08-01 13:26:17 -------- d-----w- C:\ProgramData\HitmanPro
2017-07-27 04:50:05 188352 ----a-w- C:\Windows\System32\drivers\MBAMChameleon.sys
2017-07-27 04:49:51 84256 ----a-w- C:\Windows\System32\drivers\mwac.sys
2017-07-27 04:49:51 101784 ----a-w- C:\Windows\System32\drivers\farflt.sys
2017-07-27 04:49:39 77376 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-07-27 04:49:36 -------- d-----w- C:\Program Files\Malwarebytes
2017-07-27 02:25:56 -------- d-----w- C:\Users\April\VirtualBox VMs
2017-07-27 02:24:26 -------- d-----w- C:\Program Files\Oracle
2017-07-26 22:42:24 -------- d-----w- C:\Users\April\.VirtualBox
2017-07-26 21:09:40 -------- d-----w- C:\Users\April\.PyCharmCE2017.2
2017-07-18 07:47:24 572096 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-07-18 07:46:52 29888 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-07-18 07:33:04 260288 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-07-18 0246 205952 ----a-w- C:\Windows\System32\drivers\VBoxNetLwf.sys
2017-07-18 0246 131144 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp6.sys
.
==================== Find3M ====================
.
2017-08-01 15:02:24 45472 ----a-w- C:\Windows\System32\drivers\mbam.sys
2017-08-01 15:02:24 253856 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-07-26 21:14:27 146696 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2017-07-26 21:13:59 57728 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-07-26 21:13:59 343288 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-07-26 21:13:59 320008 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-07-26 21:13:59 198976 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-07-18 0246 965984 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2017-07-18 0246 149816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2017-07-09 1401 361336 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-07-09 14:05:48 84392 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-07-09 14:05:48 46984 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-07-09 14:05:48 198768 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2017-07-09 14:05:48 110352 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-07-09 14:05:42 1015848 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-06-30 02:57:24 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-06-30 02:57:21 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-06-30 02:57:17 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-06-30 02:57:17 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-06-30 02:57:17 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-06-30 02:57:17 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-06-30 02:57:17 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-06-30 02:57:17 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-06-30 02:57:17 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-06-30 02:57:17 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-06-30 02:40:25 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-06-30 02:40:18 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-06-30 02:39:38 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-06-30 02:39:01 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-06-30 02:38:58 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-06-30 02:38:54 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-06-30 02:38:54 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-06-30 02:38:54 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-06-30 02:38:54 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-06-30 02:38:54 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-06-30 02:38:54 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-06-30 02:38:54 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-06-30 02:27:15 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-06-30 02:27:04 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-06-30 02:26:41 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-06-30 02:26:20 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-06-29 06:19:09 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-06-29 06:18:58 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-06-29 06:04:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-06-29 06:03:28 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-06-29 06:03:20 417792 ----a-w- C:\Windows\System32\html.iec
2017-06-29 06:02:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-06-29 06:02:46 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-06-29 05:50:26 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-06-29 05:50:26 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-06-29 05:50:10 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-06-29 05:44:36 5975552 ----a-w- C:\Windows\System32\jscript9.dll
2017-06-29 05:43:07 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-06-29 05:35:46 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-06-29 05:31:50 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-06-29 05:31:23 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-06-29 05:23:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-06-29 05:23:38 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-06-29 05:23:03 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-06-29 05:22:54 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-06-29 05:22:01 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-06-29 05:13:38 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-06-29 05:13:19 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-06-29 05:08:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-06-29 05:07:16 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-06-29 05:01:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-06-29 05:00:32 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-06-29 04:53:46 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-06-29 04:52:52 4549632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-06-29 04:46:33 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-06-29 04:46:20 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-06-29 04:28:59 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-06-22 14:58:48 3223040 ----a-w- C:\Windows\System32\win32k.sys
2017-06-15 20:23:49 753664 ----a-w- C:\Windows\System32\drivers\http.sys
2017-06-12 22:54:32 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-06-12 22:54:32 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-06-12 22:54:31 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-06-12 22:29:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2017-06-12 22:29:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2017-06-12 22:29:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2017-06-12 22:29:03 444928 ----a-w- C:\Windows\SysWow64\wvc.dll
2017-06-12 22:29:02 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2017-06-12 22:29:02 1227264 ----a-w- C:\Windows\SysWow64\wdc.dll
2017-06-12 22:29:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2017-06-12 22:29:01 390144 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2017-06-12 22:28:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2017-06-12 22:28:58 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2017-06-12 22:28:58 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2017-06-12 22:28:57 47104 ----a-w- C:\Windows\SysWow64\pdhui.dll
2017-06-12 22:28:54 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2017-06-12 22:28:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-06-12 22:28:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2017-06-12 22:28:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2017-06-12 22:28:51 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2017-06-12 22:28:48 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2017-06-12 22:28:47 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2017-06-12 22:28:46 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2017-06-12 22:19:20 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-06-12 22:14:07 379392 ----a-w- C:\Windows\System32\msinfo32.exe
2017-06-12 22:14:06 172544 ----a-w- C:\Windows\System32\perfmon.exe
.
============= FINISH: 10:05:23.11 ===============
Attached Files
File Type: txt attach.txt (6.9 KB, 38 views)
rayden54 is offline  
Sponsored Links
Advertisement
 
Old 08-04-2017, 01:07 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Avast and MBAM.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

In case you were wondering, MBAM v.3 is now a full-fledged, real-time antivirus.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

If you choose to keep Avast as your antivirus, but want MBAM as an on-demand scanner, you can download an earlier version and decline the antivirus option.

https://www.bleepingcomputer.com/dow...-malware/dl/7/

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2017, 02:08 PM   #3
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



Regarding Malwarebytes: It'll revert back to being an on-demand scanner in about 5 days. I can disable the premium trial now, but since Malwarebytes is what's reporting the problem, I don't know if that's what I should do or not.

AdwCleaner Log:
# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 04 20:52:16 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-03-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1382 B] - [2017/3/21 5:3:37]
C:/AdwCleaner/AdwCleaner[S0].txt - [1440 B] - [2017/3/21 5:3:12]
C:/AdwCleaner/AdwCleaner[S1].txt - [1084 B] - [2017/8/1 13:42:40]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by April (administrator) on MEGAPUTER (04-08-2017 15:57:42)
Running from G:\Downloads
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cooler Master) C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\Masterkeys pro L RGB HID.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-26] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-05] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-11-20] (Intel Corporation)
HKLM-x32\...\Run: [MasterKeys Pro L] => C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\MasterKeys Pro L RGB HID.exe [1957376 2016-03-16] (Cooler Master)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1785328 2015-12-14] (TODO: <Company name>)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\MountPoints2: {901d5af8-452f-11e6-bbfd-bc5ff4bd3b11} - H:\windows\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-07-08]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1244715238-3508253901-799005249-1000] => 8.8.8.8:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2F74FFE-E676-4DB8-9FFA-4E0EDFD6D63E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-10-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-26] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-10-05] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-26] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1464027202442
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0s5eb2ct.default
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\0s5eb2ct.default [2017-08-01]
FF Extension: (Avast SafePrice) - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\0s5eb2ct.default\Extensions\[email protected] [2017-06-14]
FF Extension: (Avast Online Security) - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\0s5eb2ct.default\Extensions\[email protected] [2017-06-14]
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-10-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-20] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Drive) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (uBlock Origin) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-08-01]
CHR Extension: (W Zoom) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneiefgdpanjnbjgdiaokmgjnbhclaom [2017-06-13]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-08-01]
CHR Extension: (Chrono Download Manager) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-01]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-07-08] (Adobe Systems) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-26] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5098008 2016-12-23] (Binary Fortress Software)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-02-21] (Dassault Systèmes) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-05-24] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-04-25] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7942208 2017-04-25] (GOG.com)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-05] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168208 2017-07-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148184 2017-07-02] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-26] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-09] (AVAST Software)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-04] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-07-17] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205952 2017-07-17] (Oracle Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:57 - 2017-08-04 15:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-04 15:57 - 2017-08-04 15:57 - 000000000 ____D C:\FRST
2017-08-04 15:07 - 2017-08-04 15:50 - 018063438 _____ C:\Users\April\Desktop\AW_Database_Design_for_Mere_Mortals_3rd_Edition_03.pdf
2017-08-04 15:00 - 2017-07-30 18:37 - 000875487 _____ C:\Users\April\Desktop\EffectiveUseCases.pdf
2017-08-04 15:00 - 2017-07-27 00:11 - 016697022 _____ C:\Users\April\Desktop\Database Systems - Design, Implementation, and Management (9th Edition).pdf
2017-08-04 15:00 - 2014-05-12 17:34 - 011312088 _____ C:\Users\April\Desktop\AW.Database.Design.for.Mere.Mortals.3rd.Edition.0321884493.mobi
2017-08-04 15:00 - 2014-05-12 16:26 - 008327560 _____ C:\Users\April\Desktop\AW.Database.Design.for.Mere.Mortals.3rd.Edition.0321884493.epub
2017-08-04 14:59 - 2017-07-27 10:18 - 002230693 _____ C:\Users\April\Desktop\SQL - Felix Alvaro.pdf
2017-08-04 14:59 - 2017-07-26 23:48 - 010201597 _____ C:\Users\April\Desktop\the-definitive-guide-to-sqlite.9781590596739.23326.pdf
2017-08-04 14:58 - 2017-07-31 10:11 - 015434471 _____ C:\Users\April\Desktop\LEARNING PYTHON POWERFUL OBJECT-ORIENTED PROGRAMMING, 5TH EDITION-OREILLY.pdf
2017-08-04 14:58 - 2017-07-27 10:31 - 050206405 _____ C:\Users\April\Desktop\Head First SQL Your Brain on SQL -- A Learner's Guide~tqw~_darksiderg.pdf
2017-08-01 15:37 - 2017-01-10 10:14 - 008028556 _____ C:\Users\April\Desktop\AW.Domain-Specific.Languages.0321712943.pdf
2017-08-01 14:06 - 2007-08-25 23:09 - 001854546 _____ C:\Users\April\Desktop\Analysis_Patterns-Martin Fowler.pdf
2017-08-01 11:38 - 2017-08-01 11:38 - 000001244 _____ C:\Users\Public\Desktop\DisplayFusion.lnk
2017-08-01 11:38 - 2017-08-01 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2017-08-01 10:05 - 2017-08-01 10:05 - 000027452 _____ C:\Users\April\Desktop\dds.txt
2017-08-01 10:05 - 2017-08-01 10:05 - 000007057 _____ C:\Users\April\Desktop\attach.txt
2017-08-01 09:59 - 2017-06-29 01:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-01 09:59 - 2017-06-29 00:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-01 09:58 - 2017-06-29 23:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-01 09:58 - 2017-06-29 22:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-01 09:58 - 2017-06-29 21:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-01 09:58 - 2017-06-29 21:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-01 09:58 - 2017-06-29 21:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-01 09:58 - 2017-06-29 21:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-01 09:58 - 2017-06-29 21:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-01 09:58 - 2017-06-29 21:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-01 09:58 - 2017-06-29 21:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-01 09:58 - 2017-06-29 21:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-01 09:58 - 2017-06-29 21:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-01 09:58 - 2017-06-29 21:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-01 09:58 - 2017-06-29 21:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-01 09:58 - 2017-06-29 01:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-01 09:58 - 2017-06-29 01:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-01 09:58 - 2017-06-29 01:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-01 09:58 - 2017-06-29 01:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-01 09:58 - 2017-06-29 01:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-01 09:58 - 2017-06-29 01:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-01 09:58 - 2017-06-29 01:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-01 09:58 - 2017-06-29 01:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-01 09:58 - 2017-06-29 00:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-01 09:58 - 2017-06-29 00:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-01 09:58 - 2017-06-29 00:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-01 09:58 - 2017-06-29 00:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-01 09:58 - 2017-06-29 00:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-01 09:58 - 2017-06-29 00:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-01 09:58 - 2017-06-29 00:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-01 09:58 - 2017-06-29 00:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-01 09:58 - 2017-06-29 00:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-01 09:58 - 2017-06-29 00:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-01 09:58 - 2017-06-29 00:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-01 09:58 - 2017-06-29 00:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-01 09:58 - 2017-06-29 00:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-01 09:58 - 2017-06-29 00:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-01 09:58 - 2017-06-29 00:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-01 09:58 - 2017-06-29 00:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-01 09:58 - 2017-06-29 00:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-01 09:58 - 2017-06-29 00:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-01 09:58 - 2017-06-29 00:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-01 09:58 - 2017-06-29 00:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-01 09:58 - 2017-06-29 00:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-01 09:58 - 2017-06-29 00:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-01 09:58 - 2017-06-29 00:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-01 09:58 - 2017-06-29 00:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-01 09:58 - 2017-06-29 00:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-01 09:58 - 2017-06-29 00:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-01 09:58 - 2017-06-29 00:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-01 09:58 - 2017-06-29 00:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-01 09:58 - 2017-06-29 00:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-01 09:58 - 2017-06-29 00:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-01 09:58 - 2017-06-29 00:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-01 09:58 - 2017-06-29 00:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-01 09:58 - 2017-06-29 00:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-01 09:58 - 2017-06-29 00:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-01 09:58 - 2017-06-29 00:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-01 09:58 - 2017-06-29 00:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-01 09:58 - 2017-06-29 00:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-01 09:58 - 2017-06-29 00:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-01 09:58 - 2017-06-29 00:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-01 09:58 - 2017-06-28 23:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-01 09:58 - 2017-06-28 23:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-01 09:58 - 2017-06-28 23:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-01 09:58 - 2017-06-28 23:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-01 09:58 - 2017-06-28 23:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-01 09:58 - 2017-06-28 23:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-01 09:58 - 2017-06-28 23:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-01 09:58 - 2017-06-28 23:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-01 09:58 - 2017-06-28 23:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-01 09:58 - 2017-06-28 23:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-01 09:58 - 2017-06-28 23:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-01 09:58 - 2017-06-28 23:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-01 09:58 - 2017-06-28 23:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-01 09:58 - 2017-06-28 23:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-01 09:58 - 2017-06-28 23:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-01 09:58 - 2017-06-28 23:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-01 09:58 - 2017-06-28 23:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-01 09:58 - 2017-06-22 09:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-01 09:58 - 2017-06-15 15:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-08-01 09:58 - 2017-06-12 17:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-01 09:58 - 2017-06-12 17:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-01 09:58 - 2017-06-12 17:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-01 09:58 - 2017-06-12 17:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-08-01 09:58 - 2017-06-12 17:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-01 09:58 - 2017-06-12 17:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-08-01 09:58 - 2017-06-12 17:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-01 09:58 - 2017-06-12 17:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-01 09:58 - 2017-06-12 17:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-01 09:58 - 2017-06-12 17:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-01 09:58 - 2017-06-12 17:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-08-01 09:58 - 2017-06-12 17:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-08-01 09:58 - 2017-06-12 17:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-08-01 09:58 - 2017-06-12 17:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-01 09:58 - 2017-06-12 17:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-01 09:58 - 2017-06-12 17:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-01 09:58 - 2017-06-12 17:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-01 09:58 - 2017-06-12 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-01 09:58 - 2017-06-12 17:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-08-01 09:58 - 2017-06-12 17:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-08-01 09:58 - 2017-06-12 17:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-08-01 09:58 - 2017-06-12 17:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-01 09:58 - 2017-06-10 10:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-08-01 09:58 - 2017-06-10 10:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-08-01 09:58 - 2017-06-09 10:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-08-01 09:58 - 2017-06-06 10:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-08-01 09:58 - 2017-06-06 10:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-08-01 09:58 - 2017-05-29 23:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-08-01 09:58 - 2017-05-29 23:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-08-01 09:58 - 2017-05-29 23:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-08-01 09:58 - 2017-05-20 23:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-08-01 09:58 - 2017-05-20 23:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-08-01 09:58 - 2017-05-16 10:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-08-01 09:58 - 2017-05-16 10:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-08-01 09:58 - 2017-05-16 10:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-08-01 09:49 - 2017-08-01 09:49 - 000000147 _____ C:\Users\April\Desktop\NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum.url
2017-08-01 09:49 - 2017-08-01 09:49 - 000000069 _____ C:\Users\April\Desktop\Virus-Trojan-Spyware Help.url
2017-08-01 09:49 - 2017-08-01 09:49 - 000000058 _____ C:\Users\April\Desktop\GuildWars2 - Twitch.url
2017-08-01 09:48 - 2017-08-01 09:48 - 000000067 _____ C:\Users\April\Desktop\@rayden54-Mylist on Twitter.url
2017-08-01 08:26 - 2017-08-01 08:33 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-30 04:03 - 2017-07-30 04:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-29 17:19 - 2017-07-29 17:19 - 000000913 _____ C:\Users\April\Desktop\_Python - Shortcut.lnk
2017-07-29 17:01 - 2017-07-29 17:01 - 000001471 _____ C:\Users\April\Desktop\SQLiteDatabaseBrowserPortable.exe - Shortcut.lnk
2017-07-28 22:12 - 2017-07-31 19:16 - 000000000 ____D C:\Users\April\Desktop\moviedatabasetest
2017-07-28 22:08 - 2017-07-28 22:08 - 000000833 _____ C:\Users\April\Desktop\Desk and Thing 3D - Shortcut.lnk
2017-07-28 22:07 - 2017-07-28 22:07 - 000000635 _____ C:\Users\April\Desktop\Stuff - Shortcut.lnk
2017-07-28 22:07 - 2017-07-28 22:07 - 000000619 _____ C:\Users\April\Desktop\AVI - Shortcut.lnk
2017-07-26 23:50 - 2017-07-31 15:21 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-26 23:49 - 2017-08-04 15:54 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-26 23:49 - 2017-08-04 15:54 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-26 23:49 - 2017-07-26 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-26 23:49 - 2017-07-26 23:49 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 23:49 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-26 21:25 - 2017-07-26 21:25 - 000000000 ____D C:\Users\April\VirtualBox VMs
2017-07-26 21:24 - 2017-07-26 21:24 - 000003118 _____ C:\Windows\System32\Tasks\{729942AF-775A-4751-AB8C-8B0E2F13F25D}
2017-07-26 21:24 - 2017-07-26 21:24 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-07-26 21:24 - 2017-07-26 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-07-26 21:24 - 2017-07-26 21:24 - 000000000 ____D C:\Program Files\Oracle
2017-07-26 17:42 - 2017-07-26 23:41 - 000000000 ____D C:\Users\April\.VirtualBox
2017-07-26 16:14 - 2017-07-26 16:14 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-26 16:09 - 2017-07-26 16:09 - 000000000 ____D C:\Users\April\.PyCharmCE2017.2
2017-07-20 10:31 - 2017-07-20 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-07-17 21:06 - 2017-07-17 21:06 - 000205952 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2017-07-17 21:06 - 2017-07-17 21:06 - 000131144 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:56 - 2009-07-13 23:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-04 15:56 - 2009-07-13 23:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-04 15:55 - 2016-05-20 13:05 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-04 15:54 - 2016-11-24 13:17 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-04 15:54 - 2016-11-24 13:16 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-04 15:54 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-04 15:53 - 2017-03-21 00:01 - 000000000 ____D C:\AdwCleaner
2017-08-01 23:00 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-08-01 11:38 - 2016-05-23 23:59 - 000000000 ____D C:\Program Files (x86)\DisplayFusion
2017-08-01 10:08 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-01 10:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-08-01 10:01 - 2017-02-08 20:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-01 10:01 - 2016-05-20 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-01 10:01 - 2009-07-13 23:45 - 000445904 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-01 10:00 - 2016-05-21 20:37 - 000000000 ____D C:\Windows\system32\MRT
2017-08-01 09:59 - 2016-05-21 20:37 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-01 09:50 - 2016-07-20 15:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-01 09:50 - 2016-07-20 15:44 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-01 09:35 - 2017-06-17 13:25 - 000000000 ____D C:\Users\April\Documents\CyberLink
2017-08-01 09:35 - 2017-06-17 13:25 - 000000000 ____D C:\Users\April\AppData\Roaming\CyberLink
2017-08-01 09:35 - 2016-10-15 20:39 - 000000000 ____D C:\Users\April\AppData\Local\CyberLink
2017-08-01 09:35 - 2016-10-15 20:39 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2017-08-01 09:35 - 2016-10-15 20:39 - 000000000 ____D C:\ProgramData\install_clap
2017-08-01 09:35 - 2016-10-15 20:39 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2017-08-01 09:35 - 2016-10-15 18:07 - 000000000 ____D C:\ProgramData\CyberLink
2017-08-01 09:35 - 2016-05-23 20:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-01 09:29 - 2011-04-12 03:28 - 000000000 ____D C:\Windows\ShellNew
2017-08-01 09:26 - 2016-10-16 00:39 - 000000000 ____D C:\Program Files (x86)\DVDFab 9
2017-08-01 05:09 - 2016-10-25 22:38 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-31 18:03 - 2016-07-01 16:23 - 000000000 ____D C:\Users\April\AppData\Roaming\vlc
2017-07-31 15:44 - 2016-12-29 20:50 - 000000000 ____D C:\Users\April\AppData\LocalLow\Mozilla
2017-07-30 22:36 - 2017-05-23 16:05 - 000000000 ____D C:\Users\April\Documents\Movie Collector
2017-07-30 04:03 - 2016-10-25 23:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-30 04:03 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-29 13:51 - 2017-05-24 23:46 - 000000000 ____D C:\Python36-32
2017-07-28 22:13 - 2016-09-28 00:41 - 000000000 ____D C:\Users\April\Desktop\Wins
2017-07-27 22:56 - 2017-05-24 23:42 - 000000000 ____D C:\Users\April\Desktop\themoviedbtest
2017-07-26 23:49 - 2016-11-24 13:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-26 21:25 - 2016-05-19 00:54 - 000000000 ____D C:\Users\April
2017-07-26 16:14 - 2017-03-01 17:22 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-26 16:14 - 2016-05-20 00:58 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-26 16:14 - 2016-05-20 00:58 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150110366781503
2017-07-26 16:13 - 2017-03-01 17:22 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-26 16:13 - 2017-03-01 17:22 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-26 16:13 - 2017-03-01 17:22 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-26 16:13 - 2017-03-01 17:22 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-25 16:51 - 2017-06-14 23:33 - 000000054 _____ C:\Users\Public\Documents\OSCFile.txt
2017-07-21 21:47 - 2016-07-30 18:02 - 000000000 ____D C:\Users\April\AppData\Local\CrashDumps
2017-07-20 10:31 - 2017-05-24 00:01 - 000000000 ____D C:\Program Files\JetBrains
2017-07-17 21:06 - 2016-11-28 22:43 - 000965984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-07-17 21:06 - 2016-11-28 22:43 - 000149816 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-07-09 09:06 - 2016-05-20 00:58 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 001015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 000585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 000360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149960916145006
2017-07-09 09:05 - 2016-05-20 00:58 - 000198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 000110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 000084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-09 09:05 - 2016-05-20 00:58 - 000046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-09 09:05 - 2016-05-20 00:38 - 000000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2016-10-15 21:15 - 2016-10-16 00:56 - 000000120 _____ () C:\Users\April\AppData\Roaming\FixVTS.ini
2017-05-16 11:45 - 2017-05-16 11:45 - 000007281 _____ () C:\Users\April\AppData\Local\recently-used.xbel
2016-09-25 18:10 - 2017-02-06 22:34 - 000000085 ___SH () C:\ProgramData\.zreglib
2016-05-30 14:14 - 2016-05-30 14:14 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 00:49

==================== End of FRST.txt ============================
rayden54 is offline  
Sponsored Links
Advertisement
 
Old 08-05-2017, 01:27 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello rayden54. Any reason you would be trying to connect to a Russian server?

It appears you didn't attach the second FRST log, Addition.txt, to your last reply.

I need to see it before we proceed. It is located on your desktop.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-07-2017, 05:36 PM   #5
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



I don't think so.

Thought I had attached it.
Attached Files
File Type: txt Addition.txt (44.2 KB, 7 views)
rayden54 is offline  
Old 08-08-2017, 01:23 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rayden54.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\MountPoints2: {901d5af8-452f-11e6-bbfd-bc5ff4bd3b11} - H:\windows\AutoRun.exe
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    GroupPolicy: Restriction <==== ATTENTION
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-08-2017, 02:12 PM   #7
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2017
Ran by April (08-08-2017 16:00:13) Run:1
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\...\MountPoints2: {901d5af8-452f-11e6-bbfd-bc5ff4bd3b11} - H:\windows\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-1244715238-3508253901-799005249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901d5af8-452f-11e6-bbfd-bc5ff4bd3b11} => key removed successfully
HKLM\Software\Classes\CLSID\{901d5af8-452f-11e6-bbfd-bc5ff4bd3b11} => key not found.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32162953 B
Java, Flash, Steam htmlcache => 146185518 B
Windows/system/drivers => 212237298 B
Edge => 0 B
Chrome => 746449749 B
Firefox => 36627718 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558412 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 120864 B
April => 123400791 B

RecycleBin => 159279756 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:00:34 ====
rayden54 is offline  
Old 08-09-2017, 07:23 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rayden54. Still getting notices of outgoings?

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-13-2017, 01:11 PM   #9
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



No I haven't gotten the notices in several days now (before the first response in fact).

What was causing them?

--

I can't find a "save text to file" option. It's not finding anything.
rayden54 is offline  
Old 08-14-2017, 12:58 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Can't say for sure if our tools aren't finding anything.

Any remaining problems? Let me know and I will give you some final instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-14-2017, 04:43 PM   #11
Registered Member
 
Join Date: Oct 2007
Posts: 30
OS: Windows 7



Why'd you ask about a Russian server?
rayden54 is offline  
Old 08-15-2017, 03:54 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
IP Address 93.171.173.13
Port 52154
Type: Outbound
File: C:\Windows\System32\svchost.exe
93.171.173.13 - Green Internet In Vurnary Russian Federation | IP-Tracker.org Lookup Locator
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-19-2017, 10:59 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, rayden54? We haven't cleaned up yet.

------------------------------------------------------

Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go File > Uninstall > Yes

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-23-2017, 12:27 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hard drive usage at %100 - Looking for ideas
Hey guys! Please don't bash me for posting this (as I can see others have posted about it also). I just want to make sure I can get as many ideas as possible, before I do a clean install/new hdd. _______ I am helping a family friend fix their desktop. It is only about 3 years old and has a...
Labarr15 Windows 10 Support 9 01-12-2017 05:48 PM
[SOLVED] PC Won't Boot After Cleaning
Hello all. I have a problem with my Windows 10 PC. Please bare with me with my long explanation. Please read and help. Every three months I open it up to clean it out with a can of compressed air. Today I did this and also replaced the optical drive as it had been acting up for a while where I...
Techie19 Windows 10 Support 38 12-07-2016 02:31 AM
Windows 7: huge memory usage for no reason
Hello, I have a Win 7 64 bits professional PC / 8GB RAM that has worked very well until 2 weeks ago. Since then, without me installing anything new (I just keep stuff updated) it got a very nasty issue: it boots and stays at its regular memory usage (1.2GB) for about 2 minutes, then even...
dfumagalli Windows 7 , Windows Vista Support 8 08-04-2013 10:50 PM
svchost.exe process sucks up ram until OS is unresponsive
so im running windows 7 on an i3 2nd gen with 4gbs ram. the computer will operate smoothly up untill about 30 mins after boot. then the system will become suddenly unresposive. icons still click, menus still open, but actions do nothing. it will not start any new process such as IE, firefox, or...
mcspliff Windows 7 , Windows Vista Support 7 12-19-2012 01:43 PM
svchost.exe and other issues.
Recently my computer got attacked by hundreds of different spyware type software including rogue agents, trojan agents, ect. It also had some malware on it. I have run, in safe mode, the following programs: Malware bytes Anti-Malware Spybot Search and Destroy SUPERantispyware Comodo system...
Lapse Resolved HJT Threads 16 02-03-2011 08:30 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:24 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts