User Tag List

After Virus - Repair

This is a discussion on After Virus - Repair within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have had a lot of problems. I ended up with a number of virus's. I was able to take


 
 
Thread Tools Search this Thread
Old 06-18-2019, 04:37 PM   #1
Registered Member
 
Join Date: Jun 2019
Posts: 3
OS:



I have had a lot of problems. I ended up with a number of virus's. I was able to take care of most of them, however my virus scanner is not picking up anything else but I am still having a number of problems. First, a number of programs keep popping up in the background and makes it very slow. I believe some damage was done but I don't know what it is. I have tried to recover to an earlier point and fully reset the PC. When I try, nothing happens. Its like I didn't click on anything or enter any command. It still seems to be able to run some programs including my virus scanner. I have even tried running it in safe mode. I cant tell what is wrong and I am not computer savvy enough to figure it out on my own. If anyone can help me, please get back to me as soon as possible. It is a personal PC but i work from here, and i have already been battling this for more then a week. Thanks.
Th3M4iLM4n is offline  
Sponsored Links
Advertisement
 
Old 06-18-2019, 04:58 PM   #2
Registered Member
 
Join Date: Jun 2019
Posts: 3
OS:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by Heidi (administrator) on DAWN (LENOVO 10157) (18-06-2019 16:51:12)
Running from C:\Users\Heidi\Downloads
Loaded Profiles: Heidi (Available Profiles: Heidi)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WinVPN\inetdrv.exe
() [File not signed] C:\Program Files\WinVPN\wpsvc.exe
() [File not signed] C:\Users\Heidi\AppData\Local\Saber.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chromePella.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_12\mcapexe.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Tersys Group O▄ -> Trust.Zone VPN Project) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe
(TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\lmniwsusvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Trust.Zone VPN Client UI Helper] => C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [6325688 2019-06-07] (Tersys Group O▄ -> Trust.Zone VPN Project)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\Heidi\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [349704 2017-01-06] (Investservis JSC -> Jetico ltd)
HKLM-x32\...\Run: [winremora] => C:\Program Files (x86)\WinRemora\winremora.exe --run
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Run: [btweb] => "C:\Users\Heidi\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Run: [pdixgo] => rundll32.exe "C:\Users\Heidi\AppData\Local\pdixgo.dll",pdixgo <==== ATTENTION
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Run: [Epo-n5gq_k.exe] => C:\Program Files\Windows NT\P2ND1JHOSIDX8ODKK7RA7S4E\Epo-n5gq_k.exe
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Policies\Explorer: [NoDrives] 00000003
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\Policies\Explorer\DisallowRun: [1] saber.exe
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\MountPoints2: V - "V:\Setup.exe"
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\...\MountPoints2: {22fd51a5-8a10-11e9-826b-c03fd59118ef} - "V:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trust.Zone VPN Client.lnk [2019-06-07]
ShortcutTarget: Trust.Zone VPN Client.lnk -> C:\Program Files\Trust.Zone VPN Client\trustzone_x64.exe (Tersys Group O▄ -> Trust.Zone VPN Project)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B13A6A-18CE-4400-8840-8E7D2F4A339A} - System32\Tasks\ITL Driver Updater_Logon => C:\Program Files\ITL Driver Updater\itldu.exe
Task: {15B7E407-C52B-43D4-A3B5-CF576E48B292} - System32\Tasks\ITL Driver Updater skipuac => C:\Program Files\ITL Driver Updater\itldu.exe
Task: {16F00D35-519F-452A-8AC4-63D382C9CD9F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {19C98596-965E-419B-8930-CF0DF5EA7623} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {2591D0AA-EFC7-476A-9CEC-B060C402DD93} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [133 2012-03-08] () [File not signed]
Task: {2ED84BDE-2272-4D9D-8367-D2CD0F3E7866} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {35D8AAE3-7FA6-4674-BA00-836AC36CC7B4} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.222\DADUpdater.exe [4178840 2019-06-08] (McAfee, Inc. -> McAfee, Inc.)
Task: {5E334D85-C690-4982-B93F-BDAC15F248B0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {5EB51CA3-7C1B-4FE9-9AB3-255D10E14515} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [307144 2019-05-09] (LENOVO -> Lenovo)
Task: {5EF45BB8-AA5D-4F27-9890-C42386CF4B10} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {80A218FC-E154-458A-A7E8-D0EEBE330B69} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [1663456 2013-05-17] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {80B81006-A11C-4A40-A12C-0B11DB1C19EF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [756672 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
Task: {8C94EB58-5AC3-4B87-A334-3B8ECF7209B1} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [1663456 2013-05-17] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {A90D20DE-6F24-4B67-B253-49BB8EA24778} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16744 2013-05-17] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {A9631CB6-0D1F-4FC8-B42B-473EDC0D90DC} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe
Task: {AA81E2B1-51E4-4304-A7B3-BC500797E756} - System32\Tasks\slovene => C:\Program Files (x86)\Somalis\jams.exe
Task: {ABCE940B-A1BF-41DF-AFFB-21EFC66966B2} - System32\Tasks\sloveneslovene => C:\Program Files (x86)\Somalis\jams.exe
Task: {B3C6CD8E-EB6A-4764-AF6D-55E1CE8840EA} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {C9EA21A1-4871-4933-9BD1-F1BD3595CBF5} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {CA4C264D-54D9-439B-BF95-167D41DB2534} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [148840 2013-05-17] (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
Task: {D0A51AC0-34FC-488B-AD26-67D8850AD3D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-07] (AVAST Software s.r.o. -> AVAST Software)
Task: {D6943B8D-3377-4B17-BBE6-135C26EE904D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-09] (Google Inc -> Google LLC)
Task: {DCFA35E4-789A-4DB5-9473-6BC4C49E9857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-09] (Google Inc -> Google LLC)
Task: {E2852EBD-3474-462C-A086-D986EB6D75BC} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [1663456 2013-05-17] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {E36AF5E3-F0B3-4FFC-88BA-4C23DFD75B12} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1022656 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
Task: {E3B9515D-F678-497C-AA07-57DC435FCF0A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {E87BCB76-2FE2-4012-9A0E-AE1AC90D4BB9} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1022656 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{233C26D1-DBEB-40E5-A8A9-9FA5380BE108}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1932874389-2565665611-3919172095-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-1932874389-2565665611-3919172095-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D060719-N0550AB91A1A2A71DC4AF78EF&form=CONBDF&conlogo=CT3331955&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1932874389-2565665611-3919172095-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D060719-N0550AB91A1A2A71DC4AF78EF&form=CONBDF&conlogo=CT3331955&q={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-06-08] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-06-08] (McAfee, LLC -> McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee« WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-06-08]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-06-08] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1932874389-2565665611-3919172095-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2019-05-30] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2","hxxp://search.conduit.com/?ctid=CT3298578&SearchSource=48&CUI=UN22948076422779013&UM=2","hxxp://www.springville.org/library/","hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2&UP=SP056BBF62-07ED-4013-8B9D-11B3A716A8A0"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default [2019-06-18]
CHR Extension: (Slides) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-09]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2019-06-06]
CHR Extension: (Docs) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-09]
CHR Extension: (Google Drive) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-09]
CHR Extension: (YouTube) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-09]
CHR Extension: (Sheets) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-09]
CHR Extension: (McAfee« WebAdvisor) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-10]
CHR Extension: (Cath Kidston) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2019-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-09]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-05-21]
CHR Extension: (Gmail) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\xhikrm <==== ATTENTION (Rootkit!)

R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26984 2019-06-04] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-06-04] (IDSA Production signing key -> Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
R2 INetDriverSvc; C:\Program Files\WinVPN\inetdrv.exe [1180160 2019-01-27] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel« Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-06-08] (McAfee, LLC -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-23] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; c:\program files\common files\McAfee\ActWiz\McAWFwk.exe [458688 2018-11-14] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [509728 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software)
R2 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1360384 2019-02-05] (McAfee, Inc. -> McAfee, Inc.)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> )
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [205112 2019-05-15] (Intel(R) Software Development Products -> )
R2 TZVPNCLIENT; C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [6325688 2019-06-07] (Tersys Group O▄ -> Trust.Zone VPN Project)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinPing; C:\Program Files\WinVPN\wpsvc.exe [12288 2019-01-27] () [File not signed]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S2 CltMngSvc; C:\PROGRA~2\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [X]
S2 MaxthonUpdateSvc; "C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe" [X]
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S2 winremoraupdater; C:\Program Files (x86)\WinRemora\updater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn2; C:\windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77384 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.)
R2 McPvDrv; C:\windows\system32\drivers\McPvDrv.sys [88504 2018-10-12] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [511024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [373808 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [86136 2019-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [517168 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [981032 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\windows\system32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\windows\system32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [117800 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [254024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [43008 2019-05-15] (Intel Corporation -> )
R3 tap0901; C:\windows\system32\DRIVERS\tap0901.sys [27136 2019-06-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 TXEIx64; C:\windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 aoczp; \??\C:\Users\Heidi\AppData\Local\Temp\aubznlck.sys [X] <==== ATTENTION
R3 ehknru; system32\drivers\knruxa.sys [X]
S4 nmgcle; System32\drivers\weksbilh.sys [X]
S3 vvyyyc; system32\drivers\ppsssv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-18 16:51 - 2019-06-18 16:54 - 000033104 _____ C:\Users\Heidi\Downloads\FRST.txt
2019-06-18 16:51 - 2019-06-18 16:51 - 000000000 ____D C:\FRST
2019-06-18 16:48 - 2019-06-18 16:49 - 002418688 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2019-06-18 16:15 - 2019-06-18 16:15 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\LSC
2019-06-18 16:15 - 2019-06-18 16:15 - 000000000 ____D C:\Users\Heidi\AppData\Local\Adobe
2019-06-18 16:02 - 2019-06-18 16:02 - 000148816 ____N C:\windows\system32\Drivers\usbgjmpt.sys
2019-06-18 15:41 - 2019-06-18 15:41 - 000000816 _____ C:\Users\Heidi\Desktop\Jurassic World Evolution.lnk
2019-06-18 15:32 - 2019-06-18 15:32 - 000001701 _____ C:\Users\Public\Desktop\Planet Nomads.lnk
2019-06-18 15:32 - 2019-06-18 15:32 - 000000000 ____D C:\Users\Heidi\AppData\LocalLow\Craneballs
2019-06-18 15:32 - 2019-06-18 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Nomads [GOG.com]
2019-06-18 15:31 - 2019-06-18 15:31 - 000000000 ____D C:\ProgramData\GOG.com
2019-06-18 15:28 - 2019-06-18 15:28 - 000000000 ____D C:\GOG Games
2019-06-09 13:27 - 2019-06-09 13:44 - 000000000 ____D C:\Users\Heidi\Documents\Larian Studios
2019-06-09 13:27 - 2019-06-09 13:27 - 000002076 _____ C:\Users\Public\Desktop\Divinity - Original Sin Enhanced Edition.lnk
2019-06-09 13:27 - 2019-06-09 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity - Original Sin Enhanced Edition [GOG.com]
2019-06-09 11:25 - 2019-06-09 11:25 - 000000000 _____ C:\Users\Heidi\AppData\Roaming\FC29FA0894FE.ini
2019-06-09 11:24 - 2019-06-09 11:24 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2019-06-09 11:23 - 2019-06-09 11:23 - 000000132 _____ C:\windows\ODBC.INI
2019-06-09 08:47 - 2019-06-09 08:47 - 000000000 ____D C:\Users\Heidi\AppData\LocalLow\Crytivo Games Inc_
2019-06-09 08:39 - 2019-06-09 08:56 - 000000000 ____D C:\Users\Heidi\Downloads\The.Universim.v0.34
2019-06-09 08:28 - 2019-06-09 09:18 - 000000000 ____D C:\Users\Heidi\Downloads\Planet Nomads-Razor1911
2019-06-09 08:23 - 2019-06-09 09:48 - 000000000 ____D C:\Users\Heidi\Downloads\codex-endless.space.2.supremacy
2019-06-09 08:15 - 2019-06-09 08:37 - 908401589 ____R C:\Users\Heidi\Downloads\The.Universim.v0.34.rar
2019-06-09 07:51 - 2019-06-09 12:33 - 000000000 ____D C:\Users\Heidi\Downloads\codex-total.war.warhammer.ii.curse.of.the.vampire.coast
2019-06-09 07:43 - 2019-06-09 08:43 - 000000000 ____D C:\Users\Heidi\Downloads\Divinity Original Sin - Enhanced Edition (v2.5.0.12 - v2.6.1.15) [GOG]
2019-06-09 07:17 - 2019-06-07 04:34 - 000009728 _____ C:\Users\Heidi\AppData\Local\Saber.exe
2019-06-08 22:04 - 2019-06-08 22:04 - 000001913 _____ C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk
2019-06-08 22:04 - 2019-06-08 22:04 - 000001907 _____ C:\Users\Public\Desktop\Heroes of Might and Magic V - Hammers of Fate.lnk
2019-06-08 22:04 - 2019-06-08 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V [GOG.com]
2019-06-08 19:56 - 2019-06-08 19:56 - 000000000 ____D C:\Users\Heidi\AppData\Local\Saber
2019-06-08 19:04 - 2019-06-18 15:33 - 000000000 ____D C:\Users\Heidi\AppData\Local\CrashDumps
2019-06-08 18:34 - 2019-06-08 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2019-06-08 18:34 - 2019-06-08 18:34 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2019-06-08 18:33 - 2019-06-08 18:34 - 007878008 _____ (Microsoft Corporation) C:\Users\Heidi\Downloads\Xbox360_64Eng.exe
2019-06-08 18:11 - 2019-06-08 20:27 - 000000000 ____D C:\Users\Heidi\Documents\The Witcher 3
2019-06-08 18:00 - 2019-06-08 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 - Wild Hunt [GOG.com]
2019-06-08 16:54 - 2019-06-08 16:54 - 000000000 ____D C:\Users\Heidi\AppData\Local\Frontier Developments
2019-06-08 16:54 - 2019-06-08 16:54 - 000000000 ____D C:\ProgramData\Frontier Developments
2019-06-08 16:35 - 2019-06-08 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2019-06-08 16:10 - 2019-06-08 16:10 - 000000000 ____D C:\Program Files (x86)\WinCDEmu
2019-06-08 15:59 - 2019-06-08 15:59 - 000000000 ____D C:\Users\Public\CyberLink
2019-06-08 15:59 - 2019-06-08 15:59 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\CyberLink
2019-06-08 14:16 - 2019-06-18 15:42 - 000000000 ___HD C:\windows\msdownld.tmp
2019-06-08 14:16 - 2019-06-18 15:41 - 000000000 ____D C:\windows\SysWOW64\directx
2019-06-08 14:14 - 2019-06-18 15:37 - 000000000 ____D C:\Games
2019-06-08 13:34 - 2019-06-09 15:12 - 000000000 ____D C:\Users\Heidi\AppData\LocalLow\BitTorrent
2019-06-08 13:33 - 2019-06-09 15:28 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\BitTorrent
2019-06-08 13:33 - 2019-06-08 13:33 - 000000925 _____ C:\Users\Heidi\Desktop\BitTorrent.lnk
2019-06-08 13:33 - 2019-06-08 13:33 - 000000905 _____ C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2019-06-08 13:29 - 2019-06-08 13:29 - 002667320 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\BitTorrent.exe
2019-06-08 13:28 - 2019-06-08 13:37 - 000000000 ____D C:\Users\Heidi\Downloads\Heroes of Might and Magic V Bundle [GOG]
2019-06-08 12:05 - 2019-06-08 12:05 - 000001190 _____ C:\Users\Public\Desktop\Sid.Meiers.Civilization.VI.Deluxe.Edition.v1.0.0.262.Incl.10DLC-ALI213.lnk
2019-06-08 12:05 - 2019-06-08 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI
2019-06-08 11:54 - 2019-06-08 15:05 - 000000000 ____D C:\Program Files (x86)\Sid Meiers Civilization VI
2019-06-08 11:35 - 2019-06-08 11:35 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\FiraxisLive
2019-06-08 11:23 - 2019-06-09 11:23 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Sid.Meiers.Civilization.VI.Deluxe.Edition.v1.0.0.262.Incl.10DLC-ALI213
2019-06-08 11:13 - 2019-06-08 11:19 - 000000000 ____D C:\Users\Heidi\Downloads\Sid.Meiers.Civilization.VI.Deluxe.Edition.v1.0.0.262.Incl.10DLC-ALI213
2019-06-08 08:20 - 2019-06-08 08:20 - 000002089 _____ C:\Users\Public\Desktop\McAfee« Total Protection.lnk
2019-06-08 08:19 - 2019-06-18 16:07 - 000000000 __RSD C:\Users\Heidi\Documents\McAfee Vaults
2019-06-08 08:19 - 2019-06-08 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-06-08 08:19 - 2019-06-08 08:19 - 000000000 ____D C:\Users\Heidi\AppData\Local\McAfee File Lock
2019-06-08 08:19 - 2018-10-12 06:58 - 000088504 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
2019-06-08 08:18 - 2018-12-24 07:18 - 000218408 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2019-06-08 08:16 - 2019-06-08 08:20 - 000000000 ____D C:\Program Files\McAfee
2019-06-08 08:16 - 2019-06-08 08:16 - 000003274 _____ C:\windows\System32\Tasks\McAfeeLogon
2019-06-08 08:16 - 2019-06-08 08:16 - 000000000 ____D C:\Program Files\McAfee.com
2019-06-08 08:15 - 2019-06-08 09:18 - 000003618 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2019-06-08 08:15 - 2019-06-08 08:20 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-06-08 08:15 - 2019-06-08 08:15 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-08 08:14 - 2019-01-15 17:11 - 000509728 _____ (McAfee, LLC) C:\windows\system32\mfevtps.exe
2019-06-07 17:03 - 2019-06-07 18:26 - 000000000 ____D C:\windows\pss
2019-06-07 16:26 - 2019-06-07 16:27 - 000000001 _____ C:\nl4mldq
2019-06-07 12:19 - 2019-06-08 08:18 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-06-07 12:14 - 2019-06-09 05:37 - 000000000 ____D C:\ProgramData\McAfee
2019-06-07 12:14 - 2019-06-07 19:29 - 000000000 _____ C:\Users\Heidi\AppData\Roaming\MCVi2UserDetail.ini
2019-06-07 12:13 - 2019-06-07 12:13 - 005245392 _____ (McAfee, Inc.) C:\Users\Heidi\Downloads\mcafee_trial_setup_433.0207_key.exe
2019-06-07 12:09 - 2019-06-07 16:25 - 000003044 _____ C:\windows\System32\Tasks\ITL Driver Updater_Logon
2019-06-07 11:44 - 2019-06-07 11:44 - 000003374 _____ C:\windows\System32\Tasks\AvastUpdateTaskMachineUA
2019-06-07 11:44 - 2019-06-07 11:44 - 000003246 _____ C:\windows\System32\Tasks\AvastUpdateTaskMachineCore
2019-06-07 11:37 - 2019-06-18 16:05 - 000000000 __RDO C:\Users\Heidi\OneDrive
2019-06-07 11:13 - 2019-06-07 11:13 - 000000000 ___HD C:\$AV_ASW
2019-06-07 10:17 - 2019-06-07 10:17 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-06-07 10:07 - 2019-06-07 10:07 - 000000000 ____D C:\windows\System32\Tasks\Avast Software
2019-06-07 10:02 - 2019-06-07 10:02 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-06-07 09:54 - 2019-06-08 08:12 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-07 09:54 - 2019-06-07 09:54 - 000228544 _____ (AVAST Software) C:\Users\Heidi\Downloads\avast_free_antivirus_setup_online.exe
2019-06-07 09:48 - 2019-06-07 09:48 - 000000000 ____D C:\Users\Heidi\AppData\Local\Lavasoft
2019-06-07 09:48 - 2019-06-07 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-06-07 09:47 - 2019-06-07 09:47 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Lavasoft
2019-06-07 09:46 - 2019-06-07 09:46 - 000000000 ____D C:\Program Files\WinVPN
2019-06-07 09:45 - 2019-06-07 09:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-06-07 09:45 - 2019-06-07 09:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-06-07 09:45 - 2019-06-07 09:45 - 000000000 ____D C:\ProgramData\SZRD5YL98LVS8PA9QLVHJYOUO
2019-06-07 09:44 - 2019-06-07 11:01 - 000000000 ____D C:\Users\Heidi\AppData\Local\exhpwca
2019-06-07 09:44 - 2019-06-07 09:44 - 000000000 ____D C:\ProgramData\Lavasoft
2019-06-07 09:41 - 2019-06-18 15:53 - 000000000 ____D C:\Users\Heidi\AppData\Local\zabpiws
2019-06-07 09:41 - 2019-06-07 09:41 - 000000000 ____D C:\Users\Heidi\AppData\Local\nihmkvu
2019-06-07 09:40 - 2019-06-07 09:40 - 000729794 _____ C:\Users\Heidi\AppData\Local\Tm.bmp
2019-06-07 09:04 - 2019-06-07 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
2019-06-07 09:03 - 2019-06-18 16:03 - 002930176 _____ (TOSHIBA CORPORATION) C:\windows\system32\lmniwsusvc.exe
2019-06-07 09:03 - 2019-06-07 21:51 - 000000000 ____D C:\ProgramData\fb
2019-06-07 09:03 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\UpProVerified
2019-06-07 09:03 - 2019-06-07 11:13 - 000000000 ____D C:\ProgramData\Optimizer
2019-06-07 09:03 - 2019-06-07 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro (Verified)
2019-06-07 09:03 - 2019-06-07 09:44 - 000000000 ____D C:\windows\system32\pwblzeo
2019-06-07 09:03 - 2019-06-07 09:44 - 000000000 ____D C:\Users\Heidi\AppData\Local\winremora
2019-06-07 09:03 - 2019-06-07 09:03 - 000000000 ____D C:\windows\SysWOW64\pwblzeo
2019-06-07 09:02 - 2019-06-07 09:02 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\et
2019-06-07 09:02 - 2019-06-07 09:02 - 000000000 ____D C:\ProgramData\WedISY56eVVF6
2019-06-07 09:02 - 2019-06-07 09:02 - 000000000 ____D C:\ProgramData\Pader
2019-06-07 09:02 - 2019-06-07 09:02 - 000000000 ____D C:\ProgramData\1559919754
2019-06-07 09:00 - 2019-06-07 11:14 - 000000000 ____D C:\Users\Heidi\AppData\Local\App
2019-06-07 08:59 - 2019-06-07 08:59 - 000003958 _____ C:\windows\System32\Tasks\slovene
2019-06-07 08:59 - 2019-06-07 08:59 - 000003786 _____ C:\windows\System32\Tasks\sloveneslovene
2019-06-07 08:59 - 2019-06-07 08:59 - 000000012 _____ C:\windows\b31162466
2019-06-07 08:58 - 2019-06-07 16:22 - 000000000 ___HD C:\Program Files (x86)\Auditioned
2019-06-07 08:58 - 2019-06-07 14:10 - 000000000 ___HD C:\Program Files (x86)\hon
2019-06-07 08:58 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Microleaves
2019-06-07 08:58 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\AppData\Local\AdvinstAnalytics
2019-06-07 08:57 - 2019-06-07 08:59 - 000722944 _____ C:\Users\Heidi\AppData\Local\sha.db
2019-06-07 08:57 - 2019-06-07 08:57 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2019-06-07 08:56 - 2019-06-07 09:45 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\AGData
2019-06-07 08:56 - 2019-06-07 08:56 - 000003300 _____ C:\windows\System32\Tasks\AGProxyCheck
2019-06-07 08:49 - 2019-06-07 08:49 - 000000000 ____D C:\Users\Heidi\Downloads\Jurassic World Evolution
2019-06-07 08:48 - 2019-06-07 08:54 - 709631869 _____ (Forum.Alkad.org) C:\Users\Heidi\Downloads\Starbound 1.3.4.exe
2019-06-07 08:41 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\Downloads\Command & Conquer - Red Alert 2 + Yuri's Revenge RIP
2019-06-07 08:32 - 2019-06-18 16:04 - 000000000 ____D C:\Program Files\Trust.Zone VPN Client
2019-06-07 08:32 - 2019-06-07 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust.Zone VPN Client
2019-06-07 08:32 - 2019-06-07 08:32 - 000027136 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys
2019-06-07 08:32 - 2019-06-07 08:32 - 000003718 _____ C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-06-07 08:32 - 2019-06-07 08:32 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trust.Zone VPN Client.lnk
2019-06-07 08:22 - 2019-06-07 08:22 - 040253312 _____ (Trust.Zone VPN Project) C:\Users\Heidi\Downloads\Trust.Zone_VPN_Client_v1.1.0_b1057.exe
2019-06-07 08:06 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\AppData\Local\Intel_Corporation
2019-06-07 07:58 - 2019-06-07 11:13 - 000000000 ____D C:\Users\Heidi\Downloads\Intel Driver and Support Assistant
2019-06-07 07:56 - 2019-06-07 07:56 - 000003616 _____ C:\windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-06-07 07:56 - 2019-06-07 07:56 - 000003586 _____ C:\windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-06-07 07:56 - 2019-06-07 07:56 - 000003370 _____ C:\windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-06-07 07:56 - 2019-05-15 20:01 - 000043008 _____ C:\windows\system32\Drivers\semav6msr64.sys
2019-06-07 07:55 - 2019-06-07 07:55 - 014507072 _____ (Intel) C:\Users\Heidi\Downloads\Intel Driver and Support Assistant Installer.exe
2019-06-07 07:35 - 2019-06-07 08:07 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\SpaceEngineers
2019-06-07 07:35 - 2019-06-07 07:35 - 000000000 ____D C:\Users\Public\Documents\Steam
2019-06-07 07:31 - 2019-06-07 07:31 - 000993632 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000987840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000690008 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000485576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000030888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000029352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000019088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2019-06-07 07:31 - 2019-06-07 07:31 - 000019088 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2019-06-07 07:18 - 2019-06-07 07:18 - 001432848 _____ (Microsoft Corporation) C:\Users\Heidi\Downloads\NDP472-KB4054531-Web.exe
2019-06-06 21:08 - 2019-06-06 21:08 - 000019726 _____ C:\Users\Heidi\Downloads\BED4AEC89F2FBC7377724F4FD48DAEF3E650ABCF.torrent
2019-06-06 21:04 - 2019-06-07 09:58 - 4195434896 _____ C:\Users\Heidi\Downloads\Sid.Meiers.Civilization.VI.Deluxe.Edition.v1.0.0.262.Incl.10DLC-ALI213.rar
2019-06-06 21:03 - 2019-06-06 21:03 - 000040745 _____ C:\Users\Heidi\Downloads\80958B9C423E4D223450DEB4CC0DC7838AEE6FAF.torrent
2019-06-06 20:56 - 2019-06-08 10:54 - 000001892 _____ C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2019-06-06 20:56 - 2019-06-06 20:56 - 000003212 _____ C:\windows\System32\Tasks\ITL Driver Updater skipuac
2019-06-06 20:54 - 2019-06-06 20:55 - 018474848 _____ (BitTorrent, Inc.) C:\Users\Heidi\Downloads\btweb_installer.exe
2019-06-06 20:51 - 2019-06-06 20:51 - 000008320 _____ C:\Users\Heidi\Downloads\D0F5B54BA075F318A1DD252C2443A866C657C947 (2).torrent
2019-06-06 20:50 - 2019-06-06 20:50 - 000010333 _____ C:\Users\Heidi\Downloads\D0F5B54BA075F318A1DD252C2443A866C657C947 (1).torrent
2019-06-06 20:48 - 2019-06-06 20:48 - 000010333 _____ C:\Users\Heidi\Downloads\D0F5B54BA075F318A1DD252C2443A866C657C947.torrent
2019-06-03 09:10 - 2019-06-03 11:33 - 000000000 ____D C:\Users\Heidi\Documents\DawnOfMan
2019-06-03 09:10 - 2019-06-03 09:10 - 000000000 ____D C:\Users\Heidi\AppData\LocalLow\Madruga Works
2019-06-03 07:33 - 2019-06-03 07:33 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2019-05-31 07:33 - 2019-05-31 07:33 - 000000000 ____D C:\Users\Heidi\Documents\BotaniculaSaves
2019-05-30 21:02 - 2019-05-30 21:02 - 000000000 ____D C:\Users\Heidi\Documents\Dust
2019-05-30 19:51 - 2019-06-03 08:08 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\StardewValley
2019-05-30 19:33 - 2019-05-30 19:33 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Nitro PDF
2019-05-30 19:21 - 2019-05-30 19:29 - 000000000 ____D C:\Users\Heidi\AppData\Local\Ubisoft Game Launcher
2019-05-30 19:20 - 2019-05-30 19:20 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-05-29 17:55 - 2019-04-14 10:57 - 000000000 ____D C:\Users\Heidi\Downloads\Thrive-0.4.1.1-WINDOWS-64bit
2019-05-29 17:51 - 2019-05-29 17:52 - 293652185 _____ C:\Users\Heidi\Downloads\Thrive-0.4.1.1-WINDOWS-64bit.7z
2019-05-29 17:35 - 2019-05-29 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-05-29 17:35 - 2019-05-29 17:35 - 000000000 ____D C:\Program Files (x86)\7-Zip
2019-05-29 17:34 - 2019-05-29 17:35 - 001185968 _____ (Igor Pavlov) C:\Users\Heidi\Downloads\7z1900.exe
2019-05-29 16:56 - 2019-05-29 16:56 - 071104054 _____ (Revolutionary Games) C:\Users\Heidi\Downloads\Thrive.Launcher.Setup.1.0.3.exe
2019-05-29 16:56 - 2019-05-29 16:56 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrive Launcher.lnk
2019-05-29 16:56 - 2019-05-29 16:56 - 000002171 _____ C:\Users\Public\Desktop\Thrive Launcher.lnk
2019-05-29 16:56 - 2019-05-29 16:56 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Thrive Launcher
2019-05-29 16:56 - 2019-05-29 16:56 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Revolutionary-Games
2019-05-29 16:56 - 2019-05-29 16:56 - 000000000 ____D C:\Users\Heidi\AppData\Local\thrive-launcher-updater
2019-05-29 16:56 - 2019-05-29 16:56 - 000000000 ____D C:\Program Files\Thrive Launcher
2019-05-29 16:20 - 2019-05-29 16:20 - 000000000 ____D C:\Users\Heidi\Documents\My Spore Creations
2019-05-29 16:20 - 2019-05-29 16:20 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Spore
2019-05-29 15:45 - 2019-05-29 15:45 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Nitro
2019-05-29 15:23 - 2019-05-29 15:24 - 000000000 ____D C:\Users\Heidi\AppData\Local\Impero
2019-05-29 14:28 - 2019-05-29 14:28 - 000000000 ____D C:\Users\Heidi\AppData\Local\cm_client
2019-05-29 14:28 - 2019-05-29 14:28 - 000000000 ____D C:\Users\Heidi\AppData\Local\cache
2019-05-29 06:42 - 2019-05-29 06:42 - 000000000 ____D C:\Users\Heidi\AppData\Local\CrashRpt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-18 16:15 - 2019-05-09 22:04 - 000000000 ____D C:\Users\Heidi\AppData\Roaming\Adobe
2019-06-18 16:10 - 2019-05-09 22:10 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1932874389-2565665611-3919172095-1001
2019-06-18 16:05 - 2013-08-22 07:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2019-06-18 16:03 - 2013-08-22 08:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-06-18 16:02 - 2013-08-22 07:25 - 019136512 _____ C:\windows\system32\config\HARDWARE
2019-06-18 15:50 - 2013-08-22 07:25 - 000262144 ___SH C:\windows\system32\config\BBI
2019-06-09 16:53 - 2013-08-22 07:36 - 000000000 ____D C:\windows\Inf
2019-06-09 09:11 - 2019-05-09 22:03 - 000000000 ____D C:\Users\Heidi
2019-06-09 08:04 - 2019-05-09 22:27 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-08 22:07 - 2019-05-11 14:06 - 000000000 ____D C:\Users\Heidi\Documents\My Games
2019-06-08 11:12 - 2019-05-10 22:45 - 000000000 ____D C:\windows\System32\Tasks\McAfee
2019-06-08 11:08 - 2014-04-23 12:56 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-06-08 10:57 - 2014-04-23 12:56 - 000000000 ____D C:\ProgramData\Adobe
2019-06-08 08:20 - 2013-08-22 07:25 - 000000124 _____ C:\windows\win.ini
2019-06-08 08:14 - 2013-08-22 09:36 - 000000000 ___HD C:\windows\ELAMBKUP
2019-06-08 03:26 - 2013-08-22 09:36 - 000000000 ____D C:\windows\rescache
2019-06-07 11:37 - 2019-05-09 22:08 - 000000000 __RDO C:\Users\Heidi\OneDrive.old
2019-06-07 11:13 - 2014-04-23 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-07 11:13 - 2014-04-23 12:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-06-07 11:12 - 2013-08-22 07:36 - 000000000 ____D C:\windows\system32\Sysprep
2019-06-07 09:02 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows NT
2019-06-07 07:56 - 2014-04-23 12:36 - 000000000 ____D C:\ProgramData\Intel
2019-06-07 07:56 - 2014-04-23 12:36 - 000000000 ____D C:\Program Files\Intel
2019-06-07 07:55 - 2014-04-23 12:36 - 000000000 ____D C:\Program Files (x86)\Intel
2019-06-07 07:33 - 2013-08-22 09:20 - 000000000 ____D C:\windows\CbsTemp
2019-05-30 19:20 - 2014-04-23 12:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-29 17:53 - 2019-05-09 22:04 - 000000000 ____D C:\Users\Heidi\AppData\Local\VirtualStore
2019-05-29 15:23 - 2019-05-10 21:19 - 000000000 ____D C:\Users\Heidi\AppData\Local\UnrealEngine
2019-05-22 16:33 - 2019-05-09 22:23 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 16:33 - 2019-05-09 22:23 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ================

2019-06-07 09:45 - 2019-06-07 09:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-06-07 09:45 - 2019-06-07 09:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-06-09 11:25 - 2019-06-09 11:25 - 000000000 _____ () C:\Users\Heidi\AppData\Roaming\FC29FA0894FE.ini
2019-06-07 12:14 - 2019-06-07 19:29 - 000000000 _____ () C:\Users\Heidi\AppData\Roaming\MCVi2UserDetail.ini
2019-06-09 07:17 - 2019-06-07 04:34 - 000009728 _____ () C:\Users\Heidi\AppData\Local\Saber.exe
2019-06-07 08:57 - 2019-06-07 08:59 - 000722944 _____ () C:\Users\Heidi\AppData\Local\sha.db
2019-06-07 09:40 - 2019-06-07 09:40 - 000729794 _____ () C:\Users\Heidi\AppData\Local\Tm.bmp

==================== FLock ================

2019-06-07 09:44 C:\windows\system32\pwblzeo
2019-06-18 16:03 C:\windows\system32\config\SYSTEM
2019-06-18 16:02 C:\windows\system32\Drivers\usbgjmpt.sys
2019-06-07 11:01 C:\Users\Heidi\AppData\Local\exhpwca
2019-06-07 09:41 C:\Users\Heidi\AppData\Local\nihmkvu
2019-06-18 15:53 C:\Users\Heidi\AppData\Local\zabpiws

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-06 19:05
==================== End of FRST.txt ==================

I do not have access to a windows install disk or boot cd.
The only browser I use is Chrome.
Attached Files
File Type: txt Addition.txt (41.4 KB, 2 views)
Th3M4iLM4n is offline  
Old 06-18-2019, 10:50 PM   #3
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 465
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Looking over your logs, back soon.
__________________
Gary R is offline  
Sponsored Links
Advertisement
 
Old 06-18-2019, 11:04 PM   #4
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 465
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Virus/Trojan/Spyware Help" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.
Hi Heidi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Looks like your computer may be infected with one of the Zero Access variants ...

Quote:
S1 aoczp; \??\C:\Users\Heidi\AppData\Local\Temp\aubznlck.sys [X] <==== ATTENTION
R3 ehknru; system32\drivers\knruxa.sys [X]
S4 nmgcle; System32\drivers\weksbilh.sys [X]
S3 vvyyyc; system32\drivers\ppsssv.sys [X]
To remove it we're going to have to boot into Recovery Environment, and you're going to need to have a blank USB drive available to use. You're also going to need to have access to another uninfected machine to download files, because your infection will corrupt any files that you download on your infected machine.
  • Using a separate uninfected machine Download FRST64 to a USB flash drive.

    Do not copy across the version you already have on your computer, because it is infected and will not do what we want.
  • Shut down your computer.
  • Plug the USB drive into the infected machine. (do not plug in the drive before you have shut down your computer or the infection will corrupt it)

Boot your computer into Recovery Environment
  • Please follow the instructions ... HERE ... that explain how to open a Command window in Recovery Environment.
  • Once the Command window is open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
__________________
Gary R is offline  
Old 06-20-2019, 11:01 PM   #5
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 465
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Do you still need assistance with your problem ?
__________________
Gary R is offline  
Old 06-21-2019, 11:08 PM   #6
Registered Member
 
Join Date: Jun 2019
Posts: 3
OS:



i has progressed to the point that when the log in screen is supposed to come up, all i get is a colored background with the power button in the bottom left corner and another button in the bottom right. the only option it really gives me is to restart or shut down the computer. I tried shutting it down 3 times before windows starts to use the restart or restore options. The only restore point available is 3 sec before I started it up. Resetting option tells me it requires windows media to reset. I seem to be short of options.
Th3M4iLM4n is offline  
Old 06-22-2019, 12:16 AM   #7
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 465
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, your infection is blocking you from booting into Recovery Mode, so you're going to have to boot from your installation media, or from a Recovery USB.

If you don't have those, then you can create a Recovery USB using a clean computer (you cannot create it using your infected machine because it will corrupt it).

To create one in W8.1 (you can create one in W10 as well)

Plug in a USB drive (must be at least 32 GB in size) Please note that the process will delete any existing data on the drive.
Open a Search, and type Recovery
Click on Create a Recovery Drive in the search results
A Recovery Drive Window will open ... click Next
Click Next again
Click Create, and wait for the process to complete

Let me know when you have been able to do that, or of any problems if you have them.
__________________
Gary R is offline  
Old 06-25-2019, 08:29 AM   #8
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 465
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Do you still require help ?

If I do not hear back from you within 24 hours, I will presume not, and will request for this topic to be closed.
__________________
Gary R is offline  
Old 06-27-2019, 08:42 AM   #9
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 138
OS: win 10 Pro 1903



Due to lack of response, this topic will now be closed. If you need support, please begin a new thread, and provide a link to this topic. Have a nice evening...!
__________________
Hristo Tonev (Ico)
Kaldata HJT TEAM - Team Analyst Tech Support Forum -Security Colleague BleepingComputer - Security Colleague SpywareInfo Forum - Trusted Advisors Malwarebytes Forum
icotonev is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts