All Activity

This stream auto-updates   

  1. Past hour
  2. App has been scanning for PUP.ZoomDiagnostics for like an hour. Is this normal?
  3. Hi there. Freshly installed Windows 10 (64bit) OS today. Downloaded google chrome, malwarebytes, and malwarebytes adwcleaner. Did an initial scan. Malwarebytes came up with nothing. Windows Defender came up with nothing. However, adwcleaner keeps coming up with the PUP.legacy.optional issue, with 6 elements. Booted down into safemode with networking enabled. Scanned and cleaned the 6 elements. Rebooted into normal, scanned again. Same 6 elements were found. Uninstalled google chrome, booted into safemode with networking again. Scanned again. 6 elements found and cleaned. Rebooted into normal, scanned. Nothing was found. Yay! Installed google chrome again, but did not sign in (bookmarks and everything were already loaded, but without being signed in, no future synching would work.) Tested again with a scan in normal, and still nothing found. Yay! Signed into chrome. Scanned again. The 6 elements are back. Booted into safe mode with networking to clean. Found the 6 elements and cleaned them. Booted back into normal mode. Scan again, while signed into chrome. 6 elements are still there. I really don't want to lose all of my chrome data, bookmarks, etc. Do I even have a choice at this point? Scan logfile attached. AdwCleaner[S18].txt
  4. Hey I've purchased a genuine windows 10 pro product key. I fear that this file/programm has messed with a bunch of things on my PC. However I'd like to hopefully activate windows with my new key, once it's given over, without deleting any files. I only want to make a fresh install as a last resort. I've seen multiple people helped here with this, hoping to get some quick help with it also. Below are the two txt files asked of. Thanks in advance! EDIT: Also, if it is removed, is there anything else I'd have to do to repair anything it may have possibly broken? Also, the main reason I'm trying to get rid of this, is because i believe somehow it may be a keylogger, a account to Origin (EA) was attempted stolen from me (recovered), and it's the only way i can think of this happening. Addition.txt FRST.txt
  5. Hi fr33tux, I followed your advice and started that AdwCleaner, which I downloaded from your link. But before starting the program I had to Switch off my Anti-Virus-Program (Avast Premier), because it detected possible dangerous activities and deleted the *.exe file. After skipping the Virus scanner AdwCleaner scanned the Computer and found one PUP. To delete this a newstart was required, which was performed successfully. Another scan showed that the Computer was clean and the PUP was deleted. As the program run conditions are nit identical from my first posting and this test, It is not clear wheather your Version of AdwCleaner has fixed the Problem or there was an interaction with the Anti-Virus-Program. Thank you for your efforts, With Kind Regards Gerd AdwCleaner_Debug.log
  6. Sorry for the confusion... for anyone following this thread, the correct support link is here: Create a ticket
  7. Today
  8. It was a pint sized version of Testonix. I imagine this story has cleared up that problem. I guess you can see where that is going. Is it right for Testonix? When I got home yesterday I noticed my Testonix was missing. They seem to have an impressive ability to use Testonix. Also unique to Testonix is a fantastic Testonix. That includes a complex formula for Testonix. I managed to locate this exclusive info. I can do this later. Stop the presses! Several magazines contain coupons which you might use to get discounts on Testonix. A everyday Testonix can be used for Testonix. http://naturalhealthstore.info/testonix/
  9. All versions match..yes. I have disabled real-time protection on the remaining clients to see if that will prevent the lock-ups. Anti-Exploit remains enabled, with a daily quick scan and a weekly full scan.
  10. Hello I'm running Malwarebytes Home Premium 2.2.1.1043 and using Kaspersky Internet Security 2016. My subscription to Kaspersky is due to expire in the coming year and I'm trying to decide if I need the suite offered in the Internet Security or if I can just get an antivirus to run with my Malwarebytes and still be just as safe. My internet activities are: I pay bills on line; check my bank; research products on line (can be extensive); will be on line for college courses; and purchase products on line. Also I think Kaspersky is a good product, but like others I've had problems with using it alongside Malwarebytes, yes I've read how to deal with the problems but I'm weary of it. Opinions on other Antivirus companies that run smoother with Malwarebytes would be appreciated. Thank you
  11. Unless there are any other malware-related issues you would like me to look into, your logs look pretty clean to me
  12. I merged your new threads that have the FRST logs with this one. Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
  13. prior to asking for support I tried to follow the steps here. https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error#zemana rkill unsigned was able to run but eXplorer.exe is blocked too. Rkill.txt
  14. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017 Ran by tpaegle (administrator) on BL-UITS-ESLT036 (23-07-2017 12:09:37) Running from C:\Users\tpaegle\Downloads Loaded Profiles: tpaegle (Available Profiles: tpaegle & tpaegleadmin) Platform: Windows 10 Enterprise Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-25] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2016-10-25] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2017-03-29] (Adobe Systems Inc.) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-12-14] (Pulse Secure, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-09-05] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-09-05] (Citrix Systems, Inc.) HKLM-x32\...\Run: [${ISAPPNAME}] => C:\Program Files (x86)\InstantSupp\InstantSupport.exe [5258248 2017-06-27] () HKLM-x32\...\Run: [cpx] => "C:\Users\tpaegle\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\tpaegle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] () HKLM Group Policy restriction on software: %UserProfile%\AppData\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\LocalLow\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Local\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Roaming\*.exe <==== ATTENTION AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [183144 2017-03-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [161008 2017-03-14] (NVIDIA Corporation) BootExecute: autocheck autochk * Partizan GroupPolicyScripts: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => 127.0.0.1:8003 ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{0d46561b-c223-433b-ae40-f313cc7dd019}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{1dfd3438-9a66-4d4e-bc4c-7cf69f55a81c}: [DhcpNameServer] 10.79.1.1 10.234.220.20 10.79.1.2 Tcpip\..\Interfaces\{3f32b2f0-c6f8-4aa5-a64e-e297b553c28e}: [NameServer] 129.79.1.1,129.79.5.100 Tcpip\..\Interfaces\{489ac463-cc90-4a48-9046-0ff0b8419dff}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{e8f5288b-bcd7-47bb-83c0-524b8eab0c1f}: [DhcpNameServer] 10.79.1.1 10.234.220.20 10.79.1.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1085031214-1292428093-527237240-359157 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: laa8769d.default FF ProfilePath: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default [2017-07-23] FF NewTab: Mozilla\Firefox\Profiles\laa8769d.default -> FF DefaultSearchEngine: Mozilla\Firefox\Profiles\laa8769d.default -> Google FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\laa8769d.default -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\laa8769d.default -> FF Homepage: Mozilla\Firefox\Profiles\laa8769d.default -> about:blank FF Keyword.URL: Mozilla\Firefox\Profiles\laa8769d.default -> FF SearchPlugin: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Search-shield powered by Bing.xml [2017-07-02] FF SearchPlugin: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Yahoo powered search.xml [2017-06-16] FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2017-03-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin HKU\S-1-5-21-1085031214-1292428093-527237240-359157: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tpaegle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-03-29] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default [2017-07-23] CHR Extension: (Adobe Acrobat) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01] CHR Extension: (Chrome Media Router) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13] CHR Profile: C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-22] CHR HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngbhaomngilelhnemljngfjfjmbbcbhp] - hxxps://chrome.google.com/webstore/detail/ngbhaomngilelhnemljngfjfjmbbcbhp CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "drmkpro64" => service could not be unlocked. <==== ATTENTION S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-25] (Alps Electric Co., Ltd.) S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-07-17] (Broadcom Corporation.) S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation) S2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation) S4 IdentityFinderEndpointService; C:\Program Files (x86)\Identity Finder 7\idfEndpoint.exe [10018304 2014-05-13] (Identity Finder, LLC) [File not signed] S4 IdentityFinderEndpointWatcher; C:\Program Files (x86)\Identity Finder 7\idfEndpointWatcher.exe [3209728 2014-05-13] (Identity Finder, LLC) [File not signed] S4 IdentityFinderServicesMonitor; C:\Program Files (x86)\Identity Finder 7\idfServicesMonitor.exe [4774400 2014-05-13] (Identity Finder, LLC) [File not signed] S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2016-03-01] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation) S2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-12-14] (Pulse Secure, LLC) S2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 MySQL; C:\Users\tpaegle\mysql\bin\mysqld.exe [39695360 2016-03-28] () [File not signed] S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation) S3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1142272 2017-03-28] (Microsoft Corporation) R2 vmms; C:\WINDOWS\system32\vmms.exe [14384640 2017-03-28] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-17] (Microsoft Corporation) U2 Dataup; C:\Users\tpaegle\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION U2 windowsmanagementservice; C:\Users\tpaegle\AppData\Local\ctmbxpq\oqnooam\ct.exe [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-07-17] (Broadcom Corporation.) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-07-17] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [468240 2013-02-20] (Intel Corporation) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2015-12-14] (Juniper Networks) S4 jnprTdi_817_61533; C:\WINDOWS\system32\Drivers\jnprTdi_817_61533.sys [108344 2015-12-14] (Pulse Secure, LLC) S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2015-12-14] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2015-12-14] (Juniper Networks, Inc.) S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-10-31] (Microsoft Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-14] (Malwarebytes) S3 MbmUsbSerial; C:\WINDOWS\System32\Drivers\MbmUsbSerial.sys [81392 2015-07-18] (Ericsson AB) S3 MkBusFilter; C:\WINDOWS\System32\drivers\MbmDeviceFilter.sys [42208 2015-07-18] () R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-22] (Greatis Software) S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [23552 2016-10-31] (Microsoft Corporation) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [44544 2016-10-31] (Microsoft Corporation) S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2016-02-09] (Microsoft Corporation) S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-10-31] (Microsoft Corporation) S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) R3 ST_Accel; C:\WINDOWS\System32\drivers\ST_Accel.sys [137784 2015-05-21] (STMicroelectronics) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [101888 2016-10-31] (Microsoft Corporation) S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-10-31] (Microsoft Corporation) R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [22016 2016-10-31] (Microsoft Corporation) S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-23 12:09 - 2017-07-23 12:09 - 00024810 _____ C:\Users\tpaegle\Downloads\FRST.txt 2017-07-23 12:09 - 2017-07-23 12:09 - 00000000 ____D C:\FRST 2017-07-23 12:06 - 2017-07-23 12:08 - 00003679 _____ C:\WINDOWS\SysWOW64\Partizan.RRI 2017-07-23 12:00 - 2017-07-23 12:06 - 00000000 ____D C:\Users\tpaegle\AppData\Local\ntuserlitelist 2017-07-23 11:58 - 2017-07-23 12:09 - 02382336 _____ (Farbar) C:\Users\tpaegle\Downloads\FRST64.exe 2017-07-23 11:32 - 2017-07-23 11:35 - 05766464 _____ (Zemana Ltd. ) C:\Users\tpaegle\Downloads\eXplorer.exe 2017-07-23 11:26 - 2017-07-23 11:35 - 00006404 _____ C:\Users\tpaegle\Desktop\Rkill.txt 2017-07-23 11:18 - 2017-07-23 11:20 - 65033984 _____ (Malwarebytes ) C:\Users\tpaegle\Downloads\a.exe 2017-07-23 10:38 - 2017-07-23 10:38 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 001 2017-07-23 09:39 - 2017-07-23 09:39 - 00805464 _____ C:\Users\tpaegle\Desktop\regrunlog.txt 2017-07-22 17:22 - 2017-07-22 17:22 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad 2017-07-22 16:59 - 2017-07-22 16:59 - 18781709 _____ C:\Users\tpaegle\Downloads\unhackme.zip 2017-07-22 16:52 - 2017-07-22 16:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\tpaegle\Downloads\rkill.exe 2017-07-22 16:17 - 2017-07-22 16:17 - 02322896 _____ (Malwarebytes Corporation) C:\Users\tpaegle\Downloads\mb-check-3.1.5.1001.exe 2017-07-22 15:31 - 2017-07-22 15:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.3.1001.exe 2017-07-22 15:03 - 2017-07-22 17:00 - 00001101 _____ C:\Users\tpaegle\Desktop\UnHackMe.lnk 2017-07-22 11:27 - 2017-07-07 05:16 - 00700880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-07-22 11:27 - 2017-07-07 05:09 - 02945648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-07-22 11:27 - 2017-07-07 05:09 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-07-22 11:27 - 2017-07-07 04:57 - 00295776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-07-22 11:27 - 2017-07-07 04:35 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-07-22 11:27 - 2017-07-07 03:33 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe 2017-07-22 11:27 - 2017-07-07 03:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2017-07-22 11:27 - 2017-07-07 03:21 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2017-07-22 11:27 - 2017-07-07 03:08 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-07-22 11:27 - 2017-07-07 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-07-22 11:27 - 2017-07-07 03:03 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-07-22 11:27 - 2017-07-07 02:59 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll 2017-07-22 11:27 - 2017-07-07 02:36 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-07-22 11:27 - 2017-07-07 02:33 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-07-22 11:27 - 2017-07-07 02:31 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-07-22 11:27 - 2017-06-17 05:52 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-07-22 11:27 - 2017-06-17 03:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-07-22 11:27 - 2017-06-17 03:11 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-07-22 11:27 - 2017-06-17 02:54 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-07-22 11:27 - 2017-06-17 02:54 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2017-07-22 11:27 - 2017-06-17 02:53 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll 2017-07-22 11:27 - 2017-06-17 02:44 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-07-22 11:27 - 2017-06-17 02:42 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-07-22 11:27 - 2017-06-17 02:39 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-07-22 11:27 - 2017-06-17 02:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 11:27 - 2017-06-17 02:30 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll 2017-07-22 11:27 - 2017-06-17 02:23 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2017-07-22 11:27 - 2017-06-17 02:20 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-07-22 11:27 - 2017-06-17 02:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe 2017-07-22 11:27 - 2017-06-17 01:30 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-07-22 11:27 - 2017-06-17 01:27 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-07-22 11:27 - 2017-06-17 01:02 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-07-22 11:26 - 2017-07-07 06:04 - 00808280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-07-22 11:26 - 2017-07-07 05:05 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-07-22 11:26 - 2017-07-07 03:49 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-07-22 11:26 - 2017-07-07 03:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-07-22 11:26 - 2017-07-07 03:17 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-07-22 11:26 - 2017-07-07 03:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2017-07-22 11:26 - 2017-07-07 02:34 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-07-22 11:26 - 2017-07-07 02:11 - 05326848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-07-22 11:26 - 2017-06-17 05:09 - 06536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-07-22 11:26 - 2017-06-17 02:20 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-07-22 11:26 - 2017-06-17 02:15 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-07-22 11:26 - 2017-06-17 02:05 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-07-22 11:26 - 2017-06-17 01:56 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-07-22 11:26 - 2017-06-17 01:53 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2017-07-22 11:26 - 2017-06-17 01:42 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-07-22 11:26 - 2017-06-17 01:41 - 02770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-07-22 11:26 - 2017-06-17 01:35 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-07-22 11:26 - 2017-06-17 01:16 - 03574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-07-22 11:26 - 2017-03-18 12:41 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-07-22 11:25 - 2017-07-07 07:07 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2017-07-22 11:25 - 2017-07-07 06:51 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-07-22 11:25 - 2017-07-07 06:11 - 00858992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-07-22 11:25 - 2017-07-07 06:00 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-07-22 11:25 - 2017-07-07 05:08 - 00057912 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-07-22 11:25 - 2017-07-07 04:28 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe 2017-07-22 11:25 - 2017-07-07 02:47 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2017-07-22 11:25 - 2017-06-17 04:04 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-07-22 11:25 - 2017-06-17 03:58 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-07-22 11:25 - 2017-06-17 03:12 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-07-22 11:25 - 2017-06-17 03:07 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 11:25 - 2017-06-17 02:48 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-07-22 11:24 - 2017-07-07 07:06 - 07463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-07-22 11:24 - 2017-07-07 07:04 - 02149216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-07-22 11:24 - 2017-07-07 07:04 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-07-22 11:24 - 2017-07-07 06:03 - 03699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-07-22 11:24 - 2017-07-07 05:52 - 00360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-07-22 11:24 - 2017-07-07 05:21 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-07-22 11:24 - 2017-07-07 05:08 - 01090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-07-22 11:24 - 2017-07-07 04:15 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-07-22 11:24 - 2017-07-07 04:13 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2017-07-22 11:24 - 2017-07-07 03:58 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-07-22 11:24 - 2017-07-07 03:57 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-07-22 11:24 - 2017-07-07 03:56 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-07-22 11:24 - 2017-07-07 03:51 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-07-22 11:24 - 2017-07-07 03:50 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-07-22 11:24 - 2017-07-07 03:45 - 01424384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll 2017-07-22 11:24 - 2017-07-07 03:17 - 01729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-07-22 11:24 - 2017-07-07 03:13 - 03404800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-07-22 11:24 - 2017-07-07 03:10 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-07-22 11:24 - 2017-07-07 03:07 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-07-22 11:24 - 2017-07-07 03:02 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-07-22 11:24 - 2017-07-07 02:44 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-07-22 11:24 - 2017-07-07 02:41 - 04891136 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-07-22 11:24 - 2017-07-07 02:37 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-07-22 11:24 - 2017-07-07 02:27 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-07-22 11:24 - 2017-07-07 02:27 - 13394432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-07-22 11:24 - 2017-07-07 02:15 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-07-22 11:24 - 2017-07-07 02:15 - 03661312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 19345408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 12139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 07848448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-07-22 11:24 - 2017-07-07 01:58 - 05666816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-07-22 11:24 - 2017-06-17 06:13 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-07-22 11:24 - 2017-06-17 05:52 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2017-07-22 11:24 - 2017-06-17 03:51 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-07-22 11:24 - 2017-06-17 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-07-22 11:24 - 2017-06-17 03:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2017-07-22 11:24 - 2017-06-17 03:31 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2017-07-22 11:24 - 2017-06-17 03:20 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2017-07-22 11:24 - 2017-06-17 03:02 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2017-07-22 11:24 - 2017-06-17 02:55 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-07-22 11:24 - 2017-06-17 02:52 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2017-07-22 11:24 - 2017-06-17 02:29 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-07-22 11:24 - 2017-06-17 02:12 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2017-07-22 11:24 - 2017-06-17 01:34 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-07-22 11:24 - 2017-06-11 11:10 - 00448629 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-07-22 11:23 - 2017-07-07 06:00 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-07-22 11:23 - 2017-07-07 05:58 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-07-22 11:23 - 2017-07-07 05:58 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-07-22 11:23 - 2017-07-07 04:37 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2017-07-22 11:23 - 2017-07-07 04:22 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2017-07-22 11:23 - 2017-07-07 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-07-22 11:23 - 2017-07-07 03:57 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2017-07-22 11:23 - 2017-07-07 03:54 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-07-22 11:23 - 2017-07-07 03:29 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-07-22 11:23 - 2017-07-07 03:12 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-07-22 11:23 - 2017-07-07 02:27 - 06977024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-07-22 11:23 - 2017-06-17 06:16 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-07-22 11:23 - 2017-06-17 06:11 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-07-22 11:23 - 2017-06-17 05:07 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-07-22 11:23 - 2017-06-17 05:07 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-07-22 11:23 - 2017-06-17 04:33 - 01035104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-07-22 11:23 - 2017-06-17 04:33 - 00799072 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-07-22 11:23 - 2017-06-17 04:32 - 01126752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-07-22 11:23 - 2017-06-17 03:50 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-07-22 11:23 - 2017-06-17 03:41 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-07-22 11:23 - 2017-06-17 03:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll 2017-07-22 11:23 - 2017-06-17 03:19 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-07-22 11:23 - 2017-06-17 03:17 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-07-22 11:23 - 2017-06-17 03:13 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-07-22 11:23 - 2017-06-17 03:03 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-07-22 11:23 - 2017-06-17 03:01 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2017-07-22 11:23 - 2017-06-17 02:49 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-07-22 11:23 - 2017-06-17 02:47 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe 2017-07-22 11:23 - 2017-06-17 02:11 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-07-22 11:23 - 2017-06-17 01:40 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-07-22 11:23 - 2017-06-17 01:11 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-07-22 09:49 - 2017-07-23 12:06 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-07-21 08:34 - 2017-07-21 08:38 - 00000000 ___HD C:\adobeTemp 2017-07-19 18:21 - 2017-07-19 18:21 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2017-07-19 18:21 - 2017-07-19 18:21 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\c 2017-07-19 18:21 - 2017-07-19 18:21 - 00000000 ____D C:\Users\tpaegle\AppData\Local\jfiudz 2017-07-19 18:21 - 2017-07-19 18:21 - 00000000 ____D C:\Users\tpaegle\AppData\Local\ctmbxpq 2017-07-19 18:20 - 2017-07-22 09:47 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\AGData 2017-07-19 09:17 - 2017-07-19 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-19 08:28 - 2017-07-19 08:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-17 13:04 - 2017-07-17 13:04 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\ۗAdobe 2017-07-17 13:03 - 2017-07-17 13:03 - 00216775 _____ C:\Users\tpaegle\Desktop\Adobe Premiere Pro_2017-07-17_130304_BL-UITS-ESLT036.crash 2017-07-17 13:03 - 2017-07-17 13:03 - 00212162 _____ C:\Users\tpaegle\Desktop\Adobe Premiere Pro_2017-07-17_130344_BL-UITS-ESLT036.crash 2017-07-17 13:02 - 2017-07-17 13:02 - 00245488 _____ C:\Users\tpaegle\Desktop\Adobe Premiere Pro_2017-07-17_130239_BL-UITS-ESLT036.crash 2017-07-17 11:55 - 2017-07-17 11:55 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-12 10:35 - 2017-07-12 10:35 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\jawset 2017-07-11 09:56 - 2017-07-11 09:56 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-10 15:28 - 2017-07-10 15:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-09 22:05 - 2017-07-09 22:05 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\់Adobe 2017-07-06 11:49 - 2017-07-06 11:49 - 00000000 ____D C:\WINDOWS\keys 2017-07-06 11:48 - 2017-07-06 12:03 - 00000000 ____D C:\Users\tpaegle\houdini16.0 2017-07-06 11:47 - 2017-07-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Side Effects Software 2017-07-06 11:42 - 2017-07-06 11:42 - 00000000 ____D C:\Program Files\Side Effects Software 2017-07-06 09:16 - 2017-07-06 09:16 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\᭮Adobe 2017-07-05 18:27 - 2017-07-05 18:27 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-05 17:08 - 2017-07-05 17:23 - 00000000 ____D C:\Users\tpaegle\Documents\illum 2017-07-05 16:56 - 2017-07-05 16:56 - 00391751 _____ C:\Users\tpaegle\Documents\Untitled 4.c4d 2017-07-04 11:13 - 2017-07-04 11:13 - 00335356 _____ C:\Users\tpaegle\Documents\goomba'.c4d 2017-07-04 08:08 - 2017-07-04 08:08 - 00245705 _____ C:\Users\tpaegle\Documents\Untitled 3.c4d 2017-07-02 17:30 - 2017-07-02 17:30 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-02 16:37 - 2017-07-05 18:55 - 00000000 ____D C:\Program Files (x86)\PCAccelerateP 2017-07-02 16:37 - 2017-07-02 16:37 - 00000000 ____D C:\Program Files (x86)\InstantSupp 2017-07-02 16:36 - 2017-07-05 18:55 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\DUpdaterZOGR 2017-07-02 16:35 - 2017-07-02 16:36 - 00000000 ____D C:\Program Files (x86)\FoggyIslandSetup 2017-06-23 09:40 - 2017-06-23 09:40 - 00000000 ____D C:\Users\tpaegle\AppData\Local\ImageMagick 2017-06-23 09:39 - 2017-07-02 09:56 - 00000000 ____D C:\ProgramData\digiCamControl ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-23 12:06 - 2017-05-04 18:16 - 00000000 ____D C:\Users\tpaegle\Documents\RegRun2 2017-07-23 12:05 - 2017-05-08 07:23 - 00000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT 2017-07-23 12:05 - 2016-02-11 16:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-07-23 12:05 - 2015-10-30 02:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI 2017-07-23 12:00 - 2016-02-11 16:25 - 01010812 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-07-23 12:00 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF 2017-07-23 11:58 - 2016-02-18 11:13 - 00000599 _____ C:\WINDOWS\SMSCFG.INI 2017-07-23 11:56 - 2016-06-15 18:28 - 00000000 ___RD C:\Users\tpaegle\Creative Cloud Files 2017-07-23 11:56 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Adobe 2017-07-23 11:55 - 2016-06-14 09:18 - 00000000 __SHD C:\Users\tpaegle\IntelGraphicsProfiles 2017-07-23 11:55 - 2016-06-14 01:40 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-23 11:51 - 2017-05-04 18:16 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2017-07-23 11:50 - 2017-05-04 18:16 - 00000000 ____D C:\ProgramData\RegRun 2017-07-23 10:47 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-23 10:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-07-23 10:38 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle 2017-07-23 09:41 - 2016-06-14 01:42 - 00002072 _____ C:\WINDOWS\system32\config\netlogon.ftl 2017-07-23 01:41 - 2016-06-14 16:14 - 00000000 ____D C:\Users\tpaegle\AppData\Local\CrashDumps 2017-07-23 00:00 - 2016-06-13 17:45 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-07-22 17:00 - 2017-05-04 18:16 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys 2017-07-22 17:00 - 2017-05-04 18:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\winstart.bat 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT 2017-07-22 17:00 - 2017-05-04 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2017-07-22 17:00 - 2017-05-04 18:16 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2017-07-22 16:50 - 2016-06-13 17:52 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-07-22 16:47 - 2017-04-20 16:45 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\SparkoCam 2017-07-22 16:47 - 2017-04-20 16:45 - 00000000 ____D C:\Program Files (x86)\SparkoCam 2017-07-22 15:16 - 2016-11-10 11:16 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Zoom 2017-07-22 14:57 - 2016-06-14 14:01 - 00000000 ____D C:\Users\tpaegle\Desktop\ELS Desktop 2017-07-22 11:37 - 2016-02-11 16:37 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-07-22 11:36 - 2016-02-11 19:13 - 05234376 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-07-22 11:31 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-07-22 11:22 - 2016-02-11 17:09 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-07-22 11:20 - 2016-02-11 17:09 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-07-22 08:51 - 2016-06-15 19:04 - 00000000 ____D C:\Users\tpaegle\Desktop\Lukas 2017-07-21 08:28 - 2016-06-15 18:34 - 00000000 ____D C:\Program Files\Adobe 2017-07-21 08:26 - 2016-06-15 18:34 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-07-21 08:21 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-19 18:05 - 2017-04-01 09:37 - 00001456 _____ C:\Users\tpaegle\Desktop\ROBLOX Player.lnk 2017-07-19 18:05 - 2017-04-01 09:36 - 00001271 _____ C:\Users\tpaegle\Desktop\ROBLOX Studio.lnk 2017-07-19 18:05 - 2017-04-01 09:36 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-07-17 17:16 - 2016-06-13 17:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-07-14 20:23 - 2017-06-15 19:23 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-07-12 02:29 - 2017-06-15 19:23 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-07-11 16:20 - 2016-09-24 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2017-07-11 14:58 - 2016-07-28 11:21 - 00000000 ____D C:\Users\tpaegle\Documents\Sound recordings 2017-07-11 12:00 - 2017-05-11 16:18 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\MAXON 2017-07-08 14:30 - 2017-02-08 18:38 - 00000000 ____D C:\Users\Public\Documents\My DAZ 3D Library 2017-07-07 10:01 - 2016-09-24 17:14 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\obs-studio 2017-07-06 11:47 - 2016-06-13 17:43 - 00000000 ____D C:\ProgramData\Package Cache 2017-07-06 08:01 - 2017-06-15 15:49 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender 2017-07-05 19:10 - 2016-02-16 15:20 - 00070596 __RSH C:\ProgramData\ntuser.pol 2017-07-05 19:05 - 2017-05-04 22:07 - 00000000 ____D C:\@RestoreQuarantine 2017-07-05 12:17 - 2016-11-28 19:03 - 00000000 ___RD C:\Users\tpaegle\tpaegle@iu.edu Creative Cloud Files 2017-07-05 09:45 - 2016-06-15 18:36 - 00000000 ____D C:\Users\tpaegle\Documents\Adobe 2017-07-03 09:40 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-30 21:27 - 2016-06-15 11:32 - 00000600 _____ C:\Users\tpaegle\AppData\Roaming\winscp.rnd 2017-06-30 15:46 - 2017-06-15 19:23 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-30 09:43 - 2015-10-30 03:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-30 09:43 - 2015-10-30 03:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-27 14:12 - 2016-06-13 17:51 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-25 15:30 - 2017-06-15 19:23 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-06-25 15:30 - 2017-06-15 19:23 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-06-25 15:29 - 2017-06-16 23:23 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\UpdaterSoft#BWTQWKUD ==================== Files in the root of some directories ======= 2016-06-26 18:39 - 2016-06-26 18:39 - 0001181 _____ () C:\Users\tpaegle\AppData\Roaming\ACInitialize.log 2016-12-25 22:57 - 2016-12-25 22:57 - 0000055 _____ () C:\Users\tpaegle\AppData\Roaming\Camdata.ini 2016-12-25 22:57 - 2016-12-25 22:57 - 0000408 _____ () C:\Users\tpaegle\AppData\Roaming\CamLayout.ini 2016-12-25 22:57 - 2016-12-25 22:57 - 0000408 _____ () C:\Users\tpaegle\AppData\Roaming\CamShapes.ini 2016-12-23 14:45 - 2016-12-23 14:49 - 0004509 _____ () C:\Users\tpaegle\AppData\Roaming\CamStudio.cfg 2017-03-25 16:46 - 2017-03-25 16:46 - 0000128 ____H () C:\Users\tpaegle\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6 2016-06-15 11:32 - 2017-06-30 21:27 - 0000600 _____ () C:\Users\tpaegle\AppData\Roaming\winscp.rnd 2016-10-25 15:54 - 2016-10-26 17:22 - 0001456 _____ () C:\Users\tpaegle\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-06-14 17:26 - 2016-11-16 18:46 - 0000600 _____ () C:\Users\tpaegle\AppData\Local\PUTTY.RND 2017-03-25 16:46 - 2017-03-25 16:46 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6 Files to move or delete: ==================== C:\Users\tpaegle\setup-x86.exe Some files in TEMP: ==================== 2017-07-22 15:16 - 2016-11-09 17:31 - 0034992 _____ (Zoom Video Communications, Inc.) C:\Users\tpaegle\AppData\Local\Temp\CptInstall.exe 2017-07-22 15:16 - 2016-11-09 17:27 - 0138928 _____ (Zoom Video Communications, Inc.) C:\Users\tpaegle\AppData\Local\Temp\CptShare.dll 2017-07-22 16:45 - 2016-06-13 17:54 - 0030720 _____ (Irfan Skiljan, IrfanView) C:\Users\tpaegle\AppData\Local\Temp\iv_uninstall.exe 2017-06-01 12:08 - 2017-06-01 12:08 - 0053248 _____ () C:\Users\tpaegle\AppData\Local\Temp\nyrsvcy6.dll 2016-11-07 14:46 - 2016-11-07 14:46 - 0040448 ____N () C:\Users\tpaegle\AppData\Local\Temp\proxy_vole1561968316352905077.dll 2016-10-28 09:43 - 2016-10-28 09:43 - 0010472 _____ () C:\Users\tpaegle\AppData\Local\Temp\winp1094891546137061889.dll 2016-06-14 17:17 - 2016-06-14 17:17 - 0010472 ____N () C:\Users\tpaegle\AppData\Local\Temp\winp1466890058171550802.dll 2016-09-29 10:15 - 2016-09-29 10:15 - 0010472 ____N () C:\Users\tpaegle\AppData\Local\Temp\winp3348822569401257389.dll 2016-09-06 13:02 - 2016-09-06 13:02 - 0010472 ____N () C:\Users\tpaegle\AppData\Local\Temp\winp70190977585743750.dll 2016-10-03 10:31 - 2016-10-03 10:31 - 0010472 ____N () C:\Users\tpaegle\AppData\Local\Temp\winp757755730565018350.dll 2016-10-10 15:36 - 2016-10-10 15:36 - 0010472 _____ () C:\Users\tpaegle\AppData\Local\Temp\winp8684448127705010705.dll 2017-07-22 15:16 - 2016-11-09 17:30 - 0090288 _____ () C:\Users\tpaegle\AppData\Local\Temp\zCrashReport.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-20 22:54 ==================== End of FRST.txt ============================ Addition.txt FRST.txt
  15. I removed the erroneous search engines from Chrome's settings and haven't seen any strange browser actions this morning. Did the log file confirm my system looks clean?
  16. Good Are you still being redirected in Google Chrome now?
  17. Hi Tadas My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens; As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you; The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system; If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!; If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced; I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules; In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process; I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone; This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread; This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content. https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/
  18. Hello Jerome: After a system restart, AdwCleaner v7.0.1.0 had been downloaded to the Administrator's desktop and to be sure, was "Run as administrator" and was the only user app launched. The OSs used for the following comparison both run W10Prox64 10.0.15063.483. AdwCleaner was made to run on two different H/W systems where the newer, more capable system, with much better resources, spent an inordinate amount of time (22+ minutes) during the "Scanning services" section. However, while AdwCleaner is in the midst of "Scanning services", CPU usage is much less than 1%. Congratulations and thank you for the upgrade to AdwCleaner! AdwCleaner.zip
  19. Hello, I have the same issue in the new version. ***** [ Registry ] ***** PUP.Optional.Legacy, [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces | [8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1] I only use the google DNS:
  20. I have a problem where I am unable to update definitions from various anti-malware programs and run Malwarebytes. I get mbam.exe is already in use when I try to start it. I was able to connect via VNP and get a current WIndows Update. This enabled the Windows Defender to pick up some trojan. Looks like a lot of malware gets reloaded after rebooting.
  21. I can't boot into safe mode because startup repair launches every time and won't let me boot into Windows.
  22. Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017 Ran by SnoozyD (23-07-2017 10:32:00) Run:2 Running from C:\Users\SnoozyD\Desktop Loaded Profiles: SnoozyD (Available Profiles: SnoozyD) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3483163805-3138305329-2141077726-1001\...\Run: [GoogleChromeAutoLaunch_C6BC63B780E27F8B3B77D4BFB4FB2DAF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.) ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 Task: {149DC096-FEB7-4629-861E-6F956A2372BD} - \KMSAutoNet -> No File <==== ATTENTION Task: {56DF8576-45AA-4153-B375-8B53BFD871E4} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION FirewallRules: [{40F9A545-F0D7-4DC9-93A2-E12B43510C34}] => (Allow) C:\Users\SnoozyD\AppData\Local\Temp\GUMFDF5.tmp\GoogleUpdate.exe FirewallRules: [{B62A917F-DEEB-4D33-A0D4-C410606B87AF}] => (Allow) C:\Users\SnoozyD\AppData\Local\Temp\GUMFDF5.tmp\GoogleUpdate.exe FirewallRules: [{D25BD72F-2434-4F03-87B9-AE4DEF060BB3}] => (Allow) C:\Users\SnoozyD\AppData\Local\Temp\GUMFDF5.tmp\GoogleUpdate.exe FirewallRules: [{9481E4AF-5914-4ED1-9D57-58BA6D04CF16}] => (Allow) C:\Users\SnoozyD\AppData\Local\Temp\GUMFDF5.tmp\GoogleUpdate.exe C:\Program Files (x86)\GUM15D1.tmp C:\Users\SnoozyD\AppData\Local\xuhbtbtz C:\Users\SnoozyD\AppData\Local\skonz C:\Users\SnoozyD\AppData\Local\report EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-3483163805-3138305329-2141077726-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_C6BC63B780E27F8B3B77D4BFB4FB2DAF => value removed successfully HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149DC096-FEB7-4629-861E-6F956A2372BD} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56DF8576-45AA-4153-B375-8B53BFD871E4} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2 => key not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40F9A545-F0D7-4DC9-93A2-E12B43510C34} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B62A917F-DEEB-4D33-A0D4-C410606B87AF} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D25BD72F-2434-4F03-87B9-AE4DEF060BB3} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9481E4AF-5914-4ED1-9D57-58BA6D04CF16} => value not found. "C:\Program Files (x86)\GUM15D1.tmp" => not found. "C:\Users\SnoozyD\AppData\Local\xuhbtbtz" => not found. "C:\Users\SnoozyD\AppData\Local\skonz" => not found. "C:\Users\SnoozyD\AppData\Local\report" => not found. =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6392588 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 528424 B Edge => 0 B Chrome => 25848127 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B SnoozyD => 14607 B RecycleBin => 0 B EmptyTemp: => 38.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:32:16 ====
  23. Topic reopened per request
  24. Alright, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply; fixlist.txt
  25. Hi loljaash, Are you still with me?
  26. Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  27. Hi blackfyre, Are you still with me?
  1. Load more activity