Jump to content

JustTryinToFixMyBaby

Members
  • Content Count

    10
  • Joined

  • Last visited

About JustTryinToFixMyBaby

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This is a stupid question. I understand it depends on everything. What i meant to say is: Does this sound like a fix to you?
  2. It told me to "click OK to restart." I did, and nothing popped up but i did find a "fixlog" in place of fixlist. I'm guessing this is what you're lookin' for? fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017 Ran by JT (17-08-2017 10:18:36) Run:1 Running from C:\Users\JT\Downloads Loaded Profiles: JT (Available Profiles: JT) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\Downloads MSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2 MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs" MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xylelo C:\ProgramData\boost_interprocess C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437} C:\Users\JT\AppData\Local\gvzgklre C:\Users\JT\AppData\Local\ntuserlitelist C:\Users\JT\AppData\Local\report C:\Users\JT\AppData\Local\xylelo.dll C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully C:\Windows\System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11816149-D077-4148-B5FF-DE239CFB9B27} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully C:\Windows\System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E98199B-3E75-4830-84C8-900B23A09D28} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully C:\Windows\System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{097BFC58-BE6F-4945-9755-E29E8101557C} => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key removed successfully HKLM\System\CurrentControlSet\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinResSync => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xylelo => key removed successfully C:\ProgramData\boost_interprocess => moved successfully C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437} => moved successfully C:\Users\JT\AppData\Local\gvzgklre => moved successfully C:\Users\JT\AppData\Local\ntuserlitelist => moved successfully C:\Users\JT\AppData\Local\report => moved successfully "C:\Users\JT\AppData\Local\xylelo.dll" => not found. "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs" => not found. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94345009 B Java, Flash, Steam htmlcache => 222368672 B Windows/system/drivers => 119361832 B Edge => 0 B Chrome => 0 B Firefox => 380511871 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58558406 B systemprofile32 => 71632 B LocalService => 0 B NetworkService => 150398 B JT => 2910289293 B RecycleBin => 7327124 B EmptyTemp: => 3.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:18:48 ==== Before this problem I never payed attention to my CPU. What is a healthy CPU? At start up its around 50-60ish percent, but after a minute or two its down to 28% right now. After checking task manager, there are no clients, no vmxclients, nothing even causing CPU. THANK YOU!
  3. Was i ever supposed to delete the quarantined items on regular malwarebytes? FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017 Ran by JT (administrator) on ETHANBRADBERRY (17-08-2017 09:19:04) Running from C:\Users\JT\Downloads Loaded Profiles: JT (Available Profiles: JT) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Run: [Spotify Web Helper] => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-07] (Spotify Ltd) HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\MountPoints2: {291a9a76-2d1d-11e7-abed-1c1b0d9d09f6} - E:\VerizonSWUpgradeAssistantLauncher.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{E0AE22C8-D71C-470A-A384-695474A09FF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-25] (Oracle Corporation) FireFox: ======== FF DefaultProfile: hs10wslo.default FF ProfilePath: C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default [2017-08-17] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hs10wslo.default -> DuckDuckGo FF Homepage: Mozilla\Firefox\Profiles\hs10wslo.default -> duckduckgo.com FF Extension: (Adblock Plus) - C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-31] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-08] () S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation) S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-16] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-17] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-17] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-17] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-17] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation) S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (LG Electronics Inc.) S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (LG Electronics Inc.) S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (LG Electronics Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-17 09:19 - 2017-08-17 09:19 - 000007975 _____ C:\Users\JT\Downloads\FRST.txt 2017-08-17 09:18 - 2017-08-17 09:19 - 000000000 ____D C:\FRST 2017-08-17 09:18 - 2017-08-17 09:18 - 002395648 _____ (Farbar) C:\Users\JT\Downloads\FRST64.exe 2017-08-17 09:08 - 2017-08-17 09:08 - 000004526 _____ C:\Users\JT\Desktop\JRT.txt 2017-08-17 09:07 - 2017-08-17 09:07 - 001790024 _____ (Malwarebytes) C:\Users\JT\Downloads\JRT.exe 2017-08-17 09:02 - 2017-08-17 09:05 - 000000000 ____D C:\AdwCleaner 2017-08-17 09:02 - 2017-08-17 09:02 - 008185288 _____ (Malwarebytes) C:\Users\JT\Downloads\AdwCleaner.exe 2017-08-16 12:09 - 2017-08-17 09:06 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-16 12:09 - 2017-08-17 09:06 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-16 12:09 - 2017-08-17 09:06 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-16 12:09 - 2017-08-16 12:09 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-16 12:09 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-08-16 12:08 - 2017-08-16 12:08 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe 2017-08-16 08:18 - 2017-08-17 09:06 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-16 08:18 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-16 08:18 - 2017-08-16 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-16 08:16 - 2017-08-16 12:09 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-08-16 08:16 - 2017-08-16 10:56 - 000000000 ____D C:\Users\JT\Desktop\mbar 2017-08-16 08:16 - 2017-08-16 08:16 - 016563352 _____ (Malwarebytes Corp.) C:\Users\JT\Downloads\mbar-1.09.3.1001.exe 2017-08-14 17:47 - 2017-08-14 17:47 - 000289137 _____ C:\Users\JT\Downloads\FQM5.00Beta15.rar 2017-08-14 13:21 - 2017-08-14 13:21 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-07-26 13:09 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-08-14 13:21 - 2017-07-26 13:09 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-08-14 07:43 - 2017-08-14 07:43 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ C:\Users\JT\AppData\Local\Resmon.ResmonCfg 2017-08-13 07:06 - 2017-08-13 07:06 - 064025992 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe 2017-08-12 17:51 - 2017-08-16 09:31 - 000461214 _____ C:\Windows\ntbtlog.txt 2017-08-11 07:53 - 2017-08-11 07:53 - 000132379 _____ C:\Users\JT\Downloads\BalanceModv119TechChart.zip 2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode 2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode 2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Program Files (x86)\DebugMode 2017-08-07 10:17 - 2017-08-07 10:17 - 000000000 ____D C:\Users\JT\.MCTranscodingSDK 2017-08-07 10:15 - 2017-08-12 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks 2017-08-07 10:15 - 2017-08-07 10:17 - 000000000 ____D C:\Users\Public\Documents\Lightworks 2017-08-07 10:15 - 2017-08-07 10:15 - 000000000 ____D C:\ProgramData\Geevs 2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Roaming\Spotify 2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Local\Spotify 2017-08-07 10:07 - 2017-08-07 10:07 - 000001738 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2017-08-01 18:52 - 2017-08-01 18:52 - 000000000 ____D C:\Users\JT\AppData\Local\My Games 2017-07-18 07:48 - 2017-07-25 18:54 - 000000000 ____D C:\Users\JT\Documents\SimCity 4 2017-07-18 07:48 - 2017-07-18 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis 2017-07-18 07:42 - 2017-07-18 07:42 - 000000000 ____D C:\Users\JT\Documents\Amazon Downloader Logs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-17 09:12 - 2009-07-14 01:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-17 09:12 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2017-08-17 09:08 - 2017-06-16 15:37 - 000000000 ____D C:\Users\JT\AppData\LocalLow\Mozilla 2017-08-17 09:08 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-17 09:06 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-16 21:15 - 2017-06-16 15:33 - 000000000 ____D C:\Users\JT\AppData\Local\ntuserlitelist 2017-08-16 18:26 - 2017-06-15 17:14 - 000000000 ____D C:\Users\JT\AppData\Local\gvzgklre 2017-08-14 13:23 - 2017-05-04 17:23 - 000000000 ____D C:\Users\JT\AppData\Local\CrashDumps 2017-08-14 13:21 - 2017-04-27 20:21 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-08-13 12:26 - 2017-04-27 20:21 - 000000000 ____D C:\Users\JT\AppData\Local\NVIDIA Corporation 2017-08-12 19:18 - 2017-04-28 05:42 - 000001042 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-12 17:48 - 2017-04-28 05:59 - 000058408 _____ C:\Users\JT\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-12 17:35 - 2009-07-14 00:45 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-12 09:06 - 2017-04-27 18:22 - 000000000 ____D C:\ProgramData\boost_interprocess 2017-08-11 09:22 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Local\Roblox 2017-08-10 15:35 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-08-09 09:28 - 2017-04-27 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-09 09:28 - 2017-04-27 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-09 09:28 - 2017-04-27 18:23 - 000004480 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-09 09:28 - 2017-04-27 18:23 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-07 10:17 - 2017-04-28 05:42 - 000000000 ____D C:\Users\JT 2017-08-07 10:16 - 2017-04-27 20:28 - 000000000 ____D C:\Users\JT\AppData\Roaming\NVIDIA 2017-08-02 07:11 - 2017-05-02 11:07 - 000000000 ____D C:\Games 2017-08-01 18:52 - 2017-04-28 19:26 - 000000000 ____D C:\Users\JT\Documents\My Games 2017-07-26 13:09 - 2017-04-27 20:21 - 001922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-07-26 13:09 - 2017-04-27 20:21 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-07-26 13:09 - 2017-04-27 20:21 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-07-26 13:09 - 2017-04-27 20:21 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-07-26 13:09 - 2017-04-27 20:21 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-07-26 13:09 - 2017-04-27 20:20 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-07-26 13:09 - 2017-04-27 20:20 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-07-26 09:40 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-07-26 09:36 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat ==================== Files in the root of some directories ======= 2017-06-24 20:48 - 2017-06-25 07:51 - 000009992 _____ () C:\Users\JT\AppData\Roaming\.freeciv-client-rc-2.5 2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\JT\AppData\Local\report 2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ () C:\Users\JT\AppData\Local\Resmon.ResmonCfg 2017-04-27 18:11 - 2017-04-27 18:11 - 000000000 _____ () C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437} 2017-04-28 05:56 - 2017-04-28 05:56 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-07-06 15:08 - 2017-07-06 15:08 - 000006656 _____ () C:\Users\JT\AppData\Local\Temp\939F.tmpcrt.dll 2017-07-06 15:08 - 2017-07-06 15:08 - 000007168 _____ () C:\Users\JT\AppData\Local\Temp\93AF.tmpcrt.dll 2017-07-18 07:48 - 2017-07-18 07:44 - 000561152 _____ (Electronic Arts Inc.) C:\Users\JT\AppData\Local\Temp\AutoRun.exe 2017-07-18 07:48 - 2017-07-18 07:44 - 002658304 _____ () C:\Users\JT\AppData\Local\Temp\AutoRunGUI.dll 2017-07-26 17:33 - 2017-07-26 17:33 - 000740416 _____ (Oracle Corporation) C:\Users\JT\AppData\Local\Temp\jre-8u144-windows-au.exe 2017-04-27 20:27 - 2017-04-19 20:18 - 000867968 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvSCPAPI64.dll 2017-05-04 17:22 - 2017-04-19 20:18 - 000367736 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvStInst.exe 2017-04-30 10:12 - 2017-04-27 04:39 - 004417608 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\JT\AppData\Local\Temp\wgctmp_setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-16 12:50 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017 Ran by JT (17-08-2017 09:19:14) Running from C:\Users\JT\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2017-04-28 09:42:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-836055558-1996453931-2352102307-500 - Administrator - Disabled) Guest (S-1-5-21-836055558-1996453931-2352102307-501 - Limited - Disabled) JT (S-1-5-21-836055558-1996453931-2352102307-1000 - Administrator - Enabled) => C:\Users\JT ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA) 7-Zip 17.00 beta (HKLM-x32\...\7-Zip) (Version: 17.00 beta - Igor Pavlov) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden Aslain's WoWs Modpack version 6.8.1.00 (HKLM-x32\...\ASLAINSWARSHIPSTEST_is1) (Version: 6.8.1.00 - Aslain) Bloons TD Battles (HKLM\...\Steam App 444640) (Version: - Ninja Kiwi) Company of Heroes 2 (HKLM\...\Steam App 231430) (Version: - Relic Entertainment) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden FreeOrion 0.4.7 (build 2017-04-24.60d06dc) (HKLM-x32\...\FreeOrion) (Version: 0.4.7 (build 2017-04-24.60d06dc) - FreeOrion Community) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla) Need for Madness (HKLM-x32\...\{7369D8AB-6580-4DBA-AAE2-6A93E085A50E}) (Version: 44 - Radicalplay.com Games, Ltd.) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation) NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) OpenTTD 1.7.1 (HKLM-x32\...\OpenTTD) (Version: 1.7.1 - OpenTTD) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.) ROBLOX Player for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) RollerCoaster Tycoon 3: Platinum! (HKLM\...\Steam App 2700) (Version: - Frontier) RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd) Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Sid Meier's Railroad Tycoon (HKLM-x32\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games) SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - ) Space Empires IV Deluxe (HKLM\...\Steam App 1610) (Version: - Malfador Machinations) Space Empires V (HKLM\...\Steam App 1690) (Version: - Malfador Machinations) Spotify (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games) TripleA_1.9.0.0.3635 1.9.0.0.3635 (HKLM\...\5251-3669-9623-1649) (Version: 1.9.0.0.3635 - TripleA Developer Team) Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Wargaming.net Game Center (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Wargaming.net Game Center) (Version: 17.5.0.4300 - Wargaming.net) WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH) Wizard101 (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) World of Tanks - Sandbox (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812sb}_is1) (Version: - Wargaming.net) World of Tanks NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net) World of Warships NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOWS.NA.PRODUCTION) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads Task: {05879B11-3ECE-41C3-A5A9-B5D93086D615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2244790D-39F3-4912-8C71-1B65FE7AF415} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated) Task: {27EAD559-3555-4949-9E22-575F2EEC1650} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation) Task: {3793F776-4D30-40A2-A7F6-B7ABBD495A83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated) Task: {4726781C-4222-4BF6-9E6C-F7AD1F96266F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation) Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU Task: {62C5FD73-659A-4A7D-B32C-848EFE315CBB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation) Task: {7DD16948-AB3F-406C-A91C-0F538A102B96} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation) Task: {94D910B1-4D69-4BC8-AD25-6F2A87FCDC00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\Downloads Task: {ABBF186E-A3ED-4791-840A-5DB43DBDC176} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation) Task: {C04810E1-3876-40FC-9726-0AAE0D9EFBCA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation) Task: {C3CC207D-96C4-4F22-9660-C8AF1E5BB242} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation) Task: {F1815971-E903-4892-B00E-5CEF0572C2B0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-08-16 12:09 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-04-27 20:20 - 2017-07-26 13:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-04-27 20:20 - 2017-07-26 13:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: seagate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Spotify Web Helper => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs" MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks_SB\WargamingGameUpdater.exe" MSCONFIG\startupreg: World of Tanks (1) => "D:\Gaims\Wargaming.net\World_of_Tanks_SB\WargamingGameUpdater.exe" MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xylelo ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{178968D0-5FDA-4EEA-9F69-2F6333AE2B98}] => (Allow) D:\Gaims\Steam\Steam.exe FirewallRules: [{DB81240C-7AB9-4F3E-9E3C-CD8450501548}] => (Allow) D:\Gaims\Steam\Steam.exe FirewallRules: [{15D1E301-CD91-4012-947D-137CF3CDB0CE}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BDB7110E-E392-47A0-9146-01DF46B53811}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe ==================== Restore Points ========================= 17-08-2017 09:07:58 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2017 09:08:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 09:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 01:01:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 11:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 11:26:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 86c Start Time: 01d3169fcab49dd0 Termination Time: 60000 Application Path: C:\Users\JT\Desktop\mbar\mbar.exe Report Id: 25862b81-8297-11e7-b24a-1c1b0d9d09f6 Error: (08/16/2017 11:04:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 86c Start Time: 01d3169fcab49dd0 Termination Time: 60000 Application Path: C:\Users\JT\Desktop\mbar\mbar.exe Report Id: 190f6ef1-8294-11e7-b24a-1c1b0d9d09f6 Error: (08/16/2017 10:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 10:34:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 09:22:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2017 09:19:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4d8 Start Time: 01d31690b394f5f0 Termination Time: 5645 Application Path: C:\Users\JT\Desktop\mbar\mbar.exe Report Id: 893c0211-8285-11e7-8cdf-1c1b0d9d09f6 System errors: ============= Error: (08/17/2017 09:08:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/17/2017 09:08:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (08/17/2017 09:06:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (08/16/2017 09:17:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/16/2017 09:15:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/16/2017 02:10:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (08/16/2017 01:28:00 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz Percentage of memory in use: 35% Total physical RAM: 8144.43 MB Available physical RAM: 5240.24 MB Total Virtual: 16287.05 MB Available Virtual: 13216 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:59.53 GB) (Free:8.3 GB) NTFS Drive d: (NewJuan) (Fixed) (Total:465.76 GB) (Free:190.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: FFD1A62E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0A6436D) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. adw cleaner: # AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 13:05:37 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\rei Deleted: C:\Users\JT\AppData\Local\AdvinstAnalytics Deleted: C:\Program Files\Reimage Deleted: C:\Users\JT\AppData\Local\llssoft ***** [ Files ] ***** Deleted: C:\END ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1768 B] - [2017/8/17 13:3:26] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Home Premium x64 Ran by JT (Administrator) on Thu 08/17/2017 at 9:07:58.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Successfully deleted: C:\Program Files (x86)\GUT56E6.tmp (File) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 08/17/2017 at 9:08:32.43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. I am having trouble copying and pasting, even when I export it as a txt file and ctrl + c and v. Is it okay if I just give you the txt file? scan.txt
  6. Oh no i mean the actual Malwarebytes window was closed. Looking back at the quarantine window I do not see a Export Summary. Ugh I really messed up this time.
  7. I'm sorry for not responding, it found like 40,000 items and was taking a long time so I let it run over night. It was not up when I got back on this morning. Do you mean after the quarantine or click the delete button after quarantine?
  8. Whoa, as soon as i installed it, it ran something. It wants me to reboot. Do I reboot or listen to you? Sorry if this is a stupid question.
  9. Hello Yoan I found two of them. mbar-log-2017-08-16 (10-56-19).txt mbar-log-2017-08-16 (10-54-28).txt
  10. RUNNING WINDOWS 7! I logged on my computer the other day and realized Explorer.exe was taking over 80% of my CPU. But that wasn't all. There was two "client" applications running(according to task manager) and a couple of vxmclients running in processes, that would also take up 10%. I searched the problem, nobody had a real answer. I decided to turn to mbar. I scanned a probably 3-4 times and it would find malware, but it would freeze and not respond every time. I decided to separate the areas to scan. First I did drivers, it found 1, and cleaned it up(woo!). Then sectors, didn't find anything. System is where it found a lot, but froze up. Yes, I updated it every time. I'm sorry if this is rude in any way, I am really frustrated(not at you). As you can tell from my username, it is my baby. Any help is extremely appreciated.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.