JustTryinToFixMyBaby
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JustTryinToFixMyBaby
-
-
It told me to "click OK to restart." I did, and nothing popped up but i did find a "fixlog" in place of fixlist. I'm guessing this is what you're lookin' for?
fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by JT (17-08-2017 10:18:36) Run:1
Running from C:\Users\JT\Downloads
Loaded Profiles: JT (Available Profiles: JT)
Boot Mode: Normal
==============================================fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads
Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU
Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\DownloadsMSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2
MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs"
MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xyleloC:\ProgramData\boost_interprocess
C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437}
C:\Users\JT\AppData\Local\gvzgklre
C:\Users\JT\AppData\Local\ntuserlitelist
C:\Users\JT\AppData\Local\report
C:\Users\JT\AppData\Local\xylelo.dll
C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs
EmptyTemp:
*****************Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00484A4C-A295-4C83-A58D-2BEE9395EFBE} => key removed successfully
C:\Windows\System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11816149-D077-4148-B5FF-DE239CFB9B27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F5B8FFD-5D95-4512-8B91-C292FBC13103} => key removed successfully
C:\Windows\System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E98199B-3E75-4830-84C8-900B23A09D28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} => key removed successfully
C:\Windows\System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{097BFC58-BE6F-4945-9755-E29E8101557C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key removed successfully
HKLM\System\CurrentControlSet\Services\d1493e0e7c80cdc9ee8827e3db3fe63e => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinResSync => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xylelo => key removed successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437} => moved successfully
C:\Users\JT\AppData\Local\gvzgklre => moved successfully
C:\Users\JT\AppData\Local\ntuserlitelist => moved successfully
C:\Users\JT\AppData\Local\report => moved successfully
"C:\Users\JT\AppData\Local\xylelo.dll" => not found.
"C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs" => not found.=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94345009 B
Java, Flash, Steam htmlcache => 222368672 B
Windows/system/drivers => 119361832 B
Edge => 0 B
Chrome => 0 B
Firefox => 380511871 B
Opera => 0 BTemp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 71632 B
LocalService => 0 B
NetworkService => 150398 B
JT => 2910289293 BRecycleBin => 7327124 B
EmptyTemp: => 3.5 GB temporary data Removed.================================
The system needed a reboot.==== End of Fixlog 10:18:48 ====
54 minutes ago, Aura said:How's your system behaving now? Are there any other issues to address?
Before this problem I never payed attention to my CPU. What is a healthy CPU? At start up its around 50-60ish percent, but after a minute or two its down to 28% right now. After checking task manager, there are no clients, no vmxclients, nothing even causing CPU. THANK YOU!
-
Was i ever supposed to delete the quarantined items on regular malwarebytes?
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by JT (administrator) on ETHANBRADBERRY (17-08-2017 09:19:04)
Running from C:\Users\JT\Downloads
Loaded Profiles: JT (Available Profiles: JT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Run: [Spotify Web Helper] => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-07] (Spotify Ltd)
HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\MountPoints2: {291a9a76-2d1d-11e7-abed-1c1b0d9d09f6} - E:\VerizonSWUpgradeAssistantLauncher.exe==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E0AE22C8-D71C-470A-A384-695474A09FF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-25] (Oracle Corporation)FireFox:
========
FF DefaultProfile: hs10wslo.default
FF ProfilePath: C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default [2017-08-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hs10wslo.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\hs10wslo.default -> duckduckgo.com
FF Extension: (Adblock Plus) - C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\hs10wslo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-31]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-08] ()
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-17] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (LG Electronics Inc.)==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-17 09:19 - 2017-08-17 09:19 - 000007975 _____ C:\Users\JT\Downloads\FRST.txt
2017-08-17 09:18 - 2017-08-17 09:19 - 000000000 ____D C:\FRST
2017-08-17 09:18 - 2017-08-17 09:18 - 002395648 _____ (Farbar) C:\Users\JT\Downloads\FRST64.exe
2017-08-17 09:08 - 2017-08-17 09:08 - 000004526 _____ C:\Users\JT\Desktop\JRT.txt
2017-08-17 09:07 - 2017-08-17 09:07 - 001790024 _____ (Malwarebytes) C:\Users\JT\Downloads\JRT.exe
2017-08-17 09:02 - 2017-08-17 09:05 - 000000000 ____D C:\AdwCleaner
2017-08-17 09:02 - 2017-08-17 09:02 - 008185288 _____ (Malwarebytes) C:\Users\JT\Downloads\AdwCleaner.exe
2017-08-16 12:09 - 2017-08-17 09:06 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-16 12:09 - 2017-08-17 09:06 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-16 12:09 - 2017-08-17 09:06 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-16 12:09 - 2017-08-16 12:09 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-16 12:09 - 2017-08-16 12:09 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-16 12:09 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-16 12:08 - 2017-08-16 12:08 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe
2017-08-16 08:18 - 2017-08-17 09:06 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-16 08:18 - 2017-08-16 12:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-16 08:18 - 2017-08-16 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-16 08:16 - 2017-08-16 12:09 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-16 08:16 - 2017-08-16 10:56 - 000000000 ____D C:\Users\JT\Desktop\mbar
2017-08-16 08:16 - 2017-08-16 08:16 - 016563352 _____ (Malwarebytes Corp.) C:\Users\JT\Downloads\mbar-1.09.3.1001.exe
2017-08-14 17:47 - 2017-08-14 17:47 - 000289137 _____ C:\Users\JT\Downloads\FQM5.00Beta15.rar
2017-08-14 13:21 - 2017-08-14 13:21 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-07-26 13:09 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-08-14 13:21 - 2017-07-26 13:09 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-08-14 07:43 - 2017-08-14 07:43 - 065033984 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ C:\Users\JT\AppData\Local\Resmon.ResmonCfg
2017-08-13 07:06 - 2017-08-13 07:06 - 064025992 _____ (Malwarebytes ) C:\Users\JT\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-08-12 17:51 - 2017-08-16 09:31 - 000461214 _____ C:\Windows\ntbtlog.txt
2017-08-11 07:53 - 2017-08-11 07:53 - 000132379 _____ C:\Users\JT\Downloads\BalanceModv119TechChart.zip
2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode
2017-08-07 10:27 - 2017-08-07 10:27 - 000000000 ____D C:\Program Files (x86)\DebugMode
2017-08-07 10:17 - 2017-08-07 10:17 - 000000000 ____D C:\Users\JT\.MCTranscodingSDK
2017-08-07 10:15 - 2017-08-12 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2017-08-07 10:15 - 2017-08-07 10:17 - 000000000 ____D C:\Users\Public\Documents\Lightworks
2017-08-07 10:15 - 2017-08-07 10:15 - 000000000 ____D C:\ProgramData\Geevs
2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Roaming\Spotify
2017-08-07 10:07 - 2017-08-14 15:03 - 000000000 ____D C:\Users\JT\AppData\Local\Spotify
2017-08-07 10:07 - 2017-08-07 10:07 - 000001738 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-01 18:52 - 2017-08-01 18:52 - 000000000 ____D C:\Users\JT\AppData\Local\My Games
2017-07-18 07:48 - 2017-07-25 18:54 - 000000000 ____D C:\Users\JT\Documents\SimCity 4
2017-07-18 07:48 - 2017-07-18 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2017-07-18 07:42 - 2017-07-18 07:42 - 000000000 ____D C:\Users\JT\Documents\Amazon Downloader Logs==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-17 09:14 - 2009-07-14 00:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-17 09:12 - 2009-07-14 01:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-17 09:12 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-17 09:08 - 2017-06-16 15:37 - 000000000 ____D C:\Users\JT\AppData\LocalLow\Mozilla
2017-08-17 09:08 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-17 09:06 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-16 21:15 - 2017-06-16 15:33 - 000000000 ____D C:\Users\JT\AppData\Local\ntuserlitelist
2017-08-16 18:26 - 2017-06-15 17:14 - 000000000 ____D C:\Users\JT\AppData\Local\gvzgklre
2017-08-14 13:23 - 2017-05-04 17:23 - 000000000 ____D C:\Users\JT\AppData\Local\CrashDumps
2017-08-14 13:21 - 2017-04-27 20:21 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-14 13:21 - 2017-04-27 20:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-13 12:26 - 2017-04-27 20:21 - 000000000 ____D C:\Users\JT\AppData\Local\NVIDIA Corporation
2017-08-12 19:18 - 2017-04-28 05:42 - 000001042 _____ C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-12 17:48 - 2017-04-28 05:59 - 000058408 _____ C:\Users\JT\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-12 17:35 - 2009-07-14 00:45 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-12 09:06 - 2017-04-27 18:22 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-08-11 09:22 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Local\Roblox
2017-08-10 15:35 - 2017-05-22 17:29 - 000000000 ____D C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-08-09 09:28 - 2017-04-27 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-09 09:28 - 2017-04-27 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 09:28 - 2017-04-27 18:23 - 000004480 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-09 09:28 - 2017-04-27 18:23 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-09 09:28 - 2017-04-27 18:23 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-07 10:17 - 2017-04-28 05:42 - 000000000 ____D C:\Users\JT
2017-08-07 10:16 - 2017-04-27 20:28 - 000000000 ____D C:\Users\JT\AppData\Roaming\NVIDIA
2017-08-02 07:11 - 2017-05-02 11:07 - 000000000 ____D C:\Games
2017-08-01 18:52 - 2017-04-28 19:26 - 000000000 ____D C:\Users\JT\Documents\My Games
2017-07-26 13:09 - 2017-04-27 20:21 - 001922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-07-26 13:09 - 2017-04-27 20:21 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-07-26 13:09 - 2017-04-27 20:21 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-07-26 13:09 - 2017-04-27 20:21 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-07-26 13:09 - 2017-04-27 20:21 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-07-26 13:09 - 2017-04-27 20:20 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-07-26 13:09 - 2017-04-27 20:20 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-07-26 09:40 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-07-26 09:36 - 2017-04-27 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat==================== Files in the root of some directories =======
2017-06-24 20:48 - 2017-06-25 07:51 - 000009992 _____ () C:\Users\JT\AppData\Roaming\.freeciv-client-rc-2.5
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\JT\AppData\Local\report
2017-08-13 07:49 - 2017-08-13 07:49 - 000007597 _____ () C:\Users\JT\AppData\Local\Resmon.ResmonCfg
2017-04-27 18:11 - 2017-04-27 18:11 - 000000000 _____ () C:\Users\JT\AppData\Local\{50F4A90C-C101-4858-843C-E4FE679EB437}
2017-04-28 05:56 - 2017-04-28 05:56 - 000000000 ____H () C:\ProgramData\DP45977C.lflSome files in TEMP:
====================
2017-07-06 15:08 - 2017-07-06 15:08 - 000006656 _____ () C:\Users\JT\AppData\Local\Temp\939F.tmpcrt.dll
2017-07-06 15:08 - 2017-07-06 15:08 - 000007168 _____ () C:\Users\JT\AppData\Local\Temp\93AF.tmpcrt.dll
2017-07-18 07:48 - 2017-07-18 07:44 - 000561152 _____ (Electronic Arts Inc.) C:\Users\JT\AppData\Local\Temp\AutoRun.exe
2017-07-18 07:48 - 2017-07-18 07:44 - 002658304 _____ () C:\Users\JT\AppData\Local\Temp\AutoRunGUI.dll
2017-07-26 17:33 - 2017-07-26 17:33 - 000740416 _____ (Oracle Corporation) C:\Users\JT\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-04-27 20:27 - 2017-04-19 20:18 - 000867968 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-04 17:22 - 2017-04-19 20:18 - 000367736 _____ (NVIDIA Corporation) C:\Users\JT\AppData\Local\Temp\nvStInst.exe
2017-04-30 10:12 - 2017-04-27 04:39 - 004417608 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\JT\AppData\Local\Temp\wgctmp_setup.exe==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2017-08-16 12:50
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by JT (17-08-2017 09:19:14)
Running from C:\Users\JT\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-04-28 09:42:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================Administrator (S-1-5-21-836055558-1996453931-2352102307-500 - Administrator - Disabled)
Guest (S-1-5-21-836055558-1996453931-2352102307-501 - Limited - Disabled)
JT (S-1-5-21-836055558-1996453931-2352102307-1000 - Administrator - Enabled) => C:\Users\JT==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
7-Zip 17.00 beta (HKLM-x32\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Aslain's WoWs Modpack version 6.8.1.00 (HKLM-x32\...\ASLAINSWARSHIPSTEST_is1) (Version: 6.8.1.00 - Aslain)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version: - Ninja Kiwi)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version: - Relic Entertainment)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
FreeOrion 0.4.7 (build 2017-04-24.60d06dc) (HKLM-x32\...\FreeOrion) (Version: 0.4.7 (build 2017-04-24.60d06dc) - FreeOrion Community)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Need for Madness (HKLM-x32\...\{7369D8AB-6580-4DBA-AAE2-6A93E085A50E}) (Version: 44 - Radicalplay.com Games, Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
OpenTTD 1.7.1 (HKLM-x32\...\OpenTTD) (Version: 1.7.1 - OpenTTD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
ROBLOX Player for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for JT (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
RollerCoaster Tycoon 3: Platinum! (HKLM\...\Steam App 2700) (Version: - Frontier)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Sid Meier's Railroad Tycoon (HKLM-x32\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Space Empires IV Deluxe (HKLM\...\Steam App 1610) (Version: - Malfador Machinations)
Space Empires V (HKLM\...\Steam App 1690) (Version: - Malfador Machinations)
Spotify (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games)
TripleA_1.9.0.0.3635 1.9.0.0.3635 (HKLM\...\5251-3669-9623-1649) (Version: 1.9.0.0.3635 - TripleA Developer Team)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\Wargaming.net Game Center) (Version: 17.5.0.4300 - Wargaming.net)
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Tanks - Sandbox (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812sb}_is1) (Version: - Wargaming.net)
World of Tanks NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
World of Warships NA (HKU\S-1-5-21-836055558-1996453931-2352102307-1000\...\WOWS.NA.PRODUCTION) (Version: - Wargaming.net)==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00484A4C-A295-4C83-A58D-2BEE9395EFBE} - System32\Tasks\{11816149-D077-4148-B5FF-DE239CFB9B27} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\Radical_Aces.exe -d C:\Users\JT\Downloads
Task: {05879B11-3ECE-41C3-A5A9-B5D93086D615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2244790D-39F3-4912-8C71-1B65FE7AF415} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {27EAD559-3555-4949-9E22-575F2EEC1650} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {3793F776-4D30-40A2-A7F6-B7ABBD495A83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {4726781C-4222-4BF6-9E6C-F7AD1F96266F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {4F5B8FFD-5D95-4512-8B91-C292FBC13103} - System32\Tasks\{8E98199B-3E75-4830-84C8-900B23A09D28} => C:\Windows\system32\pcalua.exe -a D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU\xp_fix.exe -d D:\Gaims\STP\Sim_Theme_Park_Patch_v.2.0_EU
Task: {62C5FD73-659A-4A7D-B32C-848EFE315CBB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {7DD16948-AB3F-406C-A91C-0F538A102B96} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {94D910B1-4D69-4BC8-AD25-6F2A87FCDC00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A48EB6F0-2136-4669-947D-2DBFEBCC0A7C} - System32\Tasks\{097BFC58-BE6F-4945-9755-E29E8101557C} => C:\Windows\system32\pcalua.exe -a C:\Users\JT\Downloads\freecol-0.11.6-installer.exe -d C:\Users\JT\Downloads
Task: {ABBF186E-A3ED-4791-840A-5DB43DBDC176} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {C04810E1-3876-40FC-9726-0AAE0D9EFBCA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {C3CC207D-96C4-4F22-9660-C8AF1E5BB242} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {F1815971-E903-4892-B00E-5CEF0572C2B0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============2017-08-16 12:09 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-27 20:20 - 2017-07-26 13:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-27 20:20 - 2017-07-26 13:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: d1493e0e7c80cdc9ee8827e3db3fe63e => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: seagate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\JT\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\JT\AppData\Roaming\Microsoft\Protect\22c364-d1b368-ce7c1792-7561b1-aaa0.rs"
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks_SB\WargamingGameUpdater.exe"
MSCONFIG\startupreg: World of Tanks (1) => "D:\Gaims\Wargaming.net\World_of_Tanks_SB\WargamingGameUpdater.exe"
MSCONFIG\startupreg: xylelo => rundll32.exe "C:\Users\JT\AppData\Local\xylelo.dll",xylelo==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{178968D0-5FDA-4EEA-9F69-2F6333AE2B98}] => (Allow) D:\Gaims\Steam\Steam.exe
FirewallRules: [{DB81240C-7AB9-4F3E-9E3C-CD8450501548}] => (Allow) D:\Gaims\Steam\Steam.exe
FirewallRules: [{15D1E301-CD91-4012-947D-137CF3CDB0CE}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDB7110E-E392-47A0-9146-01DF46B53811}] => (Allow) D:\Gaims\Steam\bin\cef\cef.win7\steamwebhelper.exe==================== Restore Points =========================
17-08-2017 09:07:58 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================Application errors:
==================
Error: (08/17/2017 09:08:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 09:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 01:01:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 11:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 11:26:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 86c
Start Time: 01d3169fcab49dd0
Termination Time: 60000
Application Path: C:\Users\JT\Desktop\mbar\mbar.exe
Report Id: 25862b81-8297-11e7-b24a-1c1b0d9d09f6
Error: (08/16/2017 11:04:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 86c
Start Time: 01d3169fcab49dd0
Termination Time: 60000
Application Path: C:\Users\JT\Desktop\mbar\mbar.exe
Report Id: 190f6ef1-8294-11e7-b24a-1c1b0d9d09f6
Error: (08/16/2017 10:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 10:34:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 09:22:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Error: (08/16/2017 09:19:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 4d8
Start Time: 01d31690b394f5f0
Termination Time: 5645
Application Path: C:\Users\JT\Desktop\mbar\mbar.exe
Report Id: 893c0211-8285-11e7-8cdf-1c1b0d9d09f6
System errors:
=============
Error: (08/17/2017 09:08:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.Error: (08/17/2017 09:08:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.Error: (08/17/2017 09:06:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdromError: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).Error: (08/17/2017 09:05:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.Error: (08/16/2017 09:17:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.Error: (08/16/2017 09:15:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdromError: (08/16/2017 02:10:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.Error: (08/16/2017 01:28:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
==================== Memory info ===========================Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 35%
Total physical RAM: 8144.43 MB
Available physical RAM: 5240.24 MB
Total Virtual: 16287.05 MB
Available Virtual: 13216 MB==================== Drives ================================
Drive c: () (Fixed) (Total:59.53 GB) (Free:8.3 GB) NTFS
Drive d: (NewJuan) (Fixed) (Total:465.76 GB) (Free:190.72 GB) NTFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: FFD1A62E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0A6436D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================
-
adw cleaner:
# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 13:05:37 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\rei
Deleted: C:\Users\JT\AppData\Local\AdvinstAnalytics
Deleted: C:\Program Files\Reimage
Deleted: C:\Users\JT\AppData\Local\llssoft
***** [ Files ] *****Deleted: C:\END
***** [ DLL ] *****No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKU\S-1-5-21-836055558-1996453931-2352102307-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
***** [ Firefox (and derivatives) ] *****No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1768 B] - [2017/8/17 13:3:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by JT (Administrator) on Thu 08/17/2017 at 9:07:58.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 25Successfully deleted: C:\Program Files (x86)\GUT56E6.tmp (File)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JCRLQZX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R8M9M5H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AREFOPM5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGFMHFV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJVE5OK7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBXURZBN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9XXRVTZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJRHV0P (Temporary Internet Files Folder)Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/17/2017 at 9:08:32.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
I am having trouble copying and pasting, even when I export it as a txt file and ctrl + c and v. Is it okay if I just give you the txt file?
-
Oh no i mean the actual Malwarebytes window was closed. Looking back at the quarantine window I do not see a Export Summary. Ugh I really messed up this time.
-
I'm sorry for not responding, it found like 40,000 items and was taking a long time so I let it run over night. It was not up when I got back on this morning.
18 hours ago, Aura said:Click on Export Summary after the deletion
Do you mean after the quarantine or click the delete button after quarantine?
-
Whoa, as soon as i installed it, it ran something. It wants me to reboot. Do I reboot or listen to you? Sorry if this is a stupid question.
-
Hello Yoan
28 minutes ago, Aura said:Can you provide me the "mbar-log-TODAY'S-DATE.txt" log that should be in the MBAR folder so I can review it?
I found two of them.
-
RUNNING WINDOWS 7!
I logged on my computer the other day and realized Explorer.exe was taking over 80% of my CPU. But that wasn't all. There was two "client" applications running(according to task manager) and a couple of vxmclients running in processes, that would also take up 10%. I searched the problem, nobody had a real answer. I decided to turn to mbar. I scanned a probably 3-4 times and it would find malware, but it would freeze and not respond every time. I decided to separate the areas to scan. First I did drivers, it found 1, and cleaned it up(woo!). Then sectors, didn't find anything. System is where it found a lot, but froze up. Yes, I updated it every time. I'm sorry if this is rude in any way, I am really frustrated(not at you).
As you can tell from my username, it is my baby.
Any help is extremely appreciated.
mbar not responding mid-scan
in Resolved Malware Removal Logs
Posted
This is a stupid question. I understand it depends on everything. What i meant to say is:
Does this sound like a fix to you?