Jump to content

Moe2001

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by Moe2001

  1. It's brand new tho I think this happens because I did some command yesterday to get into desktop
  2. It Scanned in 30 seconds here the logs Self-Test Logs.txt Attributes.txt
  3. Also My desktop isn't working whenever I restart also it's slow
  4. How can i fix these problem?? Also i ran FRST Scan here the logs FRST.txt Addition.txt Shortcut.txt How can i fix the startup problems and the opening items problems, etc also when i restart my laptop it takes very long for explorer.exe to load desktop items (Sometimes never load till i do it manually everytime from the taskbar manager
  5. These are the some problem I have now also I have hard disk1 (301) problem at startup also here the startup error some more are in the last reply can u help me to fix these please
  6. UPDATE: I logged into windows got in finally but some problems i can't save screenshots
  7. After I restarted again I got blue screen it says "Event tracing Fatal Error" it keeps going to that screen after it auto restarts and I can't login
  8. Here the exported log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/25/17 Scan Time: 9:11 PM Log File: 7ea940b0-89fb-11e7-855c-a08cfd2dffe4.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.186 Update Package Version: 1.0.2660 License: Trial -System Information- OS: Windows 10 (Build 14393.1593) CPU: x64 File System: NTFS User: AZIZ_FAMILY\Aziz Family -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 471101 Threats Detected: 109 Threats Quarantined: 109 Time Elapsed: 31 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1196], [380352],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [1196], [396386],1.0.2660 Module: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1196], [380352],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [1196], [396386],1.0.2660 Registry Key: 29 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Delete-on-Reboot, [1050], [327193],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Delete-on-Reboot, [1050], [327193],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Delete-on-Reboot, [1050], [327193],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [5341], [425125],1.0.2660 PUP.Optional.ByteFence, HKU\S-1-5-21-1905450224-4209342522-2315450864-1003\SOFTWARE\ByteFence, Delete-on-Reboot, [619], [388728],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Delete-on-Reboot, [5341], [425124],1.0.2660 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Delete-on-Reboot, [619], [389038],1.0.2660 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Delete-on-Reboot, [619], [389038],1.0.2660 PUP.Optional.Reimage, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Delete-on-Reboot, [1050], [327203],1.0.2660 PUP.Optional.BlockAdsPro, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, Delete-on-Reboot, [8688], [419770],1.0.2660 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, Delete-on-Reboot, [1196], [380352],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\NTService.Control.1, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Delete-on-Reboot, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Delete-on-Reboot, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Delete-on-Reboot, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Delete-on-Reboot, [1050], [327205],1.0.2660 Registry Value: 4 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [5341], [425126],1.0.2660 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, Delete-on-Reboot, [1196], [380353],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [5341], [425125],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Delete-on-Reboot, [5341], [425124],1.0.2660 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data655, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\dump, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\LLSSOFT\WINVMX, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.BlockAdsPro, C:\USERS\AZIZ FAMILY\APPDATA\ROAMING\MICROSOFT\BLOCKADSPRO, Delete-on-Reboot, [8688], [421128],1.0.2660 PUP.Optional.Yelloader, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\LLSSOFT, Delete-on-Reboot, [1681], [424515],1.0.2660 File: 59 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, Delete-on-Reboot, [1196], [380341],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_SkipUac_Aziz Family, Delete-on-Reboot, [1196], [380341],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [1196], [380353],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [1196], [380352],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies-journal, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_0, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_1, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_2, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_3, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\index, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Visited Links, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies-journal, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_0, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_1, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_2, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_3, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\index, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Visited Links, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies-journal, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_0, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_1, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_2, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_3, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\index, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Visited Links, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies-journal, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_0, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_1, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_2, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_3, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\index, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Visited Links, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.ini, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libcef.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll, Delete-on-Reboot, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\userdata2, Delete-on-Reboot, [1681], [424515],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [1196], [396386],1.0.2660 Physical Sector: 0 (No malicious items detected) (end)
  9. This is before i click quartantite selected Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/25/17 Scan Time: 9:11 PM Log File: 7ea940b0-89fb-11e7-855c-a08cfd2dffe4.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.186 Update Package Version: 1.0.2660 License: Trial -System Information- OS: Windows 10 (Build 14393.1593) CPU: x64 File System: NTFS User: AZIZ_FAMILY\Aziz Family -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 471101 Threats Detected: 109 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 31 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1196], [380352],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [1196], [396386],1.0.2660 Module: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1196], [380352],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [1196], [396386],1.0.2660 Registry Key: 29 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1050], [327193],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, No Action By User, [1050], [327193],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1050], [327193],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\TASKENG.EXE, No Action By User, [5341], [425125],1.0.2660 PUP.Optional.ByteFence, HKU\S-1-5-21-1905450224-4209342522-2315450864-1003\SOFTWARE\ByteFence, No Action By User, [619], [388728],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, No Action By User, [5341], [425124],1.0.2660 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, No Action By User, [619], [389038],1.0.2660 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, No Action By User, [619], [389038],1.0.2660 PUP.Optional.Reimage, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., No Action By User, [1050], [327203],1.0.2660 PUP.Optional.BlockAdsPro, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, No Action By User, [8688], [419770],1.0.2660 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, No Action By User, [1196], [380352],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\NTService.Control.1, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1050], [332494],1.0.2660 PUP.Optional.Reimage, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [1050], [327205],1.0.2660 Registry Value: 4 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, No Action By User, [5341], [425126],1.0.2660 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, No Action By User, [1196], [380353],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, No Action By User, [5341], [425125],1.0.2660 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, No Action By User, [5341], [425124],1.0.2660 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data655, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\dump, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\LLSSOFT\WINVMX, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.BlockAdsPro, C:\USERS\AZIZ FAMILY\APPDATA\ROAMING\MICROSOFT\BLOCKADSPRO, No Action By User, [8688], [421128],1.0.2660 PUP.Optional.Yelloader, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\LLSSOFT, No Action By User, [1681], [424515],1.0.2660 File: 59 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, No Action By User, [1196], [380341],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_SkipUac_Aziz Family, No Action By User, [1196], [380341],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [1196], [398206],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1196], [380353],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1196], [380352],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies-journal, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_0, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_1, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_2, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_3, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\index, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Visited Links, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies-journal, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_0, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_1, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_2, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_3, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\index, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Visited Links, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies-journal, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_0, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_1, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_2, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_3, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\index, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Visited Links, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies-journal, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_0, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_1, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_2, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_3, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\index, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Visited Links, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.ini, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libcef.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll, No Action By User, [1681], [422653],1.0.2660 PUP.Optional.Yelloader, C:\Windows\syswow64\config\systemprofile\AppData\Local\llssoft\userdata2, No Action By User, [1681], [424515],1.0.2660 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [1196], [396386],1.0.2660 Physical Sector: 0 (No malicious items detected) (end)
  10. In setting im trying to turn windows defenser and it says This app is turned off by group policy To allow this app to run, contact your secuirty administrator to enable the program vira group policy. How can i fix this??
  11. Also i Ran Adware scan here the logs # AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 26 01:06:44 2017 # Updated on 2017/05/08 by Malwarebytes # Database: 08-25-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.Legacy, AdvancedSystemCareService10 ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Aziz Family\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Aziz Family\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare PUP.Optional.S5Mark, C:\Windows\System32\config\systemprofile\AppData\Local\llssoft PUP.Optional.S5Mark, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft Adware.Agent, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist Adware.Agent, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist PUP.Adware.Heuristic, C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} PUP.Adware.Heuristic, C:\ProgramData\{89DEFA6C-3E75-4DC7-1121-6A1D8F48F6C5} PUP.Adware.Heuristic, C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} PUP.Adware.Heuristic, C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} PUP.Adware.Heuristic, C:\ProgramData\{C6FA530F-BB98-4D9F-BA00-45FD0698077C} PUP.Adware.Heuristic, C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} PUP.Adware.Heuristic, C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} ***** [ Files ] ***** PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, ASC10_PerformanceMonitor PUP.Adware.Heuristic, ASC10_SkipUac_Aziz Family ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22DD9399-3DD2-41BC-B903-0FCC5F84E5A8} PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {412F04C4-51BE-494B-87AA-55511227E0E5} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | cpx PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\Software\Microsoft\Windows\CurrentVersion\Run | Advanced SystemCare 10 PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10 PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Advanced SystemCare 10 PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | WinResSync PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. PUP.Optional.Reimage, [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Adware.Agent, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | svcvmx Adware.pokki, [Value] - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\TBDEn | SBOEM2 Trojan.Clicker, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.BlockTheAds, [Key] - HKU\S-1-5-21-1905450224-4209342522-2315450864-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BlockAdsPro PUP.Optional.BlockTheAds, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BlockAdsPro PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ccleaner.en.softonic.com PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ccleaner.en.softonic.com PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
  12. @Aura Here you go mbar-log-2017-08-25 (17-47-23).txt Also i can run other things now also can you tell what should i run and do to keep my pc protected and fast
  13. Here you go. Addition.txt FRST.txt Shortcut.txt
  14. Also how do i get the fixlist.txt to use the FIX option in FRST
  15. Here is the FRST Logs Addition.txt FRST.txt Shortcut.txt
  16. But I can't run malware scanner can only run rootkit malwarebyte "The requested resource is in use"
  17. Seems like it keep freezing or crashing after it reaches system catigory
  18. Do you want me to reboot after it finishes and am done cleaning it @Aura
  19. Getting Drivers, sectors, and system scan right now.
  20. Here it is, Only scanned for drivers, am doing system and Sector right now. Malwarebytes Anti-Rootkit BETA 1.9.4.1001 www.malwarebytes.org Database version: main: v2017.08.24.06 rootkit: v2017.08.02.01 Windows 10 x64 NTFS Internet Explorer 11.1593.14393.0 Aziz Family :: AZIZ_FAMILY [administrator] 8/24/2017 2:12:38 PM mbar-log-2017-08-24 (14-12-38).txt Scan type: Scan options enabled: Anti-Rootkit | Drivers | MBR Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Objects scanned: 455 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192] Physical Sectors Detected: 0 (No malicious items detected) (end) (The one i ran before this ) mbar-log-2017-08-24 (14-11-08)
  21. Whenever I try to run Malwarebytes I get The Requested Resource Is In Use, i tried to download. I tried running malware many times but i keep getting this message "The Requested Resource is in use" I have FRST Log. Here FRST.txt Addition.txt I also have svchost need help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.