Jump to content

PaMal

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi I have a computer shutdown, google windows opening by themselves, shutdown has a smily face saying they are gathering date. Malewarebytes does not detect PUPs or if it does and I run it again, it says system clean. I provide attached the files generated by FRST program I just ran Help Addition.txt FRST.txt
  2. Nasdaq, Seems to have worked like you said. Yeah! Here are the files. Merci beaucoup PaMal Fix result of Farbar Recovery Scan Tool (x64) Version: 20.04.2019 01 Ran by Patrice (20-04-2019 13:06:50) Run:1 Running from C:\Users\Patrice\Desktop Loaded Profiles: UpdatusUser & Patrice (Available Profiles: UpdatusUser & Patrice) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: (Pokk?i -> Pokki) C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => No File AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => No File Task: {4BFB6D85-7322-4A3C-A20C-C1748C067C2A} - System32\Tasks\SweetLabs App Platform => C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CustomCLSID: HKU\S-1-5-21-1407781348-2952289101-2913086708-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\Users\Patrice\Dropbox:user.myxattr [0] FirewallRules: [{ABD410AD-93CB-4768-A9A1-13CE1844F5C6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{3635C8AD-7CB3-4259-A6A7-4EE361F6201A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{05390CEA-78CD-44BA-9148-729AB3B8C29D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{F3137A83-1F34-40F5-A3A6-A70524343D19}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [TCP Query User{35F09278-08F2-4600-9130-B36DF91C4A9B}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe No File FirewallRules: [UDP Query User{10F08DF4-5AB7-47AA-9909-8710963C3AB1}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe No File FirewallRules: [{96917F9B-5282-4707-9621-62CF87E283E0}] => (Allow) C:\Users\Patrice\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File FirewallRules: [TCP Query User{F001A61C-C69D-433C-BE11-CD09DD5CEC0F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File FirewallRules: [UDP Query User{25C24454-369A-43C8-B9F8-7FC3ABA999DE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File FirewallRules: [TCP Query User{3BD0754D-1D97-474E-ACC9-A3CC0390CE43}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe No File FirewallRules: [TCP Query User{956B6C8E-7502-4FB3-A3EC-BFDEB9AC8E5A}C:\program files\litecoincash\litecoincash-qt.exe] => (Allow) C:\program files\litecoincash\litecoincash-qt.exe No File FirewallRules: [UDP Query User{71ABA8C7-748F-4251-8240-466688142EA5}C:\program files\litecoincash\litecoincash-qt.exe] => (Allow) C:\program files\litecoincash\litecoincash-qt.exe No File C:\Users\Patrice\AppData\Local\SweetLabs App Platform 2019-?04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe Reboot: ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe => No running process found "C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll" => Value data removed successfully "C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" => Value data removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BFB6D85-7322-4A3C-A20C-C1748C067C2A}" => not found "C:\windows\System32\Tasks\SweetLabs App Platform" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => not found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully HKU\S-1-5-21-1407781348-2952289101-2913086708-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully C:\Windows => ":nlsPreferences" ADS removed successfully C:\Users\Patrice\Dropbox => ":user.myxattr" ADS could not remove. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABD410AD-93CB-4768-A9A1-13CE1844F5C6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3635C8AD-7CB3-4259-A6A7-4EE361F6201A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05390CEA-78CD-44BA-9148-729AB3B8C29D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3137A83-1F34-40F5-A3A6-A70524343D19}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35F09278-08F2-4600-9130-B36DF91C4A9B}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10F08DF4-5AB7-47AA-9909-8710963C3AB1}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96917F9B-5282-4707-9621-62CF87E283E0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F001A61C-C69D-433C-BE11-CD09DD5CEC0F}C:\program files (x86)\skype\phone\skype.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25C24454-369A-43C8-B9F8-7FC3ABA999DE}C:\program files (x86)\skype\phone\skype.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3BD0754D-1D97-474E-ACC9-A3CC0390CE43}C:\program files (x86)\skype\phone\skype.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{956B6C8E-7502-4FB3-A3EC-BFDEB9AC8E5A}C:\program files\litecoincash\litecoincash-qt.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71ABA8C7-748F-4251-8240-466688142EA5}C:\program files\litecoincash\litecoincash-qt.exe" => removed successfully "C:\Users\Patrice\AppData\Local\SweetLabs App Platform" => not found 2019-?04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14992458 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 2543762 B Edge => 0 B Chrome => 67005616 B Firefox => 11023634 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 220369 B systemprofile32 => 128 B LocalService => 9088 B NetworkService => 28622848 B UpdatusUser => 0 B Patrice => 55608149 B RecycleBin => 0 B EmptyTemp: => 179.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:07:44 ==== And the Malewarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/20/19 Scan Time: 1:16 PM Log File: 031c01b0-6390-11e9-adc1-8086f2a782f2.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10254 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: PATRICE\Patrice -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 279805 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 16 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  3. Sorry Nasdaq, Here is the FRST file pasted: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.04.2019 01 Ran by Patrice (administrator) on PATRICE (LENOVO 20289) (20-04-2019 09:35:38) Running from C:\Users\Patrice\Downloads Loaded Profiles: UpdatusUser & Patrice (Available Profiles: UpdatusUser & Patrice) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe (Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe (IOLO TECHNOLOGIES, LLC -> Copyright 2018.) C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe (Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe (Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Pokki -> Pokki) C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\SSTray.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBGovernor.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\SystemMechanic.exe (SatoshiLabs s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ToolKit.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-18] (Realtek Semiconductor Corp -> Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-22] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-22] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (IOLO TECHNOLOGIES, LLC -> Copyright 2018.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4871680 2017-09-06] (Sanford, L.P.) [File not signed] HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [2033664 2017-09-06] (Sanford, L.P.) [File not signed] HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\RunOnce: [Uninstall C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {2ae7fadd-8ec1-11e4-825b-8086f2a782f2} - "E:\setup.exe" HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {e04bab34-05dd-11e7-82be-8086f2a782f2} - "E:\setup.exe" HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {fe5a539d-a1a5-11e4-8263-8086f2a782f2} - "E:\VZW_Software_upgrade_assistant.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{d0869df6-64b0-4289-b483-9bff61394420}] -> C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfCredProv.dll [2014-05-22] (Lenovo (Beijing) Limited -> ) [File not signed] AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => No File AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA CORPORATION -> NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => No File AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA CORPORATION -> NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-05-22] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-02-24] ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> ) Startup: C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2018-11-21] ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> ) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03956B10-86F0-4580-B882-119254E5D0C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {0DA53A98-FA7D-4991-8ABB-7C0F24BEE63F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel(R) Update Manager -> Intel Corporation) Task: {114F45DF-07B7-477E-9531-C464FF390496} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.) Task: {14BFC19A-FBE4-4A2E-816D-CB0D3994CD9D} - System32\Tasks\Live Boost Process Governor => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {1B84197F-8697-431E-B778-21EE984F6AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {25B9EACD-7437-4C07-8FD1-EC63F46F280E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {28336419-6BEF-41D3-B19F-AF968ECBB23F} - System32\Tasks\Phoenix360\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {2FC820FB-2A3B-4B81-A272-71C65A59E3BE} - System32\Tasks\Phoenix360\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {36268AEA-A9AF-4A22-B590-AF0C0D7AD83F} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {47E6C795-B03D-455D-BE0F-EB98F7420071} - System32\Tasks\Phoenix360\ioloSystemShield => C:\Program Files (x86)\Phoenix360\System Mechanic\SSTray.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) Task: {4BFB6D85-7322-4A3C-A20C-C1748C067C2A} - System32\Tasks\SweetLabs App Platform => C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki) Task: {4EB89F86-4740-4A57-8393-E74FD691ADAD} - System32\Tasks\Phoenix360\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {65B6BD6E-3B2F-4017-92DC-591EC088FC7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation) Task: {6CECA0B0-07D9-489A-B3D5-8513A96F665A} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {786E35D5-C904-4211-9AA3-916311F0F44B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {9DB2662B-54CA-4828-84E1-6E9717FAF52C} - System32\Tasks\Phoenix360\ioloAVDefsDownloader => C:\Program Files (x86)\Phoenix360\System Mechanic\SSDefs.exe (iolo technologies, LLC -> iolo technologies, LLC) Task: {A4160F6D-2DF8-4392-9599-92ECBF34480F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel(R) Update Manager -> Intel Corporation) Task: {AFCC202B-B9A0-4175-9327-426B41EC6799} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) Task: {C1DC4994-FFAB-4C8D-AFBB-22692E079075} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {CF3C28BD-08FC-4900-8B0B-29B8E20CCBF4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1407781348-2952289101-2913086708-1002 => C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {DF9883AF-3803-4986-A2E2-EC723961FB69} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {DFA88BF2-6579-4F2C-8361-21AF00F41457} - System32\Tasks\Phoenix360\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (iolo technologies, LLC -> iolo technologies, LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{03FCB178-291C-4FE9-BD9E-C136837F06E0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5CC84C9A-2134-4FDA-A67F-DEE740F3C015}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies) FireFox: ======== FF DefaultProfile: 2xylln3o.default FF ProfilePath: C:\Users\Patrice\AppData\Roaming\Mozilla\Firefox\Profiles\2xylln3o.default [2019-04-20] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Patrice\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-01-22] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default [2019-04-20] CHR Extension: (Slides) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19] CHR Extension: (Ledger Manager) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-06] CHR Extension: (YouTube) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01] CHR Extension: (Google Search) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Sheets) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (TREZOR Chrome Extension) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2017-12-17] CHR Extension: (Cisco Webex Extension) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-06] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-06] CHR Extension: (MyEtherWallet) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2018-09-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26] CHR Extension: (Chrome Media Router) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-10] CHR HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) S3 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc -> Dropbox, Inc.) S3 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) S3 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2017-09-06] (Sanford, L.P.) [File not signed] S3 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> ) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1880864 2018-02-10] (Maxthon (Asia) Limited. -> Maxthon) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] (Intel Corporation-Mobile Wireless Group -> ) S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software) S3 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab Ltd -> PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab Ltd -> PointGrab LTD) S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> ) S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-05-22] (Lenovo (Beijing) Limited -> ) R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [133176 2018-10-12] (Cyren -> Cyren, Inc.) R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [130616 2018-10-12] (Cyren -> Cyren, Inc.) R2 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [193408 2018-10-12] (Cyren -> Cyren, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (IOLO TECHNOLOGIES, LLC -> Copyright 2018.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMP; C:\windows\system32\Drivers\amp.sys [202664 2018-10-15] (Cyren -> Cyren, Inc.) R2 AMPSE; C:\windows\system32\Drivers\ampse.sys [2065632 2018-10-15] (Cyren -> Cyren, Inc.) R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153328 2019-03-29] (Malwarebytes Corporation -> Malwarebytes) R1 excfs; C:\windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) R0 excsd; C:\windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) R3 igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [4216320 2013-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> ) R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> ) S3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> ) R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> ) R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [127136 2019-04-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73912 2019-04-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [114040 2019-04-16] (Malwarebytes Corporation -> Malwarebytes) R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [116440 2014-08-13] (Realtek Semiconductor Corp -> Realtek ) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink) R1 ZAM; C:\windows\System32\drivers\zam64.sys [250024 2019-04-13] (Zemana Ltd. -> Copyright 2017.) R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [250024 2019-04-13] (Zemana Ltd. -> Copyright 2017.) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-20 09:35 - 2019-04-20 09:37 - 000033033 _____ C:\Users\Patrice\Downloads\FRST.txt 2019-04-20 09:35 - 2019-04-20 09:35 - 000000000 ____D C:\Users\Patrice\Downloads\FRST-OlderVersion 2019-04-20 09:35 - 2019-04-20 09:35 - 000000000 ____D C:\FRST 2019-04-20 09:34 - 2019-04-20 09:35 - 002434048 _____ (Farbar) C:\Users\Patrice\Downloads\FRST64 (1).exe 2019-04-20 09:15 - 2019-04-20 09:15 - 000002274 _____ C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iolo Premium Support.lnk 2019-04-20 09:14 - 2019-04-20 09:14 - 002211568 _____ (LogMeIn, Inc.) C:\Users\Patrice\Downloads\Support-LogMeInRescue.exe 2019-04-16 16:57 - 2019-04-20 09:26 - 000073912 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2019-04-16 16:57 - 2019-04-20 09:25 - 000274416 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2019-04-16 16:57 - 2019-04-16 16:57 - 000127136 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2019-04-16 16:57 - 2019-04-16 16:57 - 000114040 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2019-04-13 08:39 - 2019-04-20 09:35 - 000066487 _____ C:\windows\ZAM.krnl.trace 2019-04-13 08:39 - 2019-04-20 09:35 - 000031575 _____ C:\windows\ZAM_Guard.krnl.trace 2019-04-13 08:39 - 2019-04-13 08:39 - 000250024 _____ (Copyright 2017.) C:\windows\system32\Drivers\zamguard64.sys 2019-04-13 08:39 - 2019-04-13 08:39 - 000250024 _____ (Copyright 2017.) C:\windows\system32\Drivers\zam64.sys 2019-04-13 08:39 - 2019-04-13 08:39 - 000001303 _____ C:\Users\Public\Desktop\Malware Killer.lnk 2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\Users\Patrice\AppData\Local\Zemana 2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\Users\Patrice\AppData\Local\Iolo Technologies 2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Killer 2019-04-13 08:37 - 2019-04-13 08:38 - 017496568 _____ (iolo technologies, LLC) C:\Users\Patrice\Downloads\MalwareKillerSetup.exe 2019-04-09 17:37 - 2019-04-09 17:37 - 000000000 ____D C:\windows\LastGood.Tmp 2019-04-09 16:39 - 2019-04-01 21:16 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2019-04-09 16:39 - 2019-03-26 12:11 - 007079936 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll 2019-04-09 16:39 - 2019-03-26 11:57 - 005276160 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll 2019-04-09 16:39 - 2019-03-26 11:40 - 007798272 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll 2019-04-09 16:39 - 2019-03-26 11:35 - 005270528 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll 2019-04-09 16:39 - 2019-03-26 04:16 - 001311976 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2019-04-09 16:39 - 2019-03-26 02:14 - 025736704 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2019-04-09 16:39 - 2019-03-26 01:52 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2019-04-09 16:39 - 2019-03-26 01:50 - 000577024 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2019-04-09 16:39 - 2019-03-26 01:12 - 020280832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2019-04-09 16:39 - 2019-03-26 01:08 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2019-04-09 16:39 - 2019-03-26 01:05 - 015284736 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2019-04-09 16:39 - 2019-03-26 01:00 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2019-04-09 16:39 - 2019-03-26 00:56 - 001040384 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2019-04-09 16:39 - 2019-03-26 00:51 - 000498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2019-04-09 16:39 - 2019-03-26 00:48 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2019-04-09 16:39 - 2019-03-26 00:48 - 001556992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2019-04-09 16:39 - 2019-03-26 00:24 - 013682176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2019-04-09 16:39 - 2019-03-26 00:08 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2019-04-09 16:39 - 2019-03-26 00:04 - 001332224 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2019-04-09 16:39 - 2019-03-20 21:29 - 002452432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2019-04-09 16:39 - 2019-03-16 00:03 - 002535664 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2019-04-09 16:39 - 2019-03-15 23:46 - 000805176 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2019-04-09 16:39 - 2019-03-15 23:36 - 001902752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2019-04-09 16:39 - 2019-03-15 23:29 - 000611656 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2019-04-09 16:39 - 2019-03-15 22:51 - 001755136 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll 2019-04-09 16:39 - 2019-03-15 22:49 - 001493504 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll 2019-04-09 16:39 - 2019-03-15 22:48 - 003324416 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2019-04-09 16:39 - 2019-03-15 22:47 - 003617280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2019-04-09 16:39 - 2019-03-14 01:57 - 007368952 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2019-04-09 16:39 - 2019-03-14 01:56 - 001677024 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2019-04-09 16:39 - 2019-03-14 01:56 - 001537560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2019-04-09 16:39 - 2019-03-13 15:13 - 001369096 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2019-04-09 16:39 - 2019-03-09 12:51 - 001115136 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2019-04-09 16:39 - 2019-03-09 12:35 - 001085952 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2019-04-09 16:39 - 2019-03-09 12:28 - 002348544 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2019-04-09 16:39 - 2019-03-09 12:19 - 001550848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2019-04-09 16:39 - 2019-03-09 12:01 - 003547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2019-04-09 16:39 - 2019-03-09 10:20 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll 2019-04-09 16:39 - 2019-02-09 14:55 - 022373096 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2019-04-09 16:39 - 2019-02-09 14:23 - 019790664 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2019-04-09 16:38 - 2019-03-30 16:57 - 000126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys 2019-04-09 16:38 - 2019-03-26 02:00 - 000035840 _____ (Microsoft Corporation) C:\windows\system32\sxssrv.dll 2019-04-09 16:38 - 2019-03-26 01:40 - 005777920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2019-04-09 16:38 - 2019-03-26 01:40 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2019-04-09 16:38 - 2019-03-26 01:22 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2019-04-09 16:38 - 2019-03-26 01:15 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2019-04-09 16:38 - 2019-03-26 01:10 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2019-04-09 16:38 - 2019-03-26 01:09 - 000381440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2019-04-09 16:38 - 2019-03-26 01:06 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2019-04-09 16:38 - 2019-03-26 00:43 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2019-04-09 16:38 - 2019-03-26 00:36 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2019-04-09 16:38 - 2019-03-26 00:29 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2019-04-09 16:38 - 2019-03-26 00:26 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2019-04-09 16:38 - 2019-03-26 00:23 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2019-04-09 16:38 - 2019-03-26 00:22 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2019-04-09 16:38 - 2019-03-26 00:22 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2019-04-09 16:38 - 2019-03-26 00:21 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2019-04-09 16:38 - 2019-03-26 00:02 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2019-04-09 16:38 - 2019-03-15 22:39 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll 2019-04-09 16:38 - 2019-03-15 22:39 - 000046080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll 2019-04-09 16:38 - 2019-03-09 13:08 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\oleprn.dll 2019-04-09 16:38 - 2019-03-09 12:47 - 000111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleprn.dll 2019-04-09 16:38 - 2019-03-09 12:43 - 003822080 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll 2019-04-09 16:38 - 2019-03-09 12:31 - 003274752 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll 2019-04-09 16:38 - 2019-03-09 10:20 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll 2019-04-09 16:38 - 2019-03-09 10:20 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll 2019-04-09 16:38 - 2019-03-09 10:20 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll 2019-04-09 16:38 - 2019-03-09 10:20 - 000340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll 2019-04-09 16:38 - 2019-02-24 10:43 - 001308456 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2019-04-09 16:38 - 2019-02-21 13:36 - 000059392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys 2019-04-09 16:38 - 2019-02-21 13:35 - 000684032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2019-04-09 16:38 - 2019-02-21 13:34 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys 2019-04-09 16:38 - 2019-02-21 13:34 - 000281088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys 2019-04-09 16:38 - 2019-02-21 12:31 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2019-04-09 16:38 - 2019-02-11 23:48 - 000092672 _____ (Microsoft Corporation) C:\windows\system32\dab.dll 2019-04-05 20:20 - 2019-04-05 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-04-05 17:48 - 2019-03-29 16:07 - 000835480 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe 2019-04-05 17:48 - 2019-03-29 16:07 - 000179608 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-03 16:59 - 2019-04-03 16:59 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe 2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys 2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys 2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys 2019-03-31 09:01 - 2019-03-31 09:01 - 000019896 _____ C:\Users\Patrice\Downloads\TaxStatement_2019 (1).pdf 2019-03-30 20:53 - 2019-03-30 20:53 - 000000355 _____ C:\Users\Patrice\Documents\Homegroup - Shortcut.lnk 2019-03-30 20:53 - 2019-03-30 20:53 - 000000355 _____ C:\Users\Patrice\Documents\Homegroup - Shortcut (2).lnk 2019-03-30 14:51 - 2019-03-30 14:51 - 000019896 _____ C:\Users\Patrice\Downloads\TaxStatement_2019.pdf 2019-03-29 20:18 - 2019-03-29 20:18 - 000198512 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys 2019-03-29 18:39 - 2019-04-13 09:46 - 000003158 _____ C:\windows\System32\Tasks\Live Boost Process Governor 2019-03-29 18:39 - 2019-03-29 18:40 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Phoenix360 2019-03-29 17:28 - 2019-03-29 17:28 - 000000000 ____D C:\ProgramData\Commtouch 2019-03-29 17:28 - 2019-03-29 17:28 - 000000000 ____D C:\Program Files\Common Files\Commtouch 2019-03-29 17:28 - 2018-10-15 02:49 - 002065632 ____R (Cyren, Inc.) C:\windows\system32\Drivers\ampse.sys 2019-03-29 17:28 - 2018-10-15 02:49 - 000202664 ____R (Cyren, Inc.) C:\windows\system32\Drivers\amp.sys 2019-03-29 17:24 - 2019-04-13 09:41 - 000000000 ____D C:\ProgramData\Phoenix360 2019-03-29 17:24 - 2019-04-13 08:39 - 000000000 ____D C:\windows\System32\Tasks\Phoenix360 2019-03-29 17:24 - 2019-04-13 08:39 - 000000000 ____D C:\Program Files (x86)\Phoenix360 2019-03-29 17:24 - 2019-03-29 17:24 - 000001826 _____ C:\Users\Public\Desktop\System Mechanic.lnk 2019-03-29 17:24 - 2019-03-29 17:24 - 000000000 ____D C:\Users\Patrice\AppData\Local\Phoenix360 2019-03-29 17:24 - 2019-03-29 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic 2019-03-29 17:24 - 2019-02-08 08:19 - 000082160 _____ (Raxco Software, Inc.) C:\windows\system32\Drivers\PDFsFilter.sys 2019-03-29 17:23 - 2019-04-13 08:38 - 000000000 ____D C:\Users\Patrice\AppData\Local\Downloaded Installations 2019-03-29 17:21 - 2019-03-29 17:22 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\iolo 2019-03-29 17:21 - 2019-03-29 17:21 - 000426352 _____ C:\Users\Patrice\Downloads\smpro_dm.exe 2019-03-29 16:20 - 2019-03-29 16:20 - 000000000 __SHD C:\found.001 2019-03-29 16:06 - 2019-03-29 16:06 - 000000000 __SHD C:\found.000 2019-03-27 15:43 - 2019-03-27 15:43 - 000000000 _____ C:\Users\Patrice\AppData\Local\{AF883D66-9E7C-4156-B6B9-6F6DFED173A9} 2019-03-25 16:42 - 2019-03-25 16:42 - 000002547 _____ C:\Users\Public\Desktop\TurboTax 2018.lnk 2019-03-25 16:42 - 2019-03-25 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2018 2019-03-25 16:04 - 2019-03-25 16:14 - 226743344 _____ C:\Users\Patrice\Downloads\TurboTax_Home__Business__State_2018_Tax_Software_PC_Download_Amazon_Exclusive.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-20 09:28 - 2014-12-26 11:40 - 000000000 __RDO C:\Users\Patrice\OneDrive 2019-04-20 09:28 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice 2019-04-20 09:28 - 2014-05-22 15:50 - 000000000 ____D C:\Users\UpdatusUser 2019-04-20 09:24 - 2013-08-22 10:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2019-04-20 09:15 - 2017-01-09 21:48 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2019-04-19 20:19 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice\AppData\Local\SweetLabs App Platform 2019-04-19 16:02 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps 2019-04-19 16:02 - 2013-08-22 11:36 - 000000000 ____D C:\windows\AppReadiness 2019-04-18 20:53 - 2014-12-26 20:18 - 000000000 ____D C:\Users\Patrice\Documents\Excel 2019-04-18 20:49 - 2014-12-26 11:44 - 000000000 ____D C:\Users\Patrice\AppData\Local\Deployment 2019-04-18 18:30 - 2013-08-22 11:36 - 000000000 ____D C:\windows\system32\NDF 2019-04-16 16:54 - 2013-08-22 09:25 - 000524288 ___SH C:\windows\system32\config\BBI 2019-04-15 16:04 - 2018-03-24 21:30 - 000000000 ____D C:\Users\Patrice\AppData\Local\Glance 2019-04-14 20:19 - 2018-03-21 16:29 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\DigiByte 2019-04-14 12:39 - 2014-12-26 11:39 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1407781348-2952289101-2913086708-1002 2019-04-14 12:16 - 2017-06-08 19:39 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Exodus 2019-04-14 12:13 - 2015-09-21 17:44 - 000000000 ____D C:\Users\Patrice\AppData\Local\ElevatedDiagnostics 2019-04-14 11:02 - 2018-07-26 18:45 - 000002247 _____ C:\Users\Patrice\Desktop\Exodus.lnk 2019-04-14 11:02 - 2017-06-08 19:39 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc 2019-04-14 11:01 - 2018-09-26 15:47 - 000000000 ____D C:\Users\Patrice\AppData\Local\exodus 2019-04-13 10:50 - 2013-08-22 09:36 - 000000000 ____D C:\windows\Inf 2019-04-13 09:45 - 2013-10-07 15:23 - 000000000 ____D C:\windows\Panther 2019-04-12 17:42 - 2014-12-26 20:14 - 000000000 ____D C:\Users\Patrice\Documents\PATRICE 2019-04-12 15:46 - 2015-04-11 11:38 - 000000000 ____D C:\Users\Patrice\AppData\Local\CrashDumps 2019-04-11 16:17 - 2014-12-26 11:46 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-11 16:17 - 2014-12-26 11:46 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-04-10 15:35 - 2015-10-30 20:17 - 000003308 _____ C:\windows\System32\Tasks\SweetLabs App Platform 2019-04-09 17:23 - 2014-12-26 11:33 - 000000454 _____ C:\Users\Patrice\Downloads\Desktop.lnk 2019-04-09 17:20 - 2013-08-22 10:44 - 000414800 _____ C:\windows\system32\FNTCACHE.DAT 2019-04-09 17:06 - 2013-08-22 11:36 - 000000000 ___RD C:\windows\ToastData 2019-04-09 17:05 - 2015-01-09 19:08 - 000000000 ___SD C:\windows\system32\CompatTel 2019-04-09 17:05 - 2015-01-09 19:08 - 000000000 ____D C:\windows\system32\appraiser 2019-04-09 17:02 - 2013-08-22 11:20 - 000000000 ____D C:\windows\CbsTemp 2019-04-09 16:55 - 2015-01-07 18:39 - 000000000 ____D C:\windows\system32\MRT 2019-04-09 16:44 - 2015-01-07 18:39 - 131129288 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2019-04-07 13:39 - 2015-01-17 21:52 - 000000000 ____D C:\windows\Minidump 2019-04-05 20:20 - 2017-01-09 21:48 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\windows\SysWOW64\NV 2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\windows\system32\NV 2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-04-03 19:29 - 2013-10-07 14:27 - 000866884 _____ C:\windows\system32\PerfStringBackup.INI 2019-04-01 15:26 - 2017-01-09 21:48 - 000000922 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2019-03-31 18:57 - 2014-12-26 11:44 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-03-31 18:52 - 2017-01-09 21:48 - 000003664 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore 2019-03-30 20:53 - 2015-01-14 21:01 - 000000000 ___RD C:\Users\Patrice\Dropbox 2019-03-30 17:52 - 2014-12-26 20:18 - 000000000 ____D C:\Users\Patrice\Documents\Adobe 2019-03-30 16:18 - 2014-12-26 20:17 - 000000000 ____D C:\Users\Patrice\Documents\TurboTax 2019-03-29 20:18 - 2019-03-01 11:44 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys 2019-03-29 18:33 - 2014-05-22 16:33 - 000000000 ____D C:\ProgramData\Temp 2019-03-29 18:00 - 2018-02-19 22:12 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LitecoinCash Core 2019-03-29 17:24 - 2014-05-22 16:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-03-27 17:10 - 2014-12-26 11:44 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-03-26 18:45 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice\AppData\Local\Packages 2019-03-25 16:41 - 2015-03-07 16:17 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Intuit 2019-03-25 16:41 - 2015-03-07 16:15 - 000000000 ____D C:\Program Files (x86)\TurboTax 2019-03-25 16:16 - 2015-03-07 16:16 - 000001254 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2019-03-23 07:47 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-03-23 07:46 - 2015-02-16 09:06 - 000000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2015-12-21 19:46 - 2015-12-21 19:46 - 000000017 _____ () C:\Users\Patrice\AppData\Local\resmon.resmoncfg 2019-03-27 15:43 - 2019-03-27 15:43 - 000000000 _____ () C:\Users\Patrice\AppData\Local\{AF883D66-9E7C-4156-B6B9-6F6DFED173A9} Some files in TEMP: ==================== 2019-04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2015-11-16 18:18 ==================== End of FRST.txt ============================ Addition.txt
  4. Thank you very much nasdaq, that was very fast I attach the files as requested. PaMal FRST.txt Addition.txt
  5. My Malewarebytes does not detect this temp file. I cannot kill it as it says i do not have administrative rights. Can you hep with this? Thank you PaMal
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.