Jump to content

LoganTheRed

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. LoganTheRed
    No I didn't, now I did Fixlog.txt msert.log
  2. LoganTheRed
    Hi Kevin, Both seem clean, I've attached the log anyway, the weird restart error and RegAsm.exe problems are persisting but I'm not seeing any other errors or symptoms so I guess I'm clean? If you have no other ideas I can probably just repair my OS and my mind will be at ease. Thank you for all your help, Logan
  3. LoganTheRed
    Hello Kevin, Scans have been Run and should be attached Thank you, Logan Search.txt Addition.txt FRST.txt
  4. LoganTheRed
    Hello Kevin, My computer seems better just two quick issues, first when I hit restart it crashes to the select OS mode that I attached before, and second on boot a terminal window comes up from the RegAsm.exe program, the options prompt appears, then closes itself. I assume these are both benign issues that are just leftovers from whatever caused the error but if you could confirm that they probably aren't malicious it would put my mind at ease. Thank you very much, Logan
  5. LoganTheRed
    Hello John, The scan finished and only found one thing, I have attached the report anyway but I don't think it is the malicious file. Let me know what you think and what I should do next. Thank you, Logan Fixlog.txt report_20200810_180813.txt
  6. LoganTheRed
    Hey Kevin, Done the repair with Farbar now just waiting on the Kaspersky scan, 2 million items and still scanning, once that's done I will attach the results and everything. Thank you for all your help and I hope to get it to you by tomorrow morning. Thanks, Logan
  7. LoganTheRed
    Good Afternoon Kevin, I have attached the requested files, I neglected to mention in my original post that I have run ADW cleaner in the past which is why it is so clean. Another small issue is that when I ran it and tried to do the repair feature it caused my computer to crash which I have added a picture of. All the rest is as I have described it previously and I was able to run FRST64 without issue. Let me know how it looks because I am still getting the pop ups about the trojan trying to send my data out every 30 seconds and it is quite frustrating. ADWCleaner: # ------------------------------- # Malwarebytes AdwCleaner 8.0.7.0 # ------------------------------- # Build: 07-22-2020 # Database: 2020-07-20.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-09-2020 # Duration: 00:00:00 # OS: Windows 8.1 # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2198 octets] - [04/08/2020 20:58:20] AdwCleaner[C00].txt - [2202 octets] - [04/08/2020 20:59:26] AdwCleaner[S01].txt - [1524 octets] - [04/08/2020 21:19:01] AdwCleaner[C01].txt - [1714 octets] - [04/08/2020 21:20:38] AdwCleaner[S02].txt - [1646 octets] - [04/08/2020 21:54:42] AdwCleaner[S03].txt - [1707 octets] - [04/08/2020 21:55:31] AdwCleaner[S04].txt - [1768 octets] - [04/08/2020 21:58:32] AdwCleaner[C04].txt - [1958 octets] - [04/08/2020 21:58:58] AdwCleaner[S05].txt - [1890 octets] - [04/08/2020 22:33:59] AdwCleaner[S06].txt - [1951 octets] - [09/08/2020 16:37:01] AdwCleaner[S07].txt - [2012 octets] - [09/08/2020 16:47:41] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ########## FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020 Ran by Logan (administrator) on LOGAN-BOX (09-08-2020 17:30:08) Running from C:\Users\Logan\Desktop Loaded Profiles: Logan Platform: Windows 8.1 (Update) (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe () [File not signed] C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe () [File not signed] C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe () [File not signed] C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe () [File not signed] C:\Program Files\REAL 5.1 GAME AUDIO-VISUAL HEADSET\CPL\FaceLift_x64.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe <2> (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Intel CASE -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Software -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Marvell Semiconductor -> Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\MSI\Smart Utilities\SuperRAIDSvc.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (MSI CO.,LTD.) [File not signed] C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\CPU_Ratio.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel CASE -> Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [Cm106Sound] => C:\Program Files\REAL 5.1 GAME AUDIO-VISUAL HEADSET\CPL\FaceLift_x64.exe [2358784 2014-09-01] () [File not signed] HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [814064 2014-04-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\StartLiveUpdate.exe [579056 2014-03-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] () [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [84008696 2019-12-08] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3377440 2020-07-31] (Valve -> Valve Corporation) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-09] (Google Inc -> Google Inc.) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [BingSvc] => C:\Users\Logan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-06] (Microsoft Corporation -> © 2015 Microsoft Corporation) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Discord] => C:\Users\Logan\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-06-09] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [uTorrent] => C:\Users\Logan\AppData\Roaming\uTorrent\uTorrent.exe [2091760 2020-08-02] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32406416 2020-07-28] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24211952 2019-12-20] (Plex, Inc. -> Plex, Inc.) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Logan\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-01-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [VersionRecover] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [64704 2019-03-28] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {22b31dac-1a1c-11e6-82dc-448a5b9e1370} - "V:\setup.exe" HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {22b321ff-1a1c-11e6-82dc-448a5b9e1370} - "V:\setup.exe" HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {dd2ce76d-2879-11e7-8340-448a5b9e1370} - "E:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24211952 2019-12-20] (Plex, Inc. -> Plex, Inc.) HKLM\...\Windows x64\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\x64\hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc) HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\Windows\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-07-29] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2017 Fast Start.lnk [2017-10-04] ShortcutTarget: SOLIDWORKS 2017 Fast Start.lnk -> C:\Windows\Installer\{BB965FD0-077F-4CA4-BFD1-39FFEFF15770}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) [File not signed] Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-23] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File) Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-10] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File) InternetURL: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.url -> URL: "C:\Users\Logan\AppData\Roaming\spoolsvc\fMlkwA.vbs" Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-12-21] ShortcutTarget: Twitch.lnk -> C:\Users\Logan\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0BC8ACB2-2D82-4DBE-801E-37FDC74AAD26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe) Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {23F9787E-10D8-49DF-9C3C-F727EEC80B01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {29C850E4-8DF0-48E5-ADD8-7181D8929273} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) Task: {4AD803DC-5DFF-465C-8F24-E59E45D65614} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {5A8AF15E-10F4-4CBC-9FB3-95F46AB54CF0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Task: {5ABC681E-1F45-447D-A368-F3D0DA96786E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Task: {6010D44E-05B8-4D3E-9A92-ED3B385E36D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2220832 2015-07-08] (Microsoft Corporation -> Microsoft) Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {6FFBF5D6-330E-4310-9FBC-9E8694A8CFDB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [123600 2020-07-30] (Mozilla Corporation -> Mozilla Foundation) Task: {7EF25437-9108-46EB-8C07-9020AAB19981} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Task: {80D630EB-5F75-4103-A1F1-F1DD2DBCD919} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Task: {8860387A-9D4A-4890-BE51-694DB322FFE2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1568032 2015-07-08] (Microsoft Corporation -> Microsoft Corporation) Task: {8F55BE81-0565-43E3-BC62-DD80075B5EB1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-14] (Adobe Inc. -> Adobe) Task: {9C319CA6-44E8-4A05-821E-3CB9F9BE4D56} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2201376 2015-07-08] (Microsoft Corporation -> Microsoft Corporation) Task: {A75C3D6D-E5BB-4C05-B76C-F08A2B397ECF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443736 2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Task: {ACC5095A-E5D1-4C23-8FD8-A0F9DB714AE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe Task: {B395A55E-BA62-4B93-88F6-3B7EA3DAB5A7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2201376 2015-07-08] (Microsoft Corporation -> Microsoft Corporation) Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {B9B022FB-5F61-49A0-88C5-D941399FFAC5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) Task: {BC54C569-CD3E-4A94-A3BA-9FEE9A711210} - System32\Tasks\{37C04311-B68D-4868-A4C1-6A8E3045953F} => C:\Windows\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.admin.exe" -d "C:\Riot Games\League of Legends" Task: {C4D24E33-A0EE-49BF-8E0F-0B1E31EB99C4} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013600 2018-04-13] (NVIDIA Corporation -> ) Task: {C534D7F9-2859-441F-90AD-E92DE8F11AEB} - System32\Tasks\MATLAB R2016b Startup Accelerator => C:\Program Files\MATLAB\R2016b\bin\win64\MATLABStartupAccelerator.exe [44544 2016-07-22] () [File not signed] Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {E6127D08-F533-45CA-BAB2-14C66D2B74C9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1568032 2015-07-08] (Microsoft Corporation -> Microsoft Corporation) Task: {FA02BFD9-E00D-4952-9E36-B67F2FBB0CED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\MATLAB R2016b Startup Accelerator.job => C:\Program Files\MATLAB\R2016b\bin\win64\MATLABStartupAccelerator.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{1414858B-05C5-4A11-A055-6595D8E63A5C}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1E3B2E66-0E67-49DB-8815-BD185B2AF5CF}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{490F228C-5CCF-48BC-945D-23A9FE777205}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{60CCFD18-5DF8-45CE-9F0F-93A494C9B149}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-388570003-4217937664-1560118732-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc -> Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== Edge Profile: C:\Users\Logan\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-02] FireFox: ======== FF DefaultProfile: t2ni5s2y.default FF ProfilePath: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\t2ni5s2y.default [2020-08-09] FF Homepage: Mozilla\Firefox\Profiles\t2ni5s2y.default -> hxxps://www.malwarebytes.org/restorebrowser/ FF SearchPlugin: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\t2ni5s2y.default\searchplugins\bing-lavasoft-ff59.xml [2019-04-19] FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\NPCOMP~1.DLL [2017-02-03] (Dassault Systemes SE -> Dassault Systemes) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2017-02-03] (Dassault Systemes SE -> Dassault Systemes) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> ) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-388570003-4217937664-1560118732-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Logan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-388570003-4217937664-1560118732-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Logan\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-11-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default [2020-08-09] CHR Notifications: Default -> hxxp://play.pokemonshowdown.com; hxxps://play.pokemonshowdown.com; hxxps://www.curse.com CHR Extension: (Slides) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-09] CHR Extension: (Google Search) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Sheets) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-09] CHR Extension: (BehindTheOverlay) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-02-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-25] CHR Profile: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-03-15] CHR Extension: (Google Slides) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09] CHR Extension: (Google Docs) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09] CHR Extension: (Google Drive) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-09] CHR Extension: (YouTube) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09] CHR Extension: (Google Search) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09] CHR Extension: (Google Sheets) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09] CHR Extension: (Gmail) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09] CHR HKU\S-1-5-21-388570003-4217937664-1560118732-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11118984 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-03-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Incorporated -> Foxit Software Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2017-02-03] (Intel(R) Software Development Products -> Intel Corporation) S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] (Intel CASE -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-02] (Malwarebytes Inc -> Malwarebytes) S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed] S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [313856 2014-03-26] () [File not signed] R3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4115456 2014-03-31] () [File not signed] R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-04-02] () [File not signed] S3 MSISaveLoad_CC; C:\Program Files (x86)\MSI\Command Center\MSISaveLoadService.exe [3957760 2014-03-24] () [File not signed] S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [183808 2014-03-26] () [File not signed] R3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-03-24] () [File not signed] S3 MSIWMI_CC; C:\Program Files (x86)\MSI\Command Center\MSIWMIService.exe [183296 2014-03-24] () [File not signed] S2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International) S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed] R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2143736 2019-12-20] (Plex, Inc. -> Plex, Inc.) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-12-17] (Even Balance, Inc. -> ) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-04-29] (SolidWorks) [File not signed] S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation) S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [24048 2014-04-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R2 SWVisualize2017.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [26008 2017-02-03] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13086224 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-03-14] (Intel(R) Software -> Intel(R) Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel(R) Software -> Intel Corporation) R3 CMUAC; C:\Windows\system32\DRIVERS\CMUAC.sys [595456 2014-09-04] (C-MEDIA ELECTRONICS INC. -> C-MEDIA) S3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2018-07-06] (CPUID -> CPUID) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-02] (Malwarebytes Corporation -> Malwarebytes) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-02-18] (Intel(R) Software -> Intel Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197264 2020-08-09] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-09] (Malwarebytes Inc -> Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2020-08-09] (Malwarebytes Inc -> Malwarebytes) R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] (Marvell Semiconductor -> ) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (Micro-Star Int'l Co. Ltd. -> MSI) S3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [File not signed] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-08-09 17:21 - 2020-08-09 17:30 - 000000000 ____D C:\FRST 2020-08-09 17:19 - 2020-08-09 17:19 - 002296320 _____ (Farbar) C:\Users\Logan\Desktop\FRST64 (1).exe 2020-08-09 17:18 - 2020-08-09 17:19 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (5).exe 2020-08-09 17:14 - 2020-08-09 17:14 - 000197264 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-08-09 17:13 - 2020-08-09 17:13 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-08-09 17:13 - 2020-08-09 17:13 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-08-09 17:04 - 2020-08-09 17:04 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (4).exe 2020-08-09 16:36 - 2020-08-09 16:36 - 008414384 _____ (Malwarebytes) C:\Users\Logan\Downloads\adwcleaner_8.0.7 (1).exe 2020-08-09 16:36 - 2020-08-09 16:36 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (3).exe 2020-08-09 16:35 - 2020-08-09 16:35 - 178209800 _____ (Malwarebytes) C:\Users\Logan\Downloads\mb4-setup-consumer-4.1.2.179-1.0.1003-1.0.27984.exe 2020-08-09 16:33 - 2020-08-09 16:33 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (2).exe 2020-08-05 20:49 - 2020-08-05 20:49 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (1).exe 2020-08-05 00:37 - 2020-08-05 00:40 - 000000000 ____D C:\NPE 2020-08-04 22:45 - 2020-08-04 22:45 - 009615808 _____ (NortonLifeLock Inc.) C:\Users\Logan\Downloads\NPE.exe 2020-08-04 22:39 - 2020-08-04 22:39 - 002295808 _____ (Farbar) C:\Users\Logan\Downloads\FRST64.exe 2020-08-04 20:55 - 2020-08-04 20:59 - 000000000 ____D C:\AdwCleaner 2020-08-04 20:55 - 2020-08-04 20:55 - 008414384 _____ (Malwarebytes) C:\Users\Logan\Downloads\adwcleaner_8.0.7.exe 2020-08-04 19:31 - 2020-08-04 19:31 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\Puppygames 2020-08-03 01:22 - 2020-08-03 01:22 - 000000000 ____D C:\Users\Logan\Downloads\Adobe Photoshop 2020 v21.0.2.57 (x64) Pre-Cracked 2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\Users\Public\Documents\Monolith Productions 2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\ProgramData\Trymedia 2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\ProgramData\Documents\Monolith Productions 2020-08-03 01:13 - 2007-05-07 00:08 - 000000000 ____D C:\Users\Logan\Desktop\FEAR 2020-08-03 01:04 - 2020-08-07 17:40 - 000000000 ____D C:\Users\Logan\Downloads\[PC] F. E. A. R. [FINAL] [RIP] [dopeman] 2020-08-02 19:37 - 2020-08-02 19:37 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-08-02 19:37 - 2020-08-02 19:37 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-08-02 19:37 - 2020-08-02 19:37 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-08-02 19:37 - 2020-08-02 19:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-08-02 19:36 - 2020-08-02 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-08-02 19:33 - 2020-08-02 19:33 - 002025944 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup.exe 2020-08-02 19:18 - 2020-08-02 19:18 - 000000000 __SHD C:\Users\Logan\AppData\Roaming\spoolsvc 2020-08-02 19:17 - 2020-08-02 19:17 - 001564823 _____ C:\ProgramData\6071 2020-08-02 19:17 - 2020-08-02 19:17 - 000000116 _____ C:\Users\Logan\AppData\Roaming\hero.md 2020-08-02 19:17 - 2020-08-02 19:17 - 000000024 _____ C:\ProgramData\930976.bat 2020-08-02 19:17 - 2020-08-02 19:17 - 000000000 ____D C:\ProgramData\60 2020-08-02 19:16 - 2020-08-03 20:58 - 000000000 ____D C:\Program Files (x86)\VidBid 2020-08-02 19:16 - 2020-08-02 19:37 - 000000000 ____D C:\Users\Logan\AppData\Roaming\frreznsqigu 2020-08-02 19:16 - 2020-08-02 19:16 - 000000000 ____D C:\ProgramData\S6YVTYGHZTXG564CAOYGBX6UB 2020-08-02 19:16 - 2020-08-02 19:16 - 000000000 ____D C:\Program Files (x86)\Kobo 2020-08-02 19:15 - 2020-08-02 20:08 - 000000000 ____D C:\Program Files (x86)\esshim 2020-08-02 19:15 - 2020-08-02 19:36 - 000000000 ____D C:\Program Files (x86)\ieiez 2020-08-02 17:00 - 2020-08-02 17:00 - 000000000 ____D C:\Users\Logan\AppData\Roaming\RenPy 2020-07-31 23:33 - 2020-07-31 23:33 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2020-07-31 20:31 - 2020-07-31 23:01 - 000000000 ____D C:\Program Files (x86)\UnRealWorld 2020-07-31 20:31 - 2020-07-31 20:31 - 000001927 _____ C:\Users\Public\Desktop\UnReal World.lnk 2020-07-31 20:31 - 2020-07-31 20:31 - 000001927 _____ C:\ProgramData\Desktop\UnReal World.lnk 2020-07-31 20:31 - 2020-07-31 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnReal World 3.62 2020-07-31 20:29 - 2020-07-31 20:30 - 034881211 _____ C:\Users\Logan\Downloads\urw-3.62.exe 2020-07-30 19:35 - 2020-08-02 19:19 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-07-28 18:47 - 2020-07-28 18:47 - 000864317 _____ C:\Users\Logan\Downloads\AutoClicker.exe 2020-07-28 18:47 - 2020-07-28 18:47 - 000000000 ____D C:\Users\Logan\Downloads\ACLib 2020-07-14 18:49 - 2020-07-14 18:49 - 009585208 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2020-07-14 15:31 - 2020-07-08 06:56 - 001370688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2020-07-14 15:31 - 2020-07-08 03:40 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2020-07-14 15:31 - 2020-07-01 22:57 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2020-07-14 15:31 - 2020-07-01 22:43 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2020-07-14 15:31 - 2020-06-12 18:53 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2020-07-14 15:31 - 2020-06-12 17:39 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2020-07-14 15:31 - 2020-06-12 17:25 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll 2020-07-14 15:31 - 2020-06-12 13:37 - 000537616 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2020-07-14 15:31 - 2020-06-12 12:56 - 000450296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2020-07-14 15:31 - 2020-06-12 09:29 - 001549560 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2020-07-14 15:31 - 2020-06-11 16:18 - 007362288 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2020-07-14 15:31 - 2020-06-11 01:03 - 022378304 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2020-07-14 15:31 - 2020-06-11 01:03 - 000723008 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2020-07-14 15:31 - 2020-06-11 00:56 - 000806200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2020-07-14 15:31 - 2020-06-11 00:37 - 019803064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2020-07-14 15:31 - 2020-06-11 00:37 - 000561896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2020-07-14 15:31 - 2020-06-11 00:33 - 000613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2020-07-14 15:31 - 2020-06-11 00:16 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2020-07-14 15:31 - 2020-06-10 23:41 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2020-07-14 15:31 - 2020-06-10 23:41 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2020-07-14 15:31 - 2020-06-10 23:39 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll 2020-07-14 15:31 - 2020-06-10 23:14 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll 2020-07-14 15:31 - 2020-06-10 23:04 - 015479296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2020-07-14 15:31 - 2020-06-10 22:56 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll 2020-07-14 15:31 - 2020-06-10 22:54 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll 2020-07-14 15:31 - 2020-06-10 22:46 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2020-07-14 15:31 - 2020-06-10 22:45 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll 2020-07-14 15:31 - 2020-06-10 22:44 - 014534656 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2020-07-14 15:31 - 2020-06-10 22:42 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll 2020-07-14 15:31 - 2020-06-10 22:42 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll 2020-07-14 15:31 - 2020-06-10 22:37 - 007800320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2020-07-14 15:31 - 2020-06-10 22:37 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll 2020-07-14 15:31 - 2020-06-10 22:35 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2020-07-14 15:31 - 2020-06-10 22:35 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll 2020-07-14 15:31 - 2020-06-10 22:29 - 005272064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2020-07-14 15:31 - 2020-06-10 22:27 - 001728512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2020-07-14 15:31 - 2020-06-10 22:22 - 001547264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2020-07-14 15:31 - 2020-06-09 01:12 - 001764872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2020-07-14 15:31 - 2020-06-09 01:05 - 000357824 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2020-07-14 15:31 - 2020-06-09 00:37 - 001489528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2020-07-14 15:31 - 2020-06-08 23:06 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2020-07-14 15:31 - 2020-06-06 15:58 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2020-07-14 15:31 - 2020-06-05 18:09 - 000430832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2020-07-14 15:31 - 2020-06-05 18:06 - 000320240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2020-07-14 15:31 - 2020-06-05 12:20 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2020-07-14 15:31 - 2020-06-05 12:16 - 000964096 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2020-07-14 15:31 - 2020-06-05 12:15 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2020-07-14 15:31 - 2020-06-05 12:15 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2020-07-14 15:31 - 2020-06-05 12:14 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2020-07-14 15:31 - 2020-06-05 12:06 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2020-07-14 15:31 - 2020-06-05 11:39 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2020-07-14 15:31 - 2020-06-04 15:33 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2020-07-14 15:31 - 2020-06-04 15:32 - 002535960 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2020-07-14 15:31 - 2020-06-04 14:25 - 000427584 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll 2020-07-14 15:31 - 2020-06-04 14:21 - 000368240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll 2020-07-14 15:31 - 2020-06-04 09:58 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll 2020-07-14 15:31 - 2020-06-04 09:47 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll 2020-07-14 15:31 - 2020-06-04 09:43 - 000699904 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2020-07-14 15:31 - 2020-06-04 09:38 - 000628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2020-07-14 15:31 - 2020-06-03 14:40 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2020-07-14 15:31 - 2020-06-03 14:08 - 006220288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2020-07-14 15:31 - 2020-06-03 12:43 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2020-07-14 15:31 - 2020-06-03 12:12 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2020-07-14 15:31 - 2020-06-03 11:52 - 007040000 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2020-07-14 15:30 - 2020-07-08 04:28 - 000129024 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2020-07-14 15:30 - 2020-07-02 00:05 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2020-07-14 15:30 - 2020-07-01 23:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2020-07-14 15:30 - 2020-06-15 23:11 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll 2020-07-14 15:30 - 2020-06-12 20:29 - 000092944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll 2020-07-14 15:30 - 2020-06-12 19:27 - 000073776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll 2020-07-14 15:30 - 2020-06-10 23:52 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2020-07-14 15:30 - 2020-06-10 23:42 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll 2020-07-14 15:30 - 2020-06-10 23:41 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2020-07-14 15:30 - 2020-06-10 23:25 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2020-07-14 15:30 - 2020-06-10 23:24 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2020-07-14 15:30 - 2020-06-10 23:19 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2020-07-14 15:30 - 2020-06-10 23:17 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2020-07-14 15:30 - 2020-06-10 23:16 - 000148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll 2020-07-14 15:30 - 2020-06-10 23:15 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2020-07-14 15:30 - 2020-06-10 23:13 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2020-07-14 15:30 - 2020-06-10 23:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2020-07-14 15:30 - 2020-06-10 23:04 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll 2020-07-14 15:30 - 2020-06-10 23:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2020-07-14 15:30 - 2020-06-10 22:59 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2020-07-14 15:30 - 2020-06-10 22:57 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2020-07-14 15:30 - 2020-06-10 22:56 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll 2020-07-14 15:30 - 2020-06-10 22:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2020-07-14 15:30 - 2020-06-10 22:52 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2020-07-14 15:30 - 2020-06-10 22:52 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2020-07-14 15:30 - 2020-06-10 22:50 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2020-07-14 15:30 - 2020-06-10 22:49 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll 2020-07-14 15:30 - 2020-06-10 22:48 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll 2020-07-14 15:30 - 2020-06-10 22:44 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll 2020-07-14 15:30 - 2020-06-10 22:40 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2020-07-14 15:30 - 2020-06-10 22:39 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2020-07-14 15:30 - 2020-06-10 22:32 - 003317248 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll 2020-07-14 15:30 - 2020-06-10 22:31 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2020-07-14 15:30 - 2020-06-10 22:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2020-07-14 15:30 - 2020-06-10 22:28 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2020-07-14 15:30 - 2020-06-10 22:27 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2020-07-14 15:30 - 2020-06-09 01:12 - 000374008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2020-07-14 15:30 - 2020-06-09 00:36 - 000316152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2020-07-14 15:30 - 2020-06-09 00:31 - 000255104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2020-07-14 15:30 - 2020-06-09 00:15 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2020-07-14 15:30 - 2020-06-08 23:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2020-07-14 15:30 - 2020-06-08 23:27 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2020-07-14 15:30 - 2020-06-08 23:18 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2020-07-14 15:30 - 2020-06-08 23:03 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2020-07-14 15:30 - 2020-06-05 12:15 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2020-07-14 15:30 - 2020-06-05 12:15 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2020-07-14 15:30 - 2020-06-05 12:14 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2020-07-14 15:30 - 2020-06-05 12:14 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2020-07-14 15:30 - 2020-06-05 12:09 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2020-07-14 15:30 - 2020-06-05 12:06 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll 2020-07-14 15:30 - 2020-06-05 12:06 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll 2020-07-14 15:30 - 2020-06-05 11:39 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2020-07-14 15:30 - 2020-06-03 14:48 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2020-07-14 15:30 - 2020-06-03 14:20 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll 2020-07-14 15:30 - 2020-06-03 14:19 - 000505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2020-07-14 15:30 - 2020-06-03 12:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2020-07-14 15:30 - 2020-06-03 12:25 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2020-07-14 15:30 - 2020-06-03 12:24 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2020-07-14 15:30 - 2020-06-03 12:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-08-09 17:30 - 2011-11-21 23:08 - 000125952 _____ C:\Windows\SysWOW64\freqdb.db 2020-08-09 17:21 - 2016-11-15 03:17 - 000000566 _____ C:\Windows\Tasks\MATLAB R2016b Startup Accelerator.job 2020-08-09 17:15 - 2015-01-08 23:53 - 000000000 __RDO C:\Users\Logan\OneDrive 2020-08-09 17:12 - 2018-02-16 18:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-08-09 17:10 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-08-09 17:09 - 2015-01-09 16:42 - 000000000 ____D C:\ProgramData\NVIDIA 2020-08-09 16:50 - 2018-03-09 21:14 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\Mozilla 2020-08-09 16:43 - 2020-05-02 01:40 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\IGDump 2020-08-09 15:15 - 2015-01-09 00:37 - 003766784 ___SH C:\Users\Logan\Desktop\Thumbs.db 2020-08-09 14:55 - 2015-01-08 23:55 - 000003786 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{5D6E93DF-8F04-46ED-804D-261BDE051576} 2020-08-07 19:05 - 2014-03-18 06:03 - 001005078 _____ C:\Windows\system32\PerfStringBackup.INI 2020-08-07 19:05 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf 2020-08-07 18:52 - 2015-01-09 00:05 - 000000000 ____D C:\Program Files (x86)\Steam 2020-08-07 00:55 - 2015-01-08 23:58 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-388570003-4217937664-1560118732-1001 2020-08-06 18:40 - 2017-07-26 21:51 - 000003176 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-388570003-4217937664-1560118732-1001 2020-08-06 18:40 - 2016-04-25 14:57 - 000002337 _____ C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2020-08-05 20:53 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\LiveKernelReports 2020-08-05 01:11 - 2016-05-14 17:27 - 000000000 ____D C:\Users\Logan\AppData\Local\NPE 2020-08-04 21:06 - 2015-01-08 23:52 - 000000000 ____D C:\Users\Logan 2020-08-04 19:18 - 2019-04-19 18:17 - 000000000 ____D C:\Users\Logan\AppData\Roaming\uTorrent 2020-08-04 17:21 - 2019-04-19 18:18 - 000000000 ____D C:\Users\Logan\AppData\Local\BitTorrentHelper 2020-08-03 12:11 - 2015-01-25 21:53 - 000000000 ____D C:\Users\Logan\AppData\Local\CrashDumps 2020-08-03 01:03 - 2020-05-13 19:20 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\uTorrent 2020-08-02 20:05 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-08-02 19:37 - 2020-05-02 01:39 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-08-02 19:37 - 2020-05-02 01:39 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-08-02 19:19 - 2018-03-09 21:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-07-31 23:33 - 2018-03-09 21:14 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-07-31 13:45 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness 2020-07-31 13:40 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-07-29 18:06 - 2015-01-08 23:57 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-07-25 23:19 - 2019-11-09 15:35 - 000000000 ____D C:\Users\Logan\AppData\Roaming\Vortex 2020-07-24 19:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache 2020-07-22 23:41 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-07-22 23:39 - 2015-01-09 23:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-07-19 16:27 - 2015-01-09 00:28 - 000000000 ____D C:\Users\Logan\AppData\Local\ElevatedDiagnostics 2020-07-16 00:35 - 2013-08-22 10:44 - 000526712 _____ C:\Windows\system32\FNTCACHE.DAT 2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData 2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\setup 2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\setup 2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\System 2020-07-16 00:29 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp 2020-07-14 18:49 - 2018-03-14 11:49 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-07-14 18:49 - 2015-12-29 01:19 - 000004288 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-07-14 18:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-07-14 18:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed 2020-07-13 00:27 - 2015-01-30 23:01 - 000000000 ____D C:\Users\Logan\Documents\Nexus Mod Manager 2020-07-12 15:19 - 2015-01-13 23:20 - 000000000 ____D C:\Users\Logan\AppData\Local\Skyrim 2020-07-11 11:54 - 2020-05-10 20:38 - 000000000 ____D C:\Users\Logan\Desktop\Mom Dat ==================== Files in the root of some directories ======== 2020-08-02 19:17 - 2020-08-02 19:17 - 000000024 _____ () C:\ProgramData\930976.bat 2020-08-02 19:17 - 2020-08-02 19:17 - 000000116 _____ () C:\Users\Logan\AppData\Roaming\hero.md 2017-12-07 04:10 - 2017-12-07 04:10 - 000037145 _____ () C:\Users\Logan\AppData\Roaming\XFLR5.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-07-30 01:20 ==================== End of FRST.txt ======================== Thank you, Logan FRST.txt Addition.txt AdwCleaner[C07].txt MalwareResults.txt
  8. LoganTheRed
    Hello I am in need of help, I did something not smart and downloaded and ran something I probably should not have. I realized my mistake (hopefully) before anything too bad was transferred or installed and unplugged my computer to hard reset it. I dow nloaded malwarebytes immediately and cleaned a bunch of malicious programs off my computer and everything was fine, until a few days later when I ran a scan again. Now almost every time I run a scan whether or not I have restarted, malwarebytes finds and flags a file in c:\users\Logan\AppData\Local\Microsoft\spoolsvc.exe, a file I have removed multiple times as the screen snip will show, additionally sometimes when I try to go online Malwarebytes pops up a warning about my computer trying to access the IP address 45.139.236.222 and lists the file as C:\Windows\Microsoft.NET\Framework\v.4.0.030329\RegAsm.exe a file I have also tried to delete to no effect, but often starts on boot with a pop up with random gibberish that seems to be different every time. I am currently using the trial version and would buy the premium version if necessary, but I would like to know if this problem can be solved and what steps are necessary to purge my computer. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.