Jump to content

MalwareBytes blocking Inbound and Outbound requests.


Recommended Posts

Hi!

MalwareBytes is periodically preventing requests both inbound and outbound to several different IPs.

I have done several scans attempting to resolve this problem on my own but as you can tell, I have failed.

Before, I was getting requests sent to svchost.exe in my system32 folder and now it's Skype.exe.

 

I don't have any P2P software installed on my computer that I know of.

 

Attached Files

FRST.txtAddition.txt

Link to post
Share on other sites

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder location in Edge:

Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Please open Malwarebytes Anti-Malware.
 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.
 

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

AdwCleaner[C1]

# AdwCleaner v5.037 - Logfile created 04/03/2016 at 19:53:55# Updated 28/02/2016 by Xplode# Database : 2016-03-02.1 [Server]# Operating system : Windows 10 Home  (x64)# Username : Benjamin - XOLBSTUDIOS# Running from : C:\Users\Benjamin\Desktop\AdwCleaner.exe# Option : Clean# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam[-] Folder Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao[-] Folder Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl***** [ Files ] *****[-] File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam[-] File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage[-] File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage***** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] *****[-] Task Deleted : update-S-1-5-21-2251632056-896844064-4208290491-1001[-] Task Deleted : update-sys[-] Task Deleted : update-S-1-5-21-2251632056-896844064-4208290491-1001[-] Task Deleted : update-sys***** [ Registry ] ********** [ Web browsers ] *****[-] [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com[-] [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com[-] [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehoopddfhgaehhmphfcooacjdpmbjlao[-] [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nonjdcjchghhkdoolnlbekcfllmednbl[-] [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam*************************:: "Tracing" keys removed:: Winsock settings cleared*************************C:\AdwCleaner\AdwCleaner[C1].txt - [2423 bytes] - [04/03/2016 19:53:55]C:\AdwCleaner\AdwCleaner[S1].txt - [2396 bytes] - [04/03/2016 19:51:29]########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2569 bytes] ##########

FRST Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-03-2016Ran by Benjamin (administrator) on XOLBSTUDIOS (04-03-2016 19:58:53)Running from C:\Users\Benjamin\DesktopLoaded Profiles: Benjamin (Available Profiles: Benjamin)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Apache Software Foundation) C:\Apache24\bin\httpd.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe() C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe() C:\Program Files\Alienware\Command Center\MSIControlService.exe() C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe() C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe() C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe(Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Apache Software Foundation) C:\Apache24\bin\httpd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe() C:\Program Files\Stagelight\StagelightUpdate.exe(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe(Spotify Ltd) C:\Users\Benjamin\AppData\Roaming\Spotify\SpotifyWebHelper.exe() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe() C:\Program Files\Rainmeter\Rainmeter.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\GamePanel.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-24] (Alienware)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2014-10-16] (NVIDIA Corporation)HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe [1397208 2014-08-20] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXEHKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\Run: [GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\Run: [Spotify] => C:\Users\Benjamin\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-02-19] (Spotify Ltd)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\Run: [Spotify Web Helper] => C:\Users\Benjamin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-19] (Spotify Ltd)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\Run: [Discord] => C:\Users\Benjamin\AppData\Local\Discord\app-0.0.284\Discord.exe [53420216 2016-02-09] (Hammer & Chisel, Inc.)HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\RunOnce: [Uninstall C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2015-09-11] (SoftThinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2015-09-11] (SoftThinks SAS)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-06-24]ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{EEFEFA96-8A1A-4B0F-AF69-FFDE5CD9692D}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-11-14]ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: 127.0.0.1	testweb.xolb.usTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{63e9b83e-c3bf-415a-9f21-f268972b8675}: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{f89feeb4-5180-42a7-b421-0b2758404c3d}: [DhcpNameServer] 8.8.8.8Internet Explorer:==================HKU\S-1-5-21-2251632056-896844064-4208290491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJBHKU\S-1-5-21-2251632056-896844064-4208290491-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-usSearchScopes: HKU\S-1-5-21-2251632056-896844064-4208290491-1001 -> {22FEE43C-3E1F-483D-B7AB-D3E18AF2D451} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-19] (Oracle Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-19] (Oracle Corporation)FireFox:========FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6k4l2q1k.defaultFF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-09-12] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-19] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-19] (Oracle Corporation)FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2016-02-21] (Nexon)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-16] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-16] (NVIDIA Corporation)FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Benjamin\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2015-08-28] (VMware, Inc.)FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)FF Plugin HKU\S-1-5-21-2251632056-896844064-4208290491-1001: @nsroblox.roblox.com/launcher -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-2251632056-896844064-4208290491-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-2251632056-896844064-4208290491-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)Chrome: =======CHR HomePage: Profile 1 -> hxxp://www.google.comCHR StartupUrls: Profile 1 -> "hxxp://www.google.com"CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-06]CHR Extension: (Magic Actions for YouTube™) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-10-17]CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-06]CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]CHR Extension: (Pushbullet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-26]CHR Extension: (uBlock Origin) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-07]CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]CHR Extension: (Copy All Urls) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2015-10-17]CHR Extension: (Google Sheets) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-06]CHR Extension: (Authy Chrome Extension) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]CHR Extension: (Anticipation for YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnijgfamanlebomemfebpndnnbbpcijl [2015-10-17]CHR Extension: (Auto Replay for YouTube™) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-10-17]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-10-17]CHR Extension: (The Exploit Database) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgjhdamnlnhppkolhfiocgnpciaiane [2015-07-08]CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2015-10-10]CHR Extension: (Into The Mist) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-10-17]CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Slides) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-21]CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-21]CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (bamboo panda) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdimjkgkhlmlngcgioeokeekojhfmblk [2015-10-21]CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]CHR Extension: (Sumo Paint) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-03-04]CHR Extension: (uBlock) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-12-28]CHR Extension: (Google Sheets) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-21]CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-02-04]CHR Extension: (Google Docs Offline) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]CHR Extension: (ROBLOX+) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2016-03-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-21]CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-21]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)R2 Apache2.4; C:\Apache24\bin\httpd.exe [29696 2016-02-05] (Apache Software Foundation) [File not signed]S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2014-08-27] (Creative Technology Ltd)R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)S3 MSIBIOSData_CC; C:\Program Files\Alienware\Command Center\BIOSData\MSIBIOSDataService.exe [2109776 2014-08-01] (MSI)R2 MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\MSIClockService.exe [4033360 2014-08-18] ()S3 MSICOMM_CC; C:\Program Files\Alienware\Command Center\MSICommService.exe [2128720 2014-08-18] ()R2 MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\MSICPUService.exe [4174672 2014-08-07] ()R2 MSICTL_CC; C:\Program Files\Alienware\Command Center\MSIControlService.exe [2021712 2014-09-12] ()R2 MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\MSIDDRService.exe [2257232 2014-10-22] ()S3 MSISaveLoad_CC; C:\Program Files\Alienware\Command Center\MSISaveLoadService.exe [3966288 2014-08-01] ()R2 MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\MSISMBService.exe [2067792 2014-08-01] ()S3 MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\MSISuperIOService.exe [549200 2014-08-01] ()S3 MSIWMI_CC; C:\Program Files\Alienware\Command Center\MSIWMIService.exe [191312 2014-09-12] ()R2 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [83952 2014-01-13] (Micro-Star Int'l Co., Ltd.)R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-24] (Qualcomm Atheros) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [14568 2014-10-24] (Alienware)S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-07] (Wacom Technology, Corp.)S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]S2 HssWd; "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe"  -product hss [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 cthda; C:\Windows\system32\drivers\cthda.sys [1051392 2014-08-27] (Creative Technology Ltd)R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2016-03-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)R3 NTIOLib_MSICEN; C:\Program Files\Alienware\Command Center\NTIOLib_Thermals_X64.sys [13808 2013-12-03] (MSI)R3 NTIOLib_MSIClock_CC; C:\Program Files\Alienware\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)S3 NTIOLib_MSICOMM_CC; C:\Program Files\Alienware\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)R3 NTIOLib_MSICPU_CC; C:\Program Files\Alienware\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)R3 NTIOLib_MSIDDR_CC; C:\Program Files\Alienware\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)S3 NTIOLib_MSIFrequency_CC; C:\Program Files\Alienware\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)S3 NTIOLib_MSIRatio_CC; C:\Program Files\Alienware\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)R3 NTIOLib_MSISMB_CC; C:\Program Files\Alienware\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)S3 NTIOLib_MSISuperIO_CC; C:\Program Files\Alienware\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2014-01-13] (MSI)R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42088 2015-09-18] (Anchorfree Inc.)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-03-04 19:55 - 2016-03-04 19:55 - 00016148 _____ C:\WINDOWS\system32\XOLBSTUDIOS_Benjamin_HistoryPrediction.bin2016-03-04 19:53 - 2016-03-04 19:53 - 00000000 ___HD C:\$WINDOWS.~BT2016-03-04 19:50 - 2016-03-04 19:53 - 00000000 ____D C:\AdwCleaner2016-03-04 19:50 - 2016-03-04 19:50 - 01518592 _____ C:\Users\Benjamin\Desktop\AdwCleaner.exe2016-03-04 19:50 - 2016-03-04 19:50 - 00007617 _____ C:\ProtectionLogs.txt2016-03-04 19:47 - 2016-03-04 19:57 - 00000000 ____D C:\Users\Benjamin\Desktop\Everything2016-03-04 19:45 - 2016-03-04 19:45 - 00000198 _____ C:\Users\Benjamin\Desktop\New Internet Shortcut.url2016-03-04 18:55 - 2016-03-04 18:55 - 00160674 _____ C:\Users\Benjamin\Downloads\Shakkaho-Studios.htm2016-03-04 16:27 - 2016-03-04 16:28 - 00087415 _____ C:\Users\Benjamin\Desktop\Addition.txt2016-03-04 16:26 - 2016-03-04 19:58 - 00034987 _____ C:\Users\Benjamin\Desktop\FRST.txt2016-03-04 16:25 - 2016-03-04 16:26 - 02374144 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe2016-02-29 21:46 - 2016-03-03 15:52 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Discord2016-02-29 21:46 - 2016-02-29 21:50 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\discord2016-02-29 21:46 - 2016-02-29 21:47 - 00000000 ____D C:\Users\Benjamin\AppData\Local\SquirrelTemp2016-02-29 21:46 - 2016-02-29 21:46 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc2016-02-29 21:44 - 2016-02-29 21:46 - 48166072 _____ (Hammer & Chisel, Inc.) C:\Users\Benjamin\Downloads\DiscordSetup.exe2016-02-28 16:42 - 2016-02-28 16:43 - 00296822 _____ C:\TDSSKiller.3.1.0.9_28.02.2016_16.42.20_log.txt2016-02-28 16:37 - 2016-03-04 19:58 - 00000000 ____D C:\FRST2016-02-24 17:26 - 2016-02-24 17:31 - 00000304 _____ C:\Users\Benjamin\Documents\SpecialAccounts.txt2016-02-21 13:57 - 2016-02-21 13:57 - 00000970 _____ C:\Users\Public\Desktop\DS3 Tool.lnk2016-02-21 12:06 - 2016-02-21 12:06 - 00163573 _____ C:\Users\Benjamin\Documents\Makkoli Seafood Buffet NJ.pdf2016-02-21 11:37 - 2016-02-21 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey2016-02-21 11:37 - 2016-02-21 11:37 - 00000000 ____D C:\Program Files\AutoHotkey2016-02-21 11:36 - 2016-02-21 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon2016-02-21 11:30 - 2016-02-21 11:30 - 00000000 ____D C:\ProgramData\NexonUS2016-02-15 19:35 - 2016-02-15 19:35 - 00003302 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry2016-02-15 18:05 - 2016-02-15 18:05 - 00003302 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay2016-02-10 17:23 - 2016-02-10 17:23 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Hex-Rays2016-02-09 18:47 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2016-02-09 18:47 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll2016-02-09 18:47 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2016-02-09 18:47 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2016-02-09 18:47 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2016-02-09 18:47 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2016-02-09 18:47 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2016-02-09 18:47 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll2016-02-09 18:47 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2016-02-09 18:47 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2016-02-09 18:47 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2016-02-09 18:47 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2016-02-09 18:47 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2016-02-09 18:47 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll2016-02-09 18:47 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll2016-02-09 18:47 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2016-02-09 18:47 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2016-02-09 18:47 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2016-02-09 18:47 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2016-02-09 18:47 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2016-02-09 18:47 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll2016-02-09 18:47 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2016-02-09 18:47 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2016-02-09 18:47 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll2016-02-09 18:47 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll2016-02-09 18:47 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2016-02-09 18:47 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll2016-02-09 18:47 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2016-02-09 18:47 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll2016-02-09 18:47 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys2016-02-09 18:47 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2016-02-09 18:47 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll2016-02-09 18:47 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll2016-02-09 18:47 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll2016-02-09 18:47 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2016-02-09 18:47 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2016-02-09 18:47 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll2016-02-09 18:47 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll2016-02-09 18:47 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2016-02-09 18:47 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2016-02-09 18:47 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2016-02-09 18:47 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll2016-02-09 18:46 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll2016-02-09 18:46 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll2016-02-09 18:46 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll2016-02-09 18:46 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2016-02-09 18:46 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2016-02-09 18:46 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2016-02-09 18:46 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll2016-02-09 18:46 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll2016-02-09 18:46 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2016-02-09 18:46 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll2016-02-09 18:46 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2016-02-09 18:46 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2016-02-09 18:46 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2016-02-09 18:46 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll2016-02-09 18:46 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll2016-02-05 16:28 - 2016-02-05 18:46 - 00000600 _____ C:\Users\Benjamin\AppData\Local\PUTTY.RND2016-02-03 18:40 - 2016-02-03 18:40 - 00000000 ____D C:\Users\Benjamin\Documents\Corona Projects2016-02-03 18:39 - 2016-02-03 18:39 - 00001318 _____ C:\Users\Public\Desktop\Corona Simulator.lnk2016-02-03 18:39 - 2016-02-03 18:39 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Corona Labs2016-02-03 18:39 - 2016-02-03 18:39 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Corona Labs2016-02-03 18:39 - 2016-02-03 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corona SDK2016-02-03 18:39 - 2016-02-03 18:39 - 00000000 ____D C:\Program Files (x86)\Corona Labs==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-03-04 19:57 - 2015-06-24 06:41 - 00000000 ____D C:\Program Files (x86)\AlienRespawn2016-03-04 19:56 - 2015-11-14 20:33 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Spotify2016-03-04 19:56 - 2015-11-14 20:33 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Spotify2016-03-04 19:56 - 2015-07-02 11:58 - 00000000 ____D C:\MSI2016-03-04 19:55 - 2015-11-10 18:25 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2016-03-04 19:55 - 2015-08-03 07:46 - 00000000 ____D C:\ProgramData\NVIDIA2016-03-04 19:55 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-03-04 19:55 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF2016-03-04 19:55 - 2015-07-06 15:51 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2016-03-04 19:54 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2016-03-04 19:53 - 2015-08-28 13:51 - 00000000 ____D C:\Users\Benjamin\AppData\Local\LogMeIn Hamachi2016-03-04 19:53 - 2015-08-03 11:43 - 00000000 ___DC C:\WINDOWS\Panther2016-03-04 19:53 - 2015-07-02 09:15 - 00000000 __RDO C:\Users\Benjamin\OneDrive2016-03-04 19:28 - 2015-07-06 15:51 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2016-03-04 19:25 - 2015-07-02 12:37 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Skype2016-03-04 19:24 - 2015-07-02 12:37 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Roblox2016-03-04 18:16 - 2015-06-24 06:40 - 00000000 ____D C:\Program Files (x86)\Steam2016-03-04 16:14 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness2016-03-04 16:13 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps2016-03-04 16:11 - 2015-07-04 14:22 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Adobe2016-03-04 16:11 - 2015-07-02 09:22 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF61F1DA-04FC-416D-9C8E-846A6BBE9802}2016-03-03 20:32 - 2015-07-02 12:37 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2016-03-03 15:58 - 2015-07-02 12:01 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Glyph2016-03-03 15:54 - 2015-07-02 12:01 - 00000000 ____D C:\Program Files (x86)\Glyph2016-03-02 21:48 - 2016-01-12 14:54 - 00000000 ____D C:\Users\Benjamin\AppData\Local\FluffyMS2016-03-01 20:51 - 2015-08-03 08:01 - 00927000 _____ C:\WINDOWS\system32\PerfStringBackup.INI2016-02-29 21:57 - 2015-08-03 07:48 - 00000000 ____D C:\Users\Benjamin2016-02-28 16:44 - 2015-06-24 06:41 - 00000000 ____D C:\ProgramData\PCDr2016-02-27 21:43 - 2015-12-30 14:32 - 00000000 ____D C:\Users\Benjamin\Desktop\LagSwitch2016-02-26 23:58 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache2016-02-26 22:46 - 2015-07-02 09:23 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Warframe2016-02-23 16:44 - 2015-07-02 12:36 - 00000000 ____D C:\ProgramData\Skype2016-02-23 14:48 - 2015-07-02 15:07 - 00000000 ____D C:\Users\Benjamin\AppData\LocalLow\RbxLogs2016-02-21 19:27 - 2015-11-08 10:10 - 00000000 ____D C:\WINDOWS\Minidump2016-02-21 13:57 - 2015-12-26 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy2016-02-21 13:57 - 2015-12-26 16:47 - 00000000 ____D C:\Program Files\MotioninJoy2016-02-21 13:51 - 2015-12-26 16:50 - 00000000 ____D C:\Users\Benjamin\AppData\Local\BetterDS32016-02-21 13:47 - 2015-10-05 16:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer2016-02-21 11:37 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew2016-02-20 21:37 - 2015-07-10 06:06 - 00000000 ____D C:\WINDOWS\Setup2016-02-19 16:29 - 2015-07-06 15:51 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-02-18 17:11 - 2015-12-20 20:40 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk2016-02-18 14:48 - 2015-10-21 20:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.02016-02-18 14:48 - 2015-07-05 09:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.02016-02-17 19:43 - 2016-01-18 14:49 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\.minecraft2016-02-17 15:43 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal2016-02-15 11:34 - 2015-11-19 18:24 - 00000000 ____D C:\Users\Benjamin\BrawlhallaReplays2016-02-14 13:21 - 2015-08-27 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2016-02-14 13:21 - 2015-07-02 09:20 - 00000000 ____D C:\Program Files\Dell2016-02-11 22:09 - 2015-07-02 11:35 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Steam2016-02-11 20:28 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF2016-02-11 20:13 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp2016-02-11 20:11 - 2015-07-05 08:41 - 00000000 ____D C:\WINDOWS\system32\MRT2016-02-11 19:59 - 2015-07-05 08:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2016-02-06 09:04 - 2015-07-04 14:27 - 00000000 ___RD C:\Users\Benjamin\Creative Cloud Files2016-02-05 19:13 - 2015-07-04 14:26 - 00000000 ____D C:\ProgramData\boost_interprocess2016-02-05 19:13 - 2015-07-02 09:11 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Adobe2016-02-05 18:53 - 2015-12-09 05:47 - 00000000 ___RD C:\Apache242016-02-03 16:26 - 2016-02-02 21:34 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\VMware2016-02-03 16:06 - 2015-08-03 08:09 - 00002374 _____ C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk==================== Files in the root of some directories =======2015-07-21 07:51 - 2015-10-03 14:24 - 0000524 _____ () C:\Users\Benjamin\AppData\Local\GIm1U2016-02-05 16:28 - 2016-02-05 18:46 - 0000600 _____ () C:\Users\Benjamin\AppData\Local\PUTTY.RND2015-08-16 20:31 - 2015-08-16 20:31 - 0000003 _____ () C:\Users\Benjamin\AppData\Local\updater.log2015-08-16 20:31 - 2015-10-01 16:54 - 0000424 _____ () C:\Users\Benjamin\AppData\Local\UserProducts.xml2015-09-01 08:09 - 2015-12-20 11:48 - 0000912 _____ () C:\Users\Benjamin\AppData\Local\_settings.ini2015-07-02 13:29 - 2015-05-03 13:29 - 0000032 ____R () C:\ProgramData\hash.dat2015-06-24 06:32 - 2015-06-24 06:33 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2015-06-24 06:28 - 2015-06-24 06:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2015-06-24 06:31 - 2015-06-24 06:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2015-06-24 06:31 - 2015-06-24 06:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2015-06-24 06:28 - 2015-06-24 06:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.logFiles to move or delete:====================C:\ProgramData\hash.datC:\Users\ToonHUD Updater\Ionic.Zip.dllC:\Users\ToonHUD Updater\ToonHUD Updater.exeSome files in TEMP:====================C:\Users\Benjamin\AppData\Local\Temp\jre-8u73-windows-au.exeC:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-02-28 13:04==================== End of FRST.txt ============================

MBAM Protection Logs:

Malwarebytes Anti-Malwarewww.malwarebytes.orgUpdate, 3/4/2016 4:09:47 PM, SYSTEM, XOLBSTUDIOS, Scheduler, Failed, Unable to access update server, Detection, 3/4/2016 4:13:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:18 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:20 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:23 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:31 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:31 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:32 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:32 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:34 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:37 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:57 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:58 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:58 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:13:59 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:14:00 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:14:04 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:12 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:12 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:12 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:13 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:15 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:15:18 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:38 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:38 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:39 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:40 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:41 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 3/4/2016 4:19:45 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 86.81.72.126, 32535, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Update, 3/4/2016 4:19:55 PM, SYSTEM, XOLBSTUDIOS, Manual, Remediation Database, 2016.2.22.2, 2016.3.4.1, Update, 3/4/2016 4:19:56 PM, SYSTEM, XOLBSTUDIOS, Manual, Domain Database, 2016.3.3.4, 2016.3.4.7, Update, 3/4/2016 4:20:00 PM, SYSTEM, XOLBSTUDIOS, Manual, Malware Database, 2016.3.4.1, 2016.3.4.5, Protection, 3/4/2016 4:20:00 PM, SYSTEM, XOLBSTUDIOS, Protection, Refresh, Starting, Protection, 3/4/2016 4:20:00 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Stopping, Protection, 3/4/2016 4:20:00 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Stopped, Protection, 3/4/2016 4:20:04 PM, SYSTEM, XOLBSTUDIOS, Protection, Refresh, Success, Protection, 3/4/2016 4:20:05 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Starting, Protection, 3/4/2016 4:20:06 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Started, Scan, 3/4/2016 4:52:16 PM, SYSTEM, XOLBSTUDIOS, Manual, Start:3/4/2016 4:21:40 PM, Duration:30 min 36 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Scan, 3/4/2016 7:44:38 PM, SYSTEM, XOLBSTUDIOS, Manual, Start:3/4/2016 7:16:40 PM, Duration:27 min 57 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 3/4/2016 7:47:17 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Starting, Protection, 3/4/2016 7:47:19 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Started, Protection, 3/4/2016 7:47:19 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Starting, Protection, 3/4/2016 7:47:20 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Started, Update, 3/4/2016 7:48:15 PM, SYSTEM, XOLBSTUDIOS, Scheduler, Failed, Unable to access update server, Protection, 3/4/2016 7:55:33 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Starting, Protection, 3/4/2016 7:55:33 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Started, Protection, 3/4/2016 7:55:33 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Starting, Protection, 3/4/2016 7:55:34 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Started, (end)
Link to post
Share on other sites

I want to see the "Scan" log from Malwarebytes scan, you`ve posted a "Protection" log. From the latest run of FRST you have only posted the new "Primary" log (frst.txt) you have not posted the secondary log (addition.txt) In order for the secondary log to be produced from subsequent scans you have to checkmark the addition.txt box in optional scan box.... I did list that instruction in my last reply..

 

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Do the blocks cease after FRST completes?

 

 

Fixlist.txt

Link to post
Share on other sites

Thanks for the update, if the issue is solved run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Can you post the last Protection Log from Malwarebytes...

 

 

  • Click on the History tab > Application Logs.
  • Double click on the Protection Log which shows the most recent Date and time..
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

Thanks...

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Detection, 3/11/2016 1:16:45 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 194.63.142.32, 123, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:16:45 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 194.63.142.32, 123, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:22:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.70, 111, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:22:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.70, 111, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:56:51 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.73, 69, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:56:51 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.73, 69, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 1:56:51 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.73, 69, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 3:06:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 91.223.89.10, 5060, Inbound, C:\Windows\System32\svchost.exe, 

Detection, 3/11/2016 3:06:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 91.223.89.10, 5060, Inbound, C:\Windows\System32\svchost.exe, 

 

(end)

Link to post
Share on other sites

Thanks for that log, those entries are all inbound which does not necessarily mean you have an infection on your system. Looking at the Firewall rules in the FRST logs there are several open ports that maybe problematic. Having a Firewall with open ports is a bit like locking your front door but leaving the key in, unless you totally trust applications that have such access through your FW

 

Have a look at the following:

 

robloxstudiobeta.exe - 42 open ports in FW    <<<---- these do look related the entries you listed??

fluffyms.exe                - 12 open ports in FW

fluffyms beta.exe        - 4 open ports in FW

BitTorrent.exe             - 6 open ports in FW    <<<---- having open ports to P2P apps is a definite red flag alert..

 

Let me know what you think.. 

 

Also can you check other Protection logs see if there any outbound alerts...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Even as a trusted app, 42 open ports does seem excessive,

 

Can you upload couple of prior Protection logs from Malwarebytes... Also run the following:

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Thanks,

 

Kevin

Link to post
Share on other sites

ESET log only has found entries that concern you, either delete or keep is your choice...

 

Looking at the protection logs we have two programs that maybe contribute to the inbound/outbound problems, Skype and BitTorrent.Can you make sure both programs are uninstalled from your system, when complete run FRST as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....

 

Do not reinstall either of the programs that were requested for removal. I want to check FRST logs for any remnants... When we are sure no remnants you can reinstall Skype, attribute fresh logins/passwords etc...

 

Thank you,

 

Kevin...

 

Kevin
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.