Jump to content

Recommended Posts

This is a continuation from a previous topic.  I was advised to run the Farbar Recovery Scan Tool which I did.  Below is the FRST.txt log and the Addition.txt log.  I have a virus that I used Malware Anti-Malware Premium for but it didn't remove all of the virus on my computer so now I am doing these next steps as was suggested by a "Maware Hunters" on this forum. I've also attached the Text Logs if that makes it easier. Please help!!! Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2016
Ran by Candi (administrator) on LAPTOP-T4C09DLD (27-08-2016 13:33:19)
Running from C:\Users\Candi\Downloads
Loaded Profiles: Candi (Available Profiles: Candi)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
() C:\ProgramData\Holdtam\Holdtam.exe
() C:\ProgramData\Logic Handler\set.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(ivory) C:\Windows\transfigured.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(mindy) C:\Windows\aurelian.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\intelligencer\unwatched.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x86__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Candi\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [unwatched] => C:\Program Files\intelligencer\unwatched.exe [40265 2016-08-23] ()
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [fitters] => C:\Program Files\intelligencer\misses.exe [10240 2016-08-23] (stuffing)
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [failed] => "C:\Program Files\biggers\autres.exe"
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [merrill] => "C:\Program Files\lanterns\politic.exe"
AppInit_DLLs: C:\ProgramData\Holdtam\WhiteLamstrong.dll => C:\ProgramData\Holdtam\WhiteLamstrong.dll [248320 2016-08-23] ()
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deserting.lnk [2016-08-26]
ShortcutTarget: deserting.lnk -> C:\Program Files\lanterns\politic.exe (No File)
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640.lnk [2016-08-26]
ShortcutTarget: ok51887640.lnk -> C:\Program Files\lanterns\politic.exe (No File)
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640deserting.lnk [2016-08-26]
ShortcutTarget: ok51887640deserting.lnk -> C:\Program Files\biggers\autres.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{30bfc7ce-7510-4245-bc73-f7240e932691}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{672262a7-9425-4d0f-b3a2-734604c71bec}: [DhcpNameServer] 169.254.73.172
ManualProxies: 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001 -> {ADF7D7E4-56A0-45D8-B409-BC5C49A28AFB} URL = 
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-17]
CHR Extension: (Google Docs) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-17]
CHR Extension: (Google Drive) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-17]
CHR Extension: (YouTube) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-17]
CHR Extension: (Google Sheets) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Gmail) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-17]
CHR Extension: (Chrome Media Router) - C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 antitrust; C:\WINDOWS\transfigured.exe [7680 2016-08-23] (ivory) [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2138824 2016-08-11] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-06-17] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-28] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-28] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-28] (Intel Corporation)
R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [695296 2016-08-23] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-06-17] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (Lenovo)
U2 pao; C:\WINDOWS\aurelian.exe [7680 2016-08-23] (mindy) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)
S2 MbaeSvc; "C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59296 2016-08-04] ()
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-09] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-09] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-17] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-06-30] ()
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277256 2015-06-12] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-15] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-11] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [3848944 2015-08-14] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-06-15] (Realtek Semiconductor Corp.)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-27 13:33 - 2016-08-27 13:33 - 00013398 _____ C:\Users\Candi\Downloads\FRST.txt
2016-08-27 13:32 - 2016-08-27 13:33 - 00000000 ____D C:\FRST
2016-08-27 13:31 - 2016-08-27 13:32 - 01746944 _____ (Farbar) C:\Users\Candi\Downloads\FRST (1).exe
2016-08-27 13:30 - 2016-08-27 13:30 - 01746944 _____ (Farbar) C:\Users\Candi\Downloads\FRST.exe
2016-08-27 07:15 - 2016-08-27 13:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-27 07:14 - 2016-08-27 13:27 - 00000000 ____D C:\Users\Candi\Desktop\mbar
2016-08-27 07:14 - 2016-08-27 07:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Candi\Downloads\mbar-1.09.3.1001 (1).exe
2016-08-27 07:13 - 2016-08-27 07:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Candi\Downloads\mbar-1.09.3.1001.exe
2016-08-27 07:06 - 2016-08-26 17:49 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Desktop\mbam-setup-web.NT-2.2.1.1043.exe
2016-08-26 18:30 - 2016-08-27 00:13 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-26 18:02 - 2016-08-27 10:52 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-26 18:02 - 2016-08-27 10:52 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-26 18:02 - 2016-08-27 07:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-26 18:02 - 2016-08-27 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-26 18:02 - 2016-08-26 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-26 18:02 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-26 18:02 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-26 17:36 - 2016-08-27 06:55 - 00000000 ____D C:\WINDOWS\pss
2016-08-26 17:12 - 2016-08-26 17:13 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbam-setup-web.NT-2.2.1.1043 (4).exe
2016-08-26 17:05 - 2016-08-26 17:05 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbam-setup-web.NT-2.2.1.1043 (3).exe
2016-08-26 16:55 - 2016-08-26 16:55 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbam-setup-web.NT-2.2.1.1043 (2).exe
2016-08-26 16:54 - 2016-08-26 18:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-08-26 16:54 - 2016-08-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-08-26 16:54 - 2016-08-26 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-08-26 16:53 - 2016-08-26 16:54 - 01875208 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbae_premium.exe
2016-08-26 16:53 - 2016-08-26 16:53 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbam-setup-web.NT-2.2.1.1043 (1).exe
2016-08-26 16:52 - 2016-08-26 16:52 - 22851472 _____ (Malwarebytes ) C:\Users\Candi\Downloads\mbam-setup-web.NT-2.2.1.1043.exe
2016-08-26 16:39 - 2016-08-26 16:39 - 00000000 ____D C:\Users\Candi\AppData\Local\ElevatedDiagnostics
2016-08-26 16:26 - 2016-08-26 16:26 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-26 15:50 - 2016-08-26 18:24 - 00000000 ____D C:\ProgramData\9f576948-66f7-0
2016-08-23 21:48 - 2016-08-23 21:48 - 00000001 _____ C:\Users\Candi\AppData\Local\setupsuccessful.txt
2016-08-23 21:47 - 2016-08-24 13:46 - 00000000 ____D C:\ProgramData\59179e8b
2016-08-23 21:47 - 2016-08-23 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-23 21:46 - 2016-08-26 18:24 - 00000000 ____D C:\ProgramData\{10545570-512c-0}
2016-08-23 21:46 - 2016-08-23 21:46 - 00000055 _____ C:\WINDOWS\key.ini
2016-08-23 21:46 - 2016-08-23 21:46 - 00000000 ____D C:\Users\Candi\AppData\Roaming\Mozilla
2016-08-23 21:46 - 2016-08-23 21:46 - 00000000 ____D C:\ProgramData\{33ff54cc-112c-1}
2016-08-23 21:46 - 2016-08-23 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-23 21:45 - 2016-08-27 10:51 - 00000000 ____D C:\Program Files\lanterns
2016-08-23 21:45 - 2016-08-26 18:24 - 00000000 ____D C:\ProgramData\9f576948-3e21-1
2016-08-23 21:45 - 2016-08-26 18:10 - 00000000 ____D C:\Program Files\biggers
2016-08-23 21:45 - 2016-08-23 21:47 - 00000000 ____D C:\ProgramData\9f576948-7691-0
2016-08-23 21:45 - 2016-08-23 21:47 - 00000000 ____D C:\a
2016-08-23 21:45 - 2016-08-23 21:46 - 00000000 ____D C:\Program Files\intelligencer
2016-08-23 21:45 - 2016-08-23 21:46 - 00000000 ____D C:\f2412c8cf06222b678921c
2016-08-23 21:45 - 2016-08-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
2016-08-23 21:45 - 2016-08-23 21:45 - 00000000 ____D C:\ProgramData\Logic Handler
2016-08-23 21:45 - 2016-08-23 21:45 - 00000000 ____D C:\ProgramData\Holdtams
2016-08-23 21:45 - 2016-08-23 21:45 - 00000000 ____D C:\Program Files\Common Files\Hotlex
2016-08-23 21:45 - 2016-08-23 21:45 - 00000000 ____D C:\Program Files\christians
2016-08-23 21:44 - 2016-08-27 13:27 - 00000000 ____D C:\ProgramData\Holdtam
2016-08-23 21:44 - 2016-08-23 21:48 - 00000000 _____ C:\Users\Candi\AppData\Local\stxtname.txt
2016-08-23 21:44 - 2016-08-23 21:44 - 07118336 _____ C:\Users\Candi\AppData\Roaming\agent.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 02279413 _____ C:\Users\Candi\AppData\Roaming\Dentolex.bin
2016-08-23 21:44 - 2016-08-23 21:44 - 01901341 _____ C:\Users\Candi\AppData\Roaming\Fax-Dox.tst
2016-08-23 21:44 - 2016-08-23 21:44 - 00126464 _____ C:\Users\Candi\AppData\Roaming\noah.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00126464 _____ C:\Users\Candi\AppData\Roaming\lobby.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00072707 _____ C:\Users\Candi\AppData\Roaming\Danlux.tst
2016-08-23 21:44 - 2016-08-23 21:44 - 00070704 _____ C:\Users\Candi\AppData\Roaming\Config.xml
2016-08-23 21:44 - 2016-08-23 21:44 - 00054272 _____ C:\Users\Candi\AppData\Roaming\ApplicationHosting.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00018432 _____ C:\Users\Candi\AppData\Roaming\Main.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00005568 _____ C:\Users\Candi\AppData\Roaming\md.xml
2016-08-23 21:44 - 2016-08-23 21:44 - 00000000 _____ C:\Users\Candi\AppData\Local\run.txt
2016-08-23 21:44 - 2016-08-23 21:43 - 00695296 _____ C:\Users\Candi\AppData\Roaming\Fax-Dox.exe
2016-08-23 21:44 - 2016-08-23 21:43 - 00695296 _____ C:\Users\Candi\AppData\Roaming\Danlux.exe
2016-08-23 21:43 - 2016-08-23 21:43 - 00138240 _____ C:\Users\Candi\AppData\Roaming\Installer.dat
2016-08-23 21:43 - 2016-08-23 21:43 - 00018432 _____ C:\Users\Candi\AppData\Roaming\InstallationConfiguration.xml
2016-08-23 21:43 - 2016-08-23 21:43 - 00000000 ____D C:\Program Files\Caster
2016-08-23 17:37 - 2016-08-23 17:37 - 00007680 _____ (mindy) C:\WINDOWS\aurelian.exe
2016-08-23 17:37 - 2016-08-23 17:37 - 00007680 _____ (ivory) C:\WINDOWS\transfigured.exe
2016-08-23 17:37 - 2016-08-23 17:37 - 00006656 _____ C:\WINDOWS\dll.dll
2016-08-23 17:36 - 2016-08-23 17:36 - 00041202 _____ C:\WINDOWS\greets.exe
2016-08-23 13:53 - 2016-08-23 13:53 - 00618020 _____ C:\Users\Candi\Desktop\BPPC Cancelation Waiver.pdf
2016-08-20 22:59 - 2016-08-20 22:59 - 00013140 _____ C:\Users\Candi\Desktop\Trade Mark Application - Confirmation.pdf
2016-08-20 22:53 - 2016-08-20 22:53 - 00013344 _____ C:\Users\Candi\Desktop\Trade Mark Application.pdf
2016-08-19 18:07 - 2016-08-19 18:12 - 00000000 ____D C:\Users\Candi\Desktop\Horsebacking
2016-08-13 13:58 - 2016-08-13 13:58 - 00007680 _____ C:\Users\Candi\AppData\Local\tinstall4.exe
2016-08-09 20:22 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 20:22 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 20:22 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 20:22 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 20:22 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 20:22 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 20:22 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 20:22 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 20:22 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 20:22 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 20:22 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 20:22 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 20:22 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 20:22 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 20:22 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 20:22 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 20:22 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 20:22 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 20:22 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 20:22 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 20:22 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 20:22 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 20:22 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 20:22 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 20:22 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 20:22 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 20:22 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 20:22 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 20:22 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 20:22 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 20:22 - 2016-08-03 00:44 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 20:22 - 2016-08-03 00:44 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 20:22 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 20:22 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 20:22 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 20:22 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 20:22 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 20:22 - 2016-08-03 00:43 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 20:22 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 20:22 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 20:22 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 20:22 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 20:22 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 20:22 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 20:22 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 20:22 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 20:22 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 20:22 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 20:22 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 20:22 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 20:22 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 20:22 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 20:22 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 20:22 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 20:22 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 20:22 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 20:22 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 20:22 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 20:22 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 20:22 - 2016-08-03 00:33 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 20:22 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 20:22 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 20:22 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 20:22 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 20:22 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 20:22 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 20:22 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 20:22 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 20:22 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 20:22 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 20:22 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 20:22 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 20:22 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 20:22 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 20:22 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 20:22 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 20:22 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 20:22 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 20:22 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 20:22 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-07-31 15:27 - 2016-07-31 15:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-31 12:38 - 2016-07-31 12:38 - 00199137 _____ C:\Users\Candi\Desktop\KC Exit Realty - ACACIA.pdf
2016-07-31 12:37 - 2016-07-31 12:37 - 00200898 _____ C:\Users\Candi\Desktop\KC Exit Realty.pdf
2016-07-31 12:33 - 2016-07-31 12:36 - 00015477 _____ C:\Users\Candi\Desktop\KC Exit Realty - ACACIA.xlsx
2016-07-31 12:10 - 2016-07-31 12:37 - 00015479 _____ C:\Users\Candi\Desktop\KC Exit Realty.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-27 13:27 - 2016-06-29 19:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-27 11:05 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 11:04 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 10:59 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-08-27 10:59 - 2015-07-16 12:07 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-27 10:51 - 2016-06-17 20:22 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-27 10:51 - 2016-06-17 20:22 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-27 10:51 - 2016-06-15 01:46 - 00000000 __SHD C:\Users\Candi\IntelGraphicsProfiles
2016-08-27 10:51 - 2016-04-27 00:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-27 10:51 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\security
2016-08-27 10:50 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-27 00:10 - 2016-06-17 20:23 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-27 00:10 - 2016-06-17 20:23 - 00002225 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-26 18:14 - 2016-06-29 19:59 - 00001532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-08-26 18:14 - 2016-06-15 08:19 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-08-26 18:14 - 2016-06-15 01:48 - 00002372 _____ C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 18:11 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\IME
2016-08-26 16:37 - 2016-06-29 19:52 - 00000000 ____D C:\Users\Candi
2016-08-26 16:26 - 2015-10-30 01:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-26 16:26 - 2015-10-30 01:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-26 16:23 - 2016-03-04 12:52 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-26 16:13 - 2016-06-15 08:11 - 00000000 ____D C:\Users\Candi\AppData\Local\MicrosoftEdge
2016-08-18 11:12 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 00:38 - 2016-04-27 00:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 00:38 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 00:38 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-15 16:22 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-15 08:45 - 2016-06-17 20:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-15 08:36 - 2016-06-17 20:30 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-15 08:36 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-15 08:36 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-03 20:04 - 2016-06-29 23:45 - 00000000 ____D C:\Windows.old

==================== Files in the root of some directories =======

2016-08-23 21:44 - 2016-08-23 21:44 - 7118336 _____ () C:\Users\Candi\AppData\Roaming\agent.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 0054272 _____ () C:\Users\Candi\AppData\Roaming\ApplicationHosting.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 0070704 _____ () C:\Users\Candi\AppData\Roaming\Config.xml
2016-08-23 21:44 - 2016-08-23 21:43 - 0695296 _____ () C:\Users\Candi\AppData\Roaming\Danlux.exe
2016-08-23 21:44 - 2016-08-23 21:44 - 0072707 _____ () C:\Users\Candi\AppData\Roaming\Danlux.tst
2016-08-23 21:44 - 2016-08-23 21:44 - 2279413 _____ () C:\Users\Candi\AppData\Roaming\Dentolex.bin
2016-08-23 21:44 - 2016-08-23 21:43 - 0695296 _____ () C:\Users\Candi\AppData\Roaming\Fax-Dox.exe
2016-08-23 21:44 - 2016-08-23 21:44 - 1901341 _____ () C:\Users\Candi\AppData\Roaming\Fax-Dox.tst
2016-08-23 21:43 - 2016-08-23 21:43 - 0018432 _____ () C:\Users\Candi\AppData\Roaming\InstallationConfiguration.xml
2016-08-23 21:43 - 2016-08-23 21:43 - 0138240 _____ () C:\Users\Candi\AppData\Roaming\Installer.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 0126464 _____ () C:\Users\Candi\AppData\Roaming\lobby.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 0018432 _____ () C:\Users\Candi\AppData\Roaming\Main.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 0005568 _____ () C:\Users\Candi\AppData\Roaming\md.xml
2016-08-23 21:44 - 2016-08-23 21:44 - 0126464 _____ () C:\Users\Candi\AppData\Roaming\noah.dat
2016-08-23 21:45 - 2016-08-23 21:45 - 0032038 _____ () C:\Users\Candi\AppData\Roaming\uninstall_temp.ico
2016-08-23 21:44 - 2016-08-23 21:44 - 0000000 _____ () C:\Users\Candi\AppData\Local\run.txt
2016-08-23 21:48 - 2016-08-23 21:48 - 0000001 _____ () C:\Users\Candi\AppData\Local\setupsuccessful.txt
2016-08-23 21:44 - 2016-08-23 21:48 - 0000000 _____ () C:\Users\Candi\AppData\Local\stxtname.txt
2016-08-13 13:58 - 2016-08-13 13:58 - 0007680 _____ () C:\Users\Candi\AppData\Local\tinstall4.exe

Some files in TEMP:
====================
C:\Users\Candi\AppData\Local\Temp\B3bCZq85rK.exe
C:\Users\Candi\AppData\Local\Temp\C1NreJLUjL.exe
C:\Users\Candi\AppData\Local\Temp\Qb0lOkTQKd.exe
C:\Users\Candi\AppData\Local\Temp\sdf34D7.exe
C:\Users\Candi\AppData\Local\Temp\sdf436E.exe
C:\Users\Candi\AppData\Local\Temp\sdf654E.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-29 19:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-08-2016
Ran by Candi (27-08-2016 13:34:27)
Running from C:\Users\Candi\Downloads
Microsoft Windows 10 Home Version 1511 (X86) (2016-06-30 00:06:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1285858443-3874230526-1085882535-500 - Administrator - Disabled)
Candi (S-1-5-21-1285858443-3874230526-1085882535-1001 - Administrator - Enabled) => C:\Users\Candi
DefaultAccount (S-1-5-21-1285858443-3874230526-1085882535-503 - Limited - Disabled)
Guest (S-1-5-21-1285858443-3874230526-1085882535-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Lenovo  Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
MyInternet (HKLM\...\FastIn) (Version:  - Winxi)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATTENTION
SrpnFiles (HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\SrpnFiles) (Version: 29.16.34 - hxxps://www.www.springfile.biz)
System Healer (HKLM\...\SystemHealer) (Version: 4.5.0.1 - SystemHealer) <==== ATTENTION
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (Version: 4.0.0.1 - Lenovo) Hidden
WIN (HKLM\...\win_en_77_is1) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6AF2BC-777C-4FAD-9CBB-2BE0370959D8} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {0B35F64E-8600-4F10-9891-C1DD548E1C2A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {0D973929-B7FB-4A8B-A83F-2AA7F6BE8B0E} - System32\Tasks\dc17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => C:\Program Files\lanterns\politic.exe
Task: {0DF71915-5574-4693-90CB-14C00A7EEA95} - \psv_Bio-Tax -> No File <==== ATTENTION
Task: {13A882F2-1687-4107-8632-B7B12EEA7308} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {1A175C88-8E5C-4998-A6C3-3B323B29D06F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1E3426F2-331C-441F-8767-D8B175FCCFF8} - \snf -> No File <==== ATTENTION
Task: {24E4D97C-0939-4C8F-BAD3-CF83465F403C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {32FC1DBD-FB39-4922-B2C8-BE2E38337A9B} - \MAXDriverUpdater_UPDATES -> No File <==== ATTENTION
Task: {3344C382-8FEB-4861-95F7-209CBFD6F010} - System32\Tasks\a21252813 => C:\Program Files\lanterns\politic.exe
Task: {428C927E-1316-4805-BAC5-C4D971C06FB0} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-17] (Lenovo)
Task: {49347577-AD67-4EDA-AFEB-148E3A840F53} - System32\Tasks\224330021 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing) <==== ATTENTION
Task: {4E1535C6-5BC7-4B09-B147-EB2C6F8868B3} - \MAXDriverUpdaterRunAtStartup -> No File <==== ATTENTION
Task: {53A98ECF-DF39-4C33-BBE5-E3A761B79520} - \LuckyBrowse -> No File <==== ATTENTION
Task: {55652B0B-0762-4291-9F1C-BC25B50AE54B} - \psv_Donfan -> No File <==== ATTENTION
Task: {5A56876E-973F-4665-92F5-BEE581DF9C03} - \psv_Homeplus -> No File <==== ATTENTION
Task: {769B2748-8EAE-4541-9E5A-0D17C86FA7AF} - System32\Tasks\124330021 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing) <==== ATTENTION
Task: {7FE51216-53A7-494F-9FC8-4DF3F0F1B940} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-26] (Microsoft Corporation)
Task: {84312A3F-8BD8-43A5-BE45-1545B97D56B6} - System32\Tasks\b21252813 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing)
Task: {8842B2A1-8F65-46A3-AC97-23285DC4C5A6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-17] (Lenovo)
Task: {89F3ADF3-E874-42E5-AB59-133F67842BAD} - System32\Tasks\a4350698443506984 => C:\Program Files\biggers\autres.exe
Task: {8B82635E-88DE-415A-82D2-E590AE72290E} - \System Healer Task -> No File <==== ATTENTION
Task: {A2E65C9C-8893-4959-A48B-07058AFE514A} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A538126C-5184-4C41-A567-67A7BB0BC11A} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {A6C54921-05A6-4DB3-9493-990A0A1818A8} - \snp -> No File <==== ATTENTION
Task: {B95717D8-EC67-4310-956F-F48B53305902} - System32\Tasks\ab17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => C:\Program Files\lanterns\politic.exe
Task: {CA7D0DE1-5B3C-4B74-85E0-B5813AAEFC0D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-17] (Lenovo)
Task: {D1BF8EB2-9B76-4CC6-AB99-1F3ED1D3CB1D} - \psv_Islux -> No File <==== ATTENTION
Task: {D312FC2C-A8E5-48BD-9CD6-5D06C14F04B8} - \{08087E47-040A-790F-0D11-7F7A097E1178} -> No File <==== ATTENTION
Task: {DD88D623-18CF-4564-8FC0-7AED6039F4CE} - System32\Tasks\dP4350698443506984 => C:\Program Files\biggers\autres.exe
Task: {E49F9D31-74C5-45E3-B96F-237BB54EEFE3} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {F2C4C3D8-E629-4278-B7E8-0B152ABFC349} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {FC7B5012-0453-4854-A51A-529B4785276E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Candi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-04 13:40 - 2015-07-16 17:40 - 00147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2016-08-23 21:44 - 2016-08-23 21:43 - 00695296 _____ () C:\ProgramData\Holdtam\Holdtam.exe
2016-08-23 21:45 - 2016-05-15 18:04 - 02089472 _____ () C:\ProgramData\Logic Handler\set.exe
2016-08-23 17:37 - 2016-08-23 17:37 - 00006656 _____ () C:\WINDOWS\dll.dll
2016-07-12 21:31 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:31 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-04 14:58 - 2016-07-04 14:58 - 00679624 _____ () C:\Users\Candi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-04-27 00:11 - 2016-04-27 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:30 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 21:30 - 2016-06-30 23:32 - 00428032 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-12 21:31 - 2016-06-30 23:13 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:31 - 2016-06-30 23:08 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:31 - 2016-06-30 23:08 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:31 - 2016-06-30 23:11 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-23 17:37 - 2016-08-23 17:37 - 00040265 _____ () C:\Program Files\intelligencer\unwatched.exe
2016-07-04 15:35 - 2016-07-04 15:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-04 15:35 - 2016-07-04 15:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-04 15:35 - 2016-07-04 15:35 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-27 11:01 - 2016-08-27 11:01 - 02928640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x86__8wekyb3d8bbwe\Calculator.exe
2016-08-15 23:13 - 2016-08-15 23:15 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-15 23:13 - 2016-08-15 23:15 - 11393536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-04 15:37 - 2016-07-04 15:37 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-15 22:49 - 2016-06-15 22:50 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-15 22:53 - 2016-06-15 22:54 - 06383616 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-08-05 12:46 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-05 12:46 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:28 - 2016-08-23 21:44 - 00001129 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
162.222.194.13       cocomo.tremorhub.com
162.222.194.13       www.virustotal.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: lfsvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB65F8AD-99E1-42A7-8DA0-714119045566}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{229C7EE3-209C-40CA-B1B1-E150650D843C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{337B594B-D707-476E-8386-1267BF4E34A5}] => (Allow) C:\Users\Candi\AppData\Local\ddnowyes.exe
FirewallRules: [{2D91F47F-623B-47EE-802D-C3DAA4CB3DD4}] => (Allow) C:\Users\Candi\AppData\Local\Temp\nsb7C81.tmp\oksoft12.exe
FirewallRules: [{ACD6BA97-A215-4074-993F-65330C5260BF}] => (Allow) C:\Users\Candi\AppData\Local\87397687.exe
FirewallRules: [{DABE4EA8-5952-4347-8354-FC2445BE0EA6}] => (Allow) C:\Users\Candi\AppData\Local\tinstall.exe
FirewallRules: [{FB23F260-863E-4293-A4FA-8B7E6789E826}] => (Allow) C:\Users\Candi\AppData\Local\cap.exe
FirewallRules: [{D589D5D6-F666-433D-9BAD-97CF468AF13F}] => (Allow) C:\Users\Candi\AppData\Local\ddnow.exe
FirewallRules: [{8C300072-A8E2-48B6-B8A8-0EF9F361F0CA}] => (Allow) C:\Program Files\SrpnFiles\SrpnFiles.exe
FirewallRules: [{77DEA308-DFC8-4BD4-9FF2-3E27618129C1}] => (Allow) C:\Program Files\SrpnFiles\SrpnFiles.exe
FirewallRules: [{E3816BB1-465C-481C-8825-13C87E0D417B}] => (Allow) C:\Program Files\SrpnFiles\downloader.exe
FirewallRules: [{F0F1AB5D-7826-4229-B083-871ADCF16A24}] => (Allow) C:\Program Files\SrpnFiles\downloader.exe
FirewallRules: [{C5992B9B-CDEA-431C-A779-94C95D369CDD}] => (Allow) C:\Program Files\lanterns\politic.exe
FirewallRules: [{F7F0A225-F173-434C-B491-A224C6ECF092}] => (Allow) C:\Program Files\lanterns\gallegos.exe
FirewallRules: [{3BFE5A6F-269A-4520-9B4B-A393A6DA0425}] => (Allow) C:\Program Files\intelligencer\misses.exe
FirewallRules: [{01FBEA87-B80B-4D54-BDFA-7D3B09C44F9C}] => (Allow) C:\Program Files\biggers\autres.exe
FirewallRules: [{CFAA36B7-51E4-4461-B738-668394681E26}] => (Allow) C:\WINDOWS\transfigured.exe
FirewallRules: [TCP Query User{45F33D9D-4F09-4545-975B-F88D9DFF5548}C:\program files\google\chrome\application\chrome334.exe] => (Allow) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{D23191A4-5541-41A9-A839-965BABCF6A1F}C:\program files\google\chrome\application\chrome334.exe] => (Allow) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [{5378C6B3-8B2F-4F1D-9B1B-684D9DE2ACF7}] => (Block) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [{AC1511A3-45AC-4914-9C44-7216C1CFE46F}] => (Block) C:\program files\google\chrome\application\chrome334.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2016 06:57:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0x8d4
Faulting application start time: 0x01d20051cc211dcb
Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: f812e341-a568-445d-8ce5-114756521ef5
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/27/2016 12:13:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-T4C09DLD)
Description: Activation of app Microsoft.Getstarted_4.0.9.0_x86__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/27/2016 12:10:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0x8ac
Faulting application start time: 0x01d20018d80e6a6f
Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: d4b723a1-c719-4742-9521-a2df7e33fd03
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/27/2016 12:10:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001bb582
Faulting process id: 0xeb0
Faulting application start time: 0x01d20018dbcba394
Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\Qt5Widgets.dll
Report Id: 2e3ab252-2b9e-4366-af7e-78ef28446310
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/26/2016 07:06:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-T4C09DLD)
Description: Activation of app Microsoft.Getstarted_4.0.9.0_x86__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/26/2016 07:05:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/26/2016 06:52:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-T4C09DLD)
Description: Activation of app Microsoft.Getstarted_4.0.9.0_x86__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/26/2016 06:47:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0x8b4
Faulting application start time: 0x01d1ffebba9fb1f1
Faulting application path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: 7966ec9a-7568-4387-996b-fbb922af99b5
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/26/2016 06:30:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-T4C09DLD)
Description: Activation of app Microsoft.Getstarted_4.0.9.0_x86__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/26/2016 06:11:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-T4C09DLD)
Description: Activation of app Microsoft.Getstarted_4.0.9.0_x86__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/27/2016 01:27:11 PM) (Source: RtlWlans) (EventID: 5002) (User: )
Description: \DEVICE\{30BFC7CE-7510-4245-BC73-F7240E932691} : Has determined that the network adapter is not functioning properly.

Error: (08/27/2016 01:25:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (08/27/2016 12:23:11 PM) (Source: RtlWlans) (EventID: 5002) (User: )
Description: \DEVICE\{30BFC7CE-7510-4245-BC73-F7240E932691} : Has determined that the network adapter is not functioning properly.

Error: (08/27/2016 12:02:58 PM) (Source: RtlWlans) (EventID: 5002) (User: )
Description: \DEVICE\{30BFC7CE-7510-4245-BC73-F7240E932691} : Has determined that the network adapter is not functioning properly.

Error: (08/27/2016 11:50:54 AM) (Source: RtlWlans) (EventID: 5002) (User: )
Description: \DEVICE\{30BFC7CE-7510-4245-BC73-F7240E932691} : Has determined that the network adapter is not functioning properly.

Error: (08/27/2016 11:27:51 AM) (Source: RtlWlans) (EventID: 5002) (User: )
Description: \DEVICE\{30BFC7CE-7510-4245-BC73-F7240E932691} : Has determined that the network adapter is not functioning properly.

Error: (08/27/2016 10:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MbaeSvc service failed to start due to the following error: 
%%2 = The system cannot find the file specified.

Error: (08/27/2016 10:51:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (08/27/2016 10:50:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2dcff service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/27/2016 10:39:13 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}


CodeIntegrity:
===================================
  Date: 2016-08-26 16:24:27.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-17 11:31:18.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-15 08:41:22.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 20:10:22.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-03 20:02:12.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-30 13:00:38.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-18 13:03:31.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-17 14:50:14.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-12 23:35:54.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-12 21:07:51.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 65%
Total physical RAM: 1977.13 MB
Available physical RAM: 691.11 MB
Total Virtual: 4281.13 MB
Available Virtual: 2607.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:27.87 GB) (Free:7.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:29.71 GB) (Free:13.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 9B1DCF27)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi Fresa214 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and come up with a reply. Thank you!

Link to post
Share on other sites

Aura, I attempted one more time to download the Malwarebytes Anti-Malware on my laptop since the virus was previously blocking me from doing so and it looks like it worked this time! I'm not sure if it was because of the Farbar scan I just did but it worked and sent notification that 187 threats were successfully blocked.  It sounds as though it is finally fixed. Ironically I tried it again right after I sent you the text logs and that's when it all seemed good.  

With that said, I do not want you to waste any time going through the logs I sent, however if you want to just to be sure, please feel free to do so and advise me of your findings. I appreciate it!  Thanks

Link to post
Share on other sites

I noticed your latest post, but we'll still go forward with the full clean-up procedure just in case :)

Alright thank you for waiting :) You are indeed infected and the infection is preventing Malwarebytes products from being installed/running properly. So once we clean-up, they should install without any issues.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • Caster
  • MyInternet
  • SpaceSoundPro
  • SrpnFiles
  • System Healer
  • WIN


If you have an issue when uninstalling a program, please let me know.

We'll run a first fix with FRST, and then do a sweep using JRT and AdwCleaner. Once done, the system should be clean enough to install and use Malwarebytes Anti-Malware.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should include:

  • Confirmation that you uninstalled the programs listed above, if not, which ones couldn't you uninstall;
  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted content of JRT.txt;
  • Copy/pasted content of AdwCleaner clean log;

fixlist.txt

Link to post
Share on other sites

All 3 logs are below and attached, thanks.

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-08-2016
Ran by Candi (27-08-2016 14:44:15) Run:2
Running from C:\Users\Candi\Desktop
Loaded Profiles: Candi (Available Profiles: Candi)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [unwatched] => C:\Program Files\intelligencer\unwatched.exe [40265 2016-08-23] ()
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [fitters] => C:\Program Files\intelligencer\misses.exe [10240 2016-08-23] (stuffing)
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [failed] => "C:\Program Files\biggers\autres.exe"
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\...\Run: [merrill] => "C:\Program Files\lanterns\politic.exe"
AppInit_DLLs: C:\ProgramData\Holdtam\WhiteLamstrong.dll => C:\ProgramData\Holdtam\WhiteLamstrong.dll [248320 2016-08-23] ()
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deserting.lnk [2016-08-26]
ShortcutTarget: deserting.lnk -> C:\Program Files\lanterns\politic.exe (No File)
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640.lnk [2016-08-26]
ShortcutTarget: ok51887640.lnk -> C:\Program Files\lanterns\politic.exe (No File)
Startup: C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640deserting.lnk [2016-08-26]
ShortcutTarget: ok51887640deserting.lnk -> C:\Program Files\biggers\autres.exe (No File)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

U2 antitrust; C:\WINDOWS\transfigured.exe [7680 2016-08-23] (ivory) [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [695296 2016-08-23] () [File not signed]
U2 pao; C:\WINDOWS\aurelian.exe [7680 2016-08-23] (mindy) [File not signed]
S2 MbaeSvc; "C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe" [X]

Task: {0A6AF2BC-777C-4FAD-9CBB-2BE0370959D8} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {0D973929-B7FB-4A8B-A83F-2AA7F6BE8B0E} - System32\Tasks\dc17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => C:\Program Files\lanterns\politic.exe
Task: {0DF71915-5574-4693-90CB-14C00A7EEA95} - \psv_Bio-Tax -> No File <==== ATTENTION
Task: {13A882F2-1687-4107-8632-B7B12EEA7308} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {1A175C88-8E5C-4998-A6C3-3B323B29D06F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1E3426F2-331C-441F-8767-D8B175FCCFF8} - \snf -> No File <==== ATTENTION
Task: {32FC1DBD-FB39-4922-B2C8-BE2E38337A9B} - \MAXDriverUpdater_UPDATES -> No File <==== ATTENTION
Task: {3344C382-8FEB-4861-95F7-209CBFD6F010} - System32\Tasks\a21252813 => C:\Program Files\lanterns\politic.exe
Task: {49347577-AD67-4EDA-AFEB-148E3A840F53} - System32\Tasks\224330021 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing) <==== ATTENTION
Task: {4E1535C6-5BC7-4B09-B147-EB2C6F8868B3} - \MAXDriverUpdaterRunAtStartup -> No File <==== ATTENTION
Task: {53A98ECF-DF39-4C33-BBE5-E3A761B79520} - \LuckyBrowse -> No File <==== ATTENTION
Task: {55652B0B-0762-4291-9F1C-BC25B50AE54B} - \psv_Donfan -> No File <==== ATTENTION
Task: {5A56876E-973F-4665-92F5-BEE581DF9C03} - \psv_Homeplus -> No File <==== ATTENTION
Task: {769B2748-8EAE-4541-9E5A-0D17C86FA7AF} - System32\Tasks\124330021 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing) <==== ATTENTION
Task: {84312A3F-8BD8-43A5-BE45-1545B97D56B6} - System32\Tasks\b21252813 => C:\Program Files\intelligencer\misses.exe [2016-08-23] (stuffing)
Task: {89F3ADF3-E874-42E5-AB59-133F67842BAD} - System32\Tasks\a4350698443506984 => C:\Program Files\biggers\autres.exe
Task: {8B82635E-88DE-415A-82D2-E590AE72290E} - \System Healer Task -> No File <==== ATTENTION
Task: {A538126C-5184-4C41-A567-67A7BB0BC11A} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {A6C54921-05A6-4DB3-9493-990A0A1818A8} - \snp -> No File <==== ATTENTION
Task: {B95717D8-EC67-4310-956F-F48B53305902} - System32\Tasks\ab17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => C:\Program Files\lanterns\politic.exe
Task: {D1BF8EB2-9B76-4CC6-AB99-1F3ED1D3CB1D} - \psv_Islux -> No File <==== ATTENTION
Task: {D312FC2C-A8E5-48BD-9CD6-5D06C14F04B8} - \{08087E47-040A-790F-0D11-7F7A097E1178} -> No File <==== ATTENTION
Task: {DD88D623-18CF-4564-8FC0-7AED6039F4CE} - System32\Tasks\dP4350698443506984 => C:\Program Files\biggers\autres.exe
Task: {E49F9D31-74C5-45E3-B96F-237BB54EEFE3} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION

ShortcutWithArgument: C:\Users\Candi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

FirewallRules: [TCP Query User{45F33D9D-4F09-4545-975B-F88D9DFF5548}C:\program files\google\chrome\application\chrome334.exe] => (Allow) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{D23191A4-5541-41A9-A839-965BABCF6A1F}C:\program files\google\chrome\application\chrome334.exe] => (Allow) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [{5378C6B3-8B2F-4F1D-9B1B-684D9DE2ACF7}] => (Block) C:\program files\google\chrome\application\chrome334.exe
FirewallRules: [{AC1511A3-45AC-4914-9C44-7216C1CFE46F}] => (Block) C:\program files\google\chrome\application\chrome334.exe

C:\a
C:\f2412c8cf06222b678921c
C:\Program Files\biggers
C:\Program Files\Caster
C:\Program Files\christians
C:\Program Files\lanterns
C:\Program Files\intelligencer
C:\Program Files\Common Files\Hotlex
C:\program files\google\chrome\application\chrome334.exe
C:\ProgramData\{10545570-512c-0}
C:\ProgramData\{33ff54cc-112c-1}
C:\ProgramData\59179e8b
C:\ProgramData\9f576948-66f7-0
C:\ProgramData\9f576948-3e21-1
C:\ProgramData\9f576948-7691-0
C:\ProgramData\Holdtam
C:\ProgramData\Logic Handler
C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
C:\Users\Candi\AppData\Local\tinstall4.exe
2016-08-23 21:44 - 2016-08-23 21:48 - 00000000 _____ C:\Users\Candi\AppData\Local\stxtname.txt
2016-08-23 21:44 - 2016-08-23 21:44 - 07118336 _____ C:\Users\Candi\AppData\Roaming\agent.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 02279413 _____ C:\Users\Candi\AppData\Roaming\Dentolex.bin
2016-08-23 21:44 - 2016-08-23 21:44 - 01901341 _____ C:\Users\Candi\AppData\Roaming\Fax-Dox.tst
2016-08-23 21:44 - 2016-08-23 21:44 - 00126464 _____ C:\Users\Candi\AppData\Roaming\noah.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00126464 _____ C:\Users\Candi\AppData\Roaming\lobby.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00072707 _____ C:\Users\Candi\AppData\Roaming\Danlux.tst
2016-08-23 21:44 - 2016-08-23 21:44 - 00070704 _____ C:\Users\Candi\AppData\Roaming\Config.xml
2016-08-23 21:44 - 2016-08-23 21:44 - 00054272 _____ C:\Users\Candi\AppData\Roaming\ApplicationHosting.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00018432 _____ C:\Users\Candi\AppData\Roaming\Main.dat
2016-08-23 21:44 - 2016-08-23 21:44 - 00005568 _____ C:\Users\Candi\AppData\Roaming\md.xml
2016-08-23 21:44 - 2016-08-23 21:44 - 00000000 _____ C:\Users\Candi\AppData\Local\run.txt
2016-08-23 21:44 - 2016-08-23 21:43 - 00695296 _____ C:\Users\Candi\AppData\Roaming\Fax-Dox.exe
2016-08-23 21:44 - 2016-08-23 21:43 - 00695296 _____ C:\Users\Candi\AppData\Roaming\Danlux.exe
2016-08-23 21:43 - 2016-08-23 21:43 - 00138240 _____ C:\Users\Candi\AppData\Roaming\Installer.dat
2016-08-23 21:43 - 2016-08-23 21:43 - 00018432 _____ C:\Users\Candi\AppData\Roaming\InstallationConfiguration.xml
C:\Users\Candi\AppData\Roaming\Mozilla
C:\Windows\aurelian.exe
C:\WINDOWS\dll.dll
C:\WINDOWS\greets.exe
C:\Windows\transfigured.exe
C:\WINDOWS\key.ini

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Run\\unwatched => value not found.
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fitters => value not found.
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Run\\failed => value not found.
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Run\\merrill => value not found.
"C:\ProgramData\Holdtam\WhiteLamstrong.dll" => Value data not found.
C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deserting.lnk => not found.
C:\Program Files\lanterns\politic.exe => not found.
C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640.lnk => not found.
C:\Program Files\lanterns\politic.exe => not found.
C:\Users\Candi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok51887640deserting.lnk => not found.
C:\Program Files\biggers\autres.exe => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
antitrust => service not found.
backlh => service not found.
Holdtam => service not found.
pao => service not found.
MbaeSvc => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6AF2BC-777C-4FAD-9CBB-2BE0370959D8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D973929-B7FB-4A8B-A83F-2AA7F6BE8B0E} => key not found. 
C:\Windows\System32\Tasks\dc17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dc17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF71915-5574-4693-90CB-14C00A7EEA95} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Bio-Tax => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A882F2-1687-4107-8632-B7B12EEA7308} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A175C88-8E5C-4998-A6C3-3B323B29D06F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E3426F2-331C-441F-8767-D8B175FCCFF8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32FC1DBD-FB39-4922-B2C8-BE2E38337A9B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAXDriverUpdater_UPDATES => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3344C382-8FEB-4861-95F7-209CBFD6F010} => key not found. 
C:\Windows\System32\Tasks\a21252813 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a21252813 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49347577-AD67-4EDA-AFEB-148E3A840F53} => key not found. 
C:\Windows\System32\Tasks\224330021 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\224330021 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1535C6-5BC7-4B09-B147-EB2C6F8868B3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAXDriverUpdaterRunAtStartup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53A98ECF-DF39-4C33-BBE5-E3A761B79520} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55652B0B-0762-4291-9F1C-BC25B50AE54B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Donfan => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A56876E-973F-4665-92F5-BEE581DF9C03} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Homeplus => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{769B2748-8EAE-4541-9E5A-0D17C86FA7AF} => key not found. 
C:\Windows\System32\Tasks\124330021 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\124330021 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84312A3F-8BD8-43A5-BE45-1545B97D56B6} => key not found. 
C:\Windows\System32\Tasks\b21252813 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b21252813 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89F3ADF3-E874-42E5-AB59-133F67842BAD} => key not found. 
C:\Windows\System32\Tasks\a4350698443506984 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a4350698443506984 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B82635E-88DE-415A-82D2-E590AE72290E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A538126C-5184-4C41-A567-67A7BB0BC11A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C54921-05A6-4DB3-9493-990A0A1818A8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95717D8-EC67-4310-956F-F48B53305902} => key not found. 
C:\Windows\System32\Tasks\ab17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ab17AIi4WA7GVZydP2teVl-ni-2016-08-23-ni-17657-ni-1 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1BF8EB2-9B76-4CC6-AB99-1F3ED1D3CB1D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Islux => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D312FC2C-A8E5-48BD-9CD6-5D06C14F04B8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08087E47-040A-790F-0D11-7F7A097E1178} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD88D623-18CF-4564-8FC0-7AED6039F4CE} => key not found. 
C:\Windows\System32\Tasks\dP4350698443506984 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dP4350698443506984 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49F9D31-74C5-45E3-B96F-237BB54EEFE3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found. 
C:\Users\Candi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{45F33D9D-4F09-4545-975B-F88D9DFF5548}C:\program files\google\chrome\application\chrome334.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D23191A4-5541-41A9-A839-965BABCF6A1F}C:\program files\google\chrome\application\chrome334.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5378C6B3-8B2F-4F1D-9B1B-684D9DE2ACF7} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC1511A3-45AC-4914-9C44-7216C1CFE46F} => value not found.
"C:\a" => not found.
"C:\f2412c8cf06222b678921c" => not found.
"C:\Program Files\biggers" => not found.
"C:\Program Files\Caster" => not found.
"C:\Program Files\christians" => not found.
"C:\Program Files\lanterns" => not found.
"C:\Program Files\intelligencer" => not found.
"C:\Program Files\Common Files\Hotlex" => not found.
"C:\program files\google\chrome\application\chrome334.exe" => not found.
"C:\ProgramData\{10545570-512c-0}" => not found.
"C:\ProgramData\{33ff54cc-112c-1}" => not found.
"C:\ProgramData\59179e8b" => not found.
"C:\ProgramData\9f576948-66f7-0" => not found.
"C:\ProgramData\9f576948-3e21-1" => not found.
"C:\ProgramData\9f576948-7691-0" => not found.
"C:\ProgramData\Holdtam" => not found.
"C:\ProgramData\Logic Handler" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles" => not found.
"C:\Users\Candi\AppData\Local\tinstall4.exe" => not found.
"C:\Users\Candi\AppData\Local\stxtname.txt" => not found.
"C:\Users\Candi\AppData\Roaming\agent.dat" => not found.
"C:\Users\Candi\AppData\Roaming\Dentolex.bin" => not found.
"C:\Users\Candi\AppData\Roaming\Fax-Dox.tst" => not found.
"C:\Users\Candi\AppData\Roaming\noah.dat" => not found.
"C:\Users\Candi\AppData\Roaming\lobby.dat" => not found.
"C:\Users\Candi\AppData\Roaming\Danlux.tst" => not found.
"C:\Users\Candi\AppData\Roaming\Config.xml" => not found.
"C:\Users\Candi\AppData\Roaming\ApplicationHosting.dat" => not found.
"C:\Users\Candi\AppData\Roaming\Main.dat" => not found.
"C:\Users\Candi\AppData\Roaming\md.xml" => not found.
"C:\Users\Candi\AppData\Local\run.txt" => not found.
"C:\Users\Candi\AppData\Roaming\Fax-Dox.exe" => not found.
"C:\Users\Candi\AppData\Roaming\Danlux.exe" => not found.
"C:\Users\Candi\AppData\Roaming\Installer.dat" => not found.
"C:\Users\Candi\AppData\Roaming\InstallationConfiguration.xml" => not found.
"C:\Users\Candi\AppData\Roaming\Mozilla" => not found.
"C:\Windows\aurelian.exe" => not found.
"C:\WINDOWS\dll.dll" => not found.
"C:\WINDOWS\greets.exe" => not found.
"C:\Windows\transfigured.exe" => not found.
"C:\WINDOWS\key.ini" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6331563 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 21652 B
Edge => 0 B
Chrome => 7792121 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 818 B
NetworkService => 0 B
Candi => 15768 B

RecycleBin => 0 B
EmptyTemp: => 13.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:44:34 ====

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x86 
Ran by Candi (Administrator) on Sat 08/27/2016 at 14:54:01.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ADF7D7E4-56A0-45D8-B409-BC5C49A28AFB} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/27/2016 at 14:56:47.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v6.010 - Logfile created 27/08/2016 at 15:03:25
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-27.1 [Server]
# Operating System : Windows 10 Home  (X86)
# Username : Candi - LAPTOP-T4C09DLD
# Running from : C:\Users\Candi\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CloudPrinter
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
[-] Key deleted: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\csdimedia
[-] Key deleted: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SrpnFiles
[#] Key deleted on reboot: HKCU\Software\csdimedia
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\csdimedia
[-] Key deleted: HKLM\SOFTWARE\WIN
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SrpnFiles
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FastIn
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\govids.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.govids.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.govids.net
[-] Value deleted: HKU\S-1-5-21-1285858443-3874230526-1085882535-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [interpee]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [interpee]


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3801 Bytes] - [27/08/2016 15:03:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [3975 Bytes] - [27/08/2016 15:02:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3947 Bytes] ##########
 

Fixlog.txt

JRT.txt

AdwCleaner[C0].txt

Link to post
Share on other sites

It seems like Malwarebytes really did take care of everything :) Alright, I would like to see the log where it deleted everything, and also we'll run Emsisoft Emergency Kit to make sure that there are no remnants left behind.

Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.
ySPxAut.png
Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard
gK0lXt3.png
Paste the content of your clipboard in your next reply.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

How's your computer running now?

Your next reply(ies) should include:

  • Copy/pasted content of the Malwarebytes scan log;
  • Copy/pasted content of the EEK clean log;
  • Answer to my question about your computer's current state;

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 8/27/2016 12:14 AM, SYSTEM, LAPTOP-T4C09DLD, Manual, Failed, No Internet connection detected, 
Update, 8/27/2016 12:14 AM, SYSTEM, LAPTOP-T4C09DLD, Manual, Failed, No Internet connection detected, 
Scan, 8/27/2016 6:54 AM, SYSTEM, LAPTOP-T4C09DLD, Manual, Start:8/27/2016 12:14 AM, Duration:7 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Starting, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Started, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Update, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Remediation Database, 2016.2.12.1, 2016.8.15.2, 
Update, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Rootkit Database, 2016.2.8.1, 2016.8.15.1, 
Update, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, IP Database, 2016.2.8.1, 2016.8.26.2, 
Update, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Domain Database, 2016.2.16.8, 2016.8.27.6, 
Update, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Malware Database, 2016.2.16.6, 2016.8.27.5, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Starting, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopping, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopped, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Success, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Detection, 8/27/2016 1:49 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, C:\Program Files\intelligencer\misses.exe, Quarantine, [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:50 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:50 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:50 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:51 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:51 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:52 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:52 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:53 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:53 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:54 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:54 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:55 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:55 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:56 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:56 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:57 PM, Candi, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Detection, 8/27/2016 1:58 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, File, PUP.Optional.DotDo.PrxySvrRST, c:\program files\intelligencer\misses.exe, Quarantine Failed, 2, The system cannot find the file specified.  , [56bb0749d3c71125c7c34e74ed14f907]
Scan, 8/27/2016 1:58 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Start:8/27/2016 1:49 PM, Duration:6 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 187 Non-Malware Detections, 
Protection, 8/27/2016 1:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Starting, 
Protection, 8/27/2016 1:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Started, 
Protection, 8/27/2016 1:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 1:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Detection, 8/27/2016 2:01 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Domain, 185.17.184.11, ough.info, 49706, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 8/27/2016 2:01 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Domain, 185.17.184.11, ough.info, 49706, Outbound, C:\Windows\System32\svchost.exe, 
Scan, 8/27/2016 2:05 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Start:8/27/2016 1:59 PM, Duration:5 min 58 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Scan, 8/27/2016 2:16 PM, SYSTEM, LAPTOP-T4C09DLD, Manual, Start:8/27/2016 2:10 PM, Duration:5 min 51 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 8/27/2016 2:41 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Starting, 
Protection, 8/27/2016 2:41 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Started, 
Protection, 8/27/2016 2:41 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 2:41 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Protection, 8/27/2016 2:45 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Starting, 
Protection, 8/27/2016 2:45 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Started, 
Protection, 8/27/2016 2:45 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 2:45 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Protection, 8/27/2016 3:04 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Starting, 
Protection, 8/27/2016 3:04 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malware Protection, Started, 
Protection, 8/27/2016 3:04 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 3:04 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Update, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Scheduler, Domain Database, 2016.8.27.6, 2016.8.27.7, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Starting, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopping, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopped, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Success, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 3:09 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 
Update, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Scheduler, Malware Database, 2016.8.27.5, 2016.8.27.6, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Starting, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopping, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Stopped, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Refresh, Success, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Starting, 
Protection, 8/27/2016 3:59 PM, SYSTEM, LAPTOP-T4C09DLD, Protection, Malicious Website Protection, Started, 

(end)

 

Emsisoft Emergency Kit - Version 11.9
Last update: 8/27/2016 7:27:00 PM
User account: LAPTOP-T4C09DLD\Candi
Computer name: LAPTOP-T4C09DLD
OS version: Windows 10x86 

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/27/2016 7:28:12 PM

Scanned    71028
Found    0

Scan end:    8/27/2016 7:29:26 PM
Scan time:    0:01:14

Emsisoft Emergency Kit - Version 11.9
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
8/27/2016 7:28:12 PM    Malware    71028    0    0:01:14    Manual scan    LAPTOP-T4C09DLD    
 

The computer is running great now. I'm not having any issues at all!

 

Link to post
Share on other sites

What you gave me is the Protection log, not the Scan log :) Please give me the scan log, and we'll also get a fresh pair of FRST logs to make sure that there's nothing left behind.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Your next reply(ies) should include:

  • Copy/pasted content of the Malwarebytes scan log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.