Hec Posted June 11, 2017 ID:1134788 Share Posted June 11, 2017 (first time posting here sorry if i'm doing something wrong or if my formatting isn't exactly up to standard) so today i was doing the usual using my computer i decided i wanted to get a different motion wallpaper for deskscapes or videopaper but might have accidentally downloaded from the wrong site i recognized that and took the zip file and scanned it with virustotal which detected various types of malware including ransomeware and a few trojans i quickly deleted the file, but it seems something might have slipped by since malwarebytes detected pup.optional.installcore i swiftly deleted it, then as gray square started spreading to my desktop sort of like the one in the link: https://www.google.com.pr/imgres?imgurl=http%3A%2F%2Fwallup.net%2Fwp-content%2Fuploads%2F2016%2F03%2F09%2F326492-Kyle_Gray-abstract-square-748x479.jpg&imgrefurl=http%3A%2F%2Fwallup.net%2Fkyle-gray-abstract-square%2F&docid=F_s_g4UavjESUM&tbnid=BgkX-cDtma5JsM%3A&vet=10ahUKEwiPg8qT_rXUAhVU0GMKHUoRDyUQMwgpKAMwAw..i&w=748&h=479&bih=745&biw=1563&q=gray%20square%20in%20desktop&ved=0ahUKEwiPg8qT_rXUAhVU0GMKHUoRDyUQMwgpKAMwAw&iact=mrc&uact=8 i freaked out so i started windows in safe mode there i ran rkill and gmer i also ran mbam, hitman pro, spybot s&d 2, superantispyware and tdsskiller nothing detected so i go back to normal mode and see the gray squares are still present, so i change my wallpaper ran rkill again nothing terminated and i am currently scanning with avast. specs: windows 10 64 bit gtx 1070 msi aero i5 6600 1tb toshiba hdd samsung 850 evo ssd 256gb 12gb crucial ballistix sport lt ram msi b150 gaming m3 Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1134873 Share Posted June 12, 2017 I seem to have solved it as no further symptoms have happened if anybody thinks I should try anything feel free to post if not go on with your day no need to feel pressured to help me Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135024 Share Posted June 12, 2017 (edited) please anybody help the situation is getting worse windows is just not working correctly its all weird i even see instances of rundll32 running as a primary process you can view so its not hidden installations of alternate antivirus/antimalware programs also fail and rkill was prevented from running i proceded to rename rkill to a jumble of words like fshagvdsaujkdgaujydgaujvdhuakdvygauidgvadvahgv.com which was succesful r kill terminated this C:\Users\Hector\AppData\Local\Temp\{6B17C1C8-4660-4CE5-871E-1F76F4B7A6B9}\ISBEW64.exe (PID: 3240) [T-HEUR] scans with all my security programs reveal nothing ive been forced to try to look for a very advanced option reformatting the drive is out of the table as i have data i cannot risk losing and installing my software again would be a pain, i am further puzzled on how i keep encountering malware problems i think it was the instance of malware that corrupted my bios and forced me to complately wipe the drive and use a backup bios (this was ages ago) a backdoor might be lingering please i have not recieved answers and i only have so much time before i go on a trip this has been a great pain any help is welcome i was contemplating using combofix in windows 8 compatibility mode but that is risky and only a proffesional should do it but that is how dire my situation is currently doing an online scan with housecall micro which had to load various executables i dont know if this is normal. Edited June 12, 2017 by Hec Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135028 Share Posted June 12, 2017 Hello Hec and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135032 Share Posted June 12, 2017 Hey kevin, Thank you for responding my name is Hector feel free to call me that anyways thank you for helping me out i enabled hidden files and did the FRST scan here is the first log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017 Ran by Hectorivanxbox (administrator) on DESKTOP-V0AEIFA (12-06-2017 15:02:52) Running from C:\Users\Hector\Desktop Loaded Profiles: Hectorivanxbox (Available Profiles: defaultuser0 & Hectorivanxbox) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (The Within Network, LLC) C:\Windows\unsignedthemes.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Smart PC Utilities, Ltd.) C:\Program Files\Smart PC Utilities\Game Fire\GFTray.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe (Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-07-21] (Realtek Semiconductor) HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [702136 2016-07-13] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-05] (Logitech Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [4131792 2015-09-10] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoInstrumentation] 1 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-19\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear) HKU\S-1-5-20\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [Discord] => C:\Users\Hector\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4954176 2017-05-22] (GOG.com) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5774800 2017-05-23] (SecureMix LLC) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5489808 2017-05-26] (IDRIX) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [PhantomPeer] => C:\Program Files (x86)\PhantomPeer\phantompeer.exe [13160177 2016-11-10] () HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [3737344 2017-05-17] (Datpol) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [VideoPaper] => C:\Users\Hector\Downloads\extras\video paper\VideoPaper.exe [394240 2015-11-29] (Ize) HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7956384 2017-06-12] (SUPERAntiSpyware) HKU\S-1-5-18\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-04-21] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2017-06-08] ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited) Startup: C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-06-11] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{37ee2001-6d4c-4a6d-8448-f196b99b3acf}: [NameServer] 23.105.70.204 Tcpip\..\Interfaces\{37ee2001-6d4c-4a6d-8448-f196b99b3acf}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{841d3d36-97c9-47ae-a054-e9bbca42bb2e}: [DhcpNameServer] 172.18.11.1 Tcpip\..\Interfaces\{fb9a4d1b-fed9-4491-a26e-a694bd87ecc0}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-606003240-2892683779-3573181930-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = FireFox: ======== FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default [2017-06-12] CHR Extension: (Google Slides) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-21] CHR Extension: (Arc dark chrome theme) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\adicoenigffoolephelklheejpcpoolk [2017-05-09] CHR Extension: (Google Docs) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21] CHR Extension: (Google Drive) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-21] CHR Extension: (YouTube) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-21] CHR Extension: (uBlock Origin) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-18] CHR Extension: (Adaware Ad Block) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2017-06-01] CHR Extension: (Google Search) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-04-21] CHR Extension: (Avast Passwords) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-05-12] CHR Extension: (Google Sheets) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-21] CHR Extension: (HTTPS Everywhere) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-05] CHR Extension: (Google Docs Offline) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-21] CHR Extension: (Doom) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnpofpbcpmigidknilkmpaiiddbpbmd [2017-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21] CHR Extension: (ScriptSafe) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-05-28] CHR Extension: (Gmail) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-21] CHR Extension: (Chrome Media Router) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-05-13] () S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-12] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.) S2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-04-23] (EasyAntiCheat Ltd) S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-22] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-22] (GOG.com) R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-31] (SurfRight B.V.) S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [139472 2017-05-18] (eVenture Limited) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177288 2015-05-29] () S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-28] (Rivet Networks) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-05] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [112592 2015-09-10] (Micro-Star INT'L CO., LTD.) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155920 2017-05-22] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3125656 2017-05-22] (Electronic Arts) S2 phantompeerd; C:\Program Files (x86)\PhantomPeer\bin\nssm.exe [331264 2016-09-24] () [File not signed] S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] () R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-04-18] (Razer Inc) S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-13] (Razer Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-04-28] (Razer Inc.) R2 SbaService; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe [26296 2015-10-14] (Intel Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed] R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe [61184 2017-05-17] (Datpol) S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2017-05-24] (TunnelBear) R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) S2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.) S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [92328 2017-06-05] (AVAST Software) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.) U5 cmdccav; C:\Windows\System32\Drivers\cmdccav.sys [431520 2017-06-07] (COMODO) R3 CorsairGamingAudioService; C:\Windows\system32\DRIVERS\CorsairGamingAudioamd64.sys [123384 2016-03-03] (Corsair Components, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-01] () R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC) U4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-06-12] () R3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2016-11-23] (The OpenVPN Project) S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation) R3 KillerEth; C:\Windows\System32\drivers\e24w10x64.sys [156744 2015-10-07] (Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [186304 2017-06-11] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-06-11] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-06-11] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-11] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-06-12] (Malwarebytes) R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () U2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-10-26] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [1873768 2017-05-17] (SpyShelter) R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Premium\SpyshelterKb.sys [867184 2017-05-17] (SpyShelter) S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2017-05-23] (The OpenVPN Project) R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2017-05-26] (IDRIX) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files\Smart PC Utilities\Game Fire\GameFire.sys [14544 2017-06-11] (OpenLibSys.org) U3 ffldrfog; C:\Users\Hector\AppData\Local\Temp\ffldrfog.sys [56584 2017-06-12] (GMER) [File not signed] <==== ATTENTION S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-12 15:02 - 2017-06-12 15:03 - 00030669 _____ C:\Users\Hector\Desktop\FRST.txt 2017-06-12 15:02 - 2017-06-12 15:02 - 00000000 ____D C:\FRST 2017-06-12 15:01 - 2017-06-12 15:02 - 02438656 _____ (Farbar) C:\Users\Hector\Desktop\FRST64.exe 2017-06-12 14:42 - 2017-06-12 14:42 - 00000010 _____ C:\Users\Hector\AppData\Local\sponge.last.runtime.cache 2017-06-12 14:41 - 2017-06-12 14:41 - 00705429 _____ C:\Users\Hector\AppData\Local\census.cache 2017-06-12 14:41 - 2017-06-12 14:41 - 00003198 _____ C:\Windows\System32\Tasks\DRScanner Startup 2017-06-12 14:41 - 2017-06-12 14:41 - 00002121 _____ C:\Users\Public\Desktop\HouseCall for Home IoT Devices.lnk 2017-06-12 14:41 - 2017-06-12 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home IoT Devices 2017-06-12 14:41 - 2017-06-12 14:41 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2017-06-12 14:40 - 2017-06-12 14:40 - 00307816 _____ C:\Users\Hector\AppData\Local\ars.cache 2017-06-12 14:34 - 2017-06-12 14:41 - 00000000 ____D C:\ProgramData\Trend Micro 2017-06-12 14:34 - 2017-06-12 14:34 - 00000000 ____D C:\Windows\Trend Micro 2017-06-12 14:31 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2017-06-12 14:30 - 2017-06-12 14:30 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hector\Downloads\HousecallLauncher64.exe 2017-06-12 14:30 - 2017-06-12 14:30 - 00000036 _____ C:\Users\Hector\AppData\Local\housecall.guid.cache 2017-06-12 14:28 - 2017-06-12 14:28 - 00003220 _____ C:\Windows\System32\Tasks\CCAVPostInstall 2017-06-12 14:24 - 2017-06-12 14:28 - 00000000 ____D C:\ProgramData\COMODO 2017-06-12 14:23 - 2017-06-12 14:24 - 09380952 _____ (COMODO) C:\Users\Hector\Downloads\ccav_installer.exe 2017-06-12 14:07 - 2017-06-12 14:16 - 120079408 _____ (VirusBlokAda ltd.) C:\Users\Hector\Downloads\vba32-personal-latest-multilanguage.exe 2017-06-12 13:49 - 2017-06-12 13:49 - 00000000 ____D C:\Users\Hector\AppData\Local\AdAwareUpdater 2017-06-12 13:43 - 2017-06-12 13:43 - 01931969 _____ C:\Users\Hector\Downloads\ProcessExplorer.zip 2017-06-12 13:40 - 2017-06-12 13:40 - 02558896 _____ C:\Users\Hector\Downloads\Adaware_Installer.exe 2017-06-12 13:40 - 2017-06-12 13:40 - 00000000 ____D C:\ProgramData\adaware 2017-06-12 12:19 - 2017-06-12 12:19 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-06-12 12:16 - 2017-06-11 21:24 - 00458503 _____ C:\Windows\system32\Drivers\etc\hosts.20170612-121651.backup 2017-06-12 12:08 - 2017-06-12 12:09 - 00288560 _____ C:\TDSSKiller.3.1.0.15_12.06.2017_12.08.35_log.txt 2017-06-12 11:52 - 2017-06-12 12:02 - 00000000 ____D C:\Program Files\Process Hacker 2 2017-06-12 10:19 - 2017-06-12 10:19 - 07275289 _____ C:\Users\Hector\Downloads\National Anthem of USSR.mp4 2017-06-12 09:54 - 2017-06-12 09:54 - 06463660 _____ (Punk Software ) C:\Users\Hector\Downloads\RocketDock-v1.3.5.exe 2017-06-12 09:54 - 2017-06-12 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock 2017-06-12 09:54 - 2017-06-12 09:54 - 00000000 ____D C:\Program Files (x86)\RocketDock 2017-06-11 21:29 - 2017-06-11 21:35 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Rainmeter 2017-06-11 21:29 - 2017-06-11 21:29 - 01821463 _____ C:\Users\Hector\Downloads\honeycomb_by_apiium-d7q5yuz.rmskin 2017-06-11 21:29 - 2017-06-11 21:29 - 00676305 _____ C:\Users\Hector\Downloads\cleartext_for_rainmeter__v3_4___21_may_2017__by_redsaph-d8lh1a9.rmskin 2017-06-11 21:29 - 2017-06-11 21:29 - 00360894 _____ C:\Users\Hector\Downloads\visbubble__round_visualizer_for_rainmeter_by_undefinist-d82wfbx.rmskin 2017-06-11 21:29 - 2017-06-11 21:29 - 00124566 _____ C:\Users\Hector\Downloads\rainmeter___elegance_1_0_by_lilshizzy-d3jpo7v.rmskin 2017-06-11 21:29 - 2017-06-11 21:29 - 00000000 ____D C:\Users\Hector\Documents\Rainmeter 2017-06-11 21:28 - 2017-06-11 21:28 - 02270216 _____ (Rainmeter) C:\Users\Hector\Downloads\Rainmeter-4.1-r2807-beta.exe 2017-06-11 21:28 - 2017-06-11 21:28 - 00001755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2017-06-11 21:28 - 2017-06-11 21:28 - 00000000 ____D C:\Program Files\Rainmeter 2017-06-11 10:56 - 2017-06-11 10:56 - 00000000 ____D C:\Users\Hector\Documents\4A Games 2017-06-11 10:50 - 2017-06-11 10:50 - 00000000 ____D C:\Users\Hector\AppData\Local\4A Games 2017-06-11 10:46 - 2017-06-12 12:07 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Wise Registry Cleaner 2017-06-11 10:46 - 2017-06-11 10:46 - 00001326 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2017-06-11 10:46 - 2017-06-11 10:46 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Wise Euask 2017-06-11 10:46 - 2017-06-11 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2017-06-11 10:45 - 2017-06-11 10:45 - 02815512 _____ (WiseCleaner.com ) C:\Users\Hector\Downloads\WRCFree.exe 2017-06-11 09:48 - 2017-06-11 09:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-11 09:45 - 2017-06-11 09:45 - 00000000 ____D C:\Users\Hector\Downloads\extras 2017-06-11 09:26 - 2017-06-11 09:26 - 00000000 ____D C:\Users\Hector\AppData\Local\4kdownload.com 2017-06-10 20:34 - 2017-06-10 20:34 - 00000222 _____ C:\Users\Hector\Desktop\Metro Last Light Redux.url 2017-06-09 17:24 - 2017-06-11 09:06 - 00000000 ____D C:\Users\Hector\Downloads\New folder 2017-06-09 17:20 - 2017-06-09 17:48 - 00000000 ____D C:\Users\Hector\AppData\Local\Stardock 2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Users\Public\Documents\Stardock 2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Users\Hector\Documents\Stardock 2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\ProgramData\Stardock 2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Program Files (x86)\Stardock 2017-06-09 17:19 - 2017-06-09 17:19 - 00000000 ____D C:\Users\Hector\Downloads\Stardock 2017-06-09 15:43 - 2017-06-09 15:59 - 00000000 ____D C:\ProgramData\Freemake 2017-06-09 15:43 - 2017-06-09 15:59 - 00000000 ____D C:\Program Files (x86)\Freemake 2017-06-09 15:43 - 2017-06-09 15:45 - 00000000 ____D C:\Users\Hector\Documents\Freemake 2017-06-09 15:43 - 2017-06-09 15:43 - 00134164 _____ C:\Users\Hector\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2017-06-09 15:43 - 2017-06-09 15:43 - 00000000 ____D C:\Users\Hector\AppData\Local\FreemakeVideoDownloader 2017-06-09 15:43 - 2017-06-09 15:43 - 00000000 ____D C:\Program Files\WinPcap 2017-06-09 15:14 - 2012-11-07 21:08 - 00135680 _____ (Michael Barnathan) C:\Windows\VideoScreensaver.scr 2017-06-09 05:11 - 2017-06-09 05:11 - 00479928 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll 2017-06-09 05:11 - 2017-06-09 05:11 - 00440504 _____ (COMODO) C:\Windows\system32\ccavvrt64.dll 2017-06-09 05:11 - 2017-06-09 05:11 - 00369760 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll 2017-06-09 05:11 - 2017-06-09 05:11 - 00342200 _____ (COMODO) C:\Windows\SysWOW64\ccavvrt32.dll 2017-06-08 18:49 - 2017-06-08 19:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\SpyShelter 2017-06-08 18:49 - 2017-06-08 18:49 - 00001176 _____ C:\Users\Hector\Desktop\SpyShelter Premium.lnk 2017-06-08 18:49 - 2017-06-08 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter 2017-06-08 18:49 - 2017-06-08 18:49 - 00000000 ____D C:\Program Files (x86)\SpyShelter Premium 2017-06-08 18:49 - 2016-09-01 16:26 - 00052992 _____ (Datpol) C:\Windows\system32\SpyShelterShellExt.dll 2017-06-08 18:49 - 2016-09-01 16:26 - 00045824 _____ (Datpol) C:\Windows\SysWOW64\SpyShelterShellExt.dll 2017-06-08 18:19 - 2017-06-08 18:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\phantompeer 2017-06-08 18:18 - 2017-06-08 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhantomPeer 2017-06-08 18:17 - 2017-06-08 18:18 - 00000000 ____D C:\Program Files (x86)\PhantomPeer 2017-06-08 18:09 - 2017-06-08 18:38 - 00000000 ____D C:\Program Files\PeerBlock 2017-06-08 18:09 - 2017-06-08 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock 2017-06-08 17:54 - 2017-06-08 17:54 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5 2017-06-08 17:53 - 2017-06-08 17:53 - 00000000 ____D C:\Users\Hector\AppData\Local\Package Cache 2017-06-08 17:42 - 2017-06-08 18:54 - 00000000 ____D C:\Users\Hector\Desktop\vpn's 2017-06-08 17:40 - 2017-06-08 18:16 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Hide.me 2017-06-08 17:40 - 2017-06-08 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN 2017-06-08 17:40 - 2017-06-08 17:40 - 00000000 ____D C:\Program Files (x86)\hide.me VPN 2017-06-08 17:20 - 2017-06-08 17:20 - 07102464 _____ C:\Users\Hector\NTUSER.rhk 2017-06-08 17:19 - 2017-06-08 17:19 - 00004084 _____ C:\Windows\System32\Tasks\Wise Registry Cleaner Schedule Task 2017-06-08 17:05 - 2017-06-10 20:53 - 00000000 ____D C:\Users\Hector\AppData\Roaming\TunnelBear 2017-06-08 17:05 - 2017-06-08 17:36 - 00000000 ____D C:\Program Files (x86)\TunnelBear 2017-06-08 17:05 - 2017-06-08 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear 2017-06-08 16:58 - 2017-06-11 10:46 - 00000000 ____D C:\Program Files (x86)\Wise 2017-06-07 21:38 - 2017-06-07 21:43 - 00000000 ____D C:\TDSSKiller_Quarantine 2017-06-07 21:15 - 2017-06-07 21:15 - 00431520 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys 2017-06-07 20:23 - 2017-06-11 10:15 - 00000000 ____D C:\Users\Hector\Desktop\other (2) 2017-06-07 20:07 - 2017-06-07 20:07 - 00380928 _____ C:\Users\Hector\Desktop\5973cz0i.exe 2017-06-07 20:00 - 2017-06-07 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder 2017-06-07 20:00 - 2017-06-07 20:00 - 00000000 ____D C:\Program Files\File Shredder 2017-06-07 18:12 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys 2017-06-07 18:06 - 2017-06-07 18:06 - 00000049 _____ C:\Users\Hector\Desktop\url void.url 2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\Users\Hector\AppData\Roaming\QFX Software 2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\ProgramData\QFX Software 2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler 2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\Program Files (x86)\KeyScrambler 2017-06-07 13:46 - 2017-02-19 15:15 - 00233248 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys 2017-06-07 13:37 - 2017-06-07 13:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView 2017-06-07 13:37 - 2017-06-07 13:37 - 00000000 ____D C:\Program Files (x86)\NirSoft 2017-06-07 12:44 - 2017-06-07 12:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_system32WtfEngineDrv_01009.Wdf 2017-06-07 12:44 - 2017-06-07 12:44 - 00000000 ____D C:\Users\Hector\AppData\Local\AAA_Internet_Publishing,_ 2017-06-07 12:22 - 2017-06-07 12:22 - 00000426 _____ C:\Windows\system32\.crusader 2017-06-07 12:09 - 2017-06-07 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2017-06-07 12:09 - 2017-06-07 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-07 12:09 - 2017-06-07 12:09 - 00001205 _____ C:\Users\Hector\Desktop\Malwarebytes Anti-Exploit.lnk 2017-06-07 12:09 - 2017-06-07 12:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2017-06-07 11:16 - 2017-06-07 08:32 - 00458503 _____ C:\Windows\system32\Drivers\etc\hosts.20170607-111602.backup 2017-06-07 11:09 - 2016-12-27 13:00 - 00000000 ____D C:\Users\Hector\Desktop\Unpark-CPU-App 2017-06-07 11:04 - 2017-06-07 11:04 - 00071264 _____ C:\Users\Hector\Documents\cc_20170607_110430.reg 2017-06-07 11:01 - 2017-06-07 11:01 - 00000044 _____ C:\Users\Hector\Documents\SOMETHING.TXT 2017-06-07 10:59 - 2017-06-07 10:59 - 00000000 ____D C:\Users\Hector\.TeamSpeak 3 2017-06-07 10:45 - 2017-06-07 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz GameBoost FREE 2017-06-07 10:45 - 2017-06-07 10:45 - 00000000 ____D C:\Program Files (x86)\Toolwiz GameBoost FREE 2017-06-07 10:06 - 2017-06-07 10:06 - 00015946 _____ C:\Users\Hector\AppData\Local\recently-used.xbel 2017-06-07 08:45 - 2014-01-23 15:34 - 00427376 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll 2017-06-07 08:27 - 2017-06-07 08:27 - 00000000 ____D C:\Users\Hector\AppData\Local\Thalonet,_Inc._dba_Haste 2017-06-07 08:27 - 2017-06-07 08:27 - 00000000 ____D C:\Users\Hector\AppData\Local\Haste 2017-06-07 08:26 - 2017-06-07 08:26 - 00000000 ____D C:\Program Files\Haste 2017-06-07 08:26 - 2017-06-07 08:26 - 00000000 _____ C:\Windows\system32\cd 2017-06-06 15:17 - 2017-06-06 15:17 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys 2017-06-06 12:41 - 2017-06-06 12:41 - 00000000 ____D C:\Users\Hector\AppData\Local\ESET 2017-06-05 21:37 - 2017-06-05 21:37 - 00000941 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Users\Hector\Documents\Nexus Mod Manager 2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Users\Hector\AppData\Local\Black_Tree_Gaming 2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager 2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2017-06-05 20:17 - 2017-06-05 20:01 - 00092328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2017-06-05 20:16 - 2017-06-05 20:16 - 00003428 _____ C:\Windows\System32\Tasks\GameFire 2017-06-05 20:16 - 2017-06-05 20:16 - 00003134 _____ C:\Windows\System32\Tasks\GameFireSkipUAC 2017-06-05 20:16 - 2017-06-05 20:16 - 00002156 _____ C:\Users\Public\Desktop\Game Fire.lnk 2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Users\Hector\Documents\Smart PC Utilities 2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Utilities 2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Program Files\Smart PC Utilities 2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Program Files (x86)\Contig 2017-06-05 20:15 - 2017-06-05 20:15 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Smart PC Utilities 2017-06-05 17:40 - 2017-06-05 17:40 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnalogX 2017-06-05 17:40 - 2017-06-05 17:40 - 00000000 ____D C:\Program Files (x86)\AnalogX 2017-06-05 09:55 - 2017-06-05 09:55 - 00007605 _____ C:\Users\Hector\AppData\Local\Resmon.ResmonCfg 2017-06-04 14:19 - 2017-06-04 14:19 - 00003106 _____ C:\Windows\System32\Tasks\Process Lasso Management Console (GUI) 2017-06-04 14:19 - 2017-06-04 14:19 - 00003096 _____ C:\Windows\System32\Tasks\Process Lasso Core Engine Only 2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\ProcessLasso 2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\ProgramData\ProcessLasso 2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso 2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\Program Files\Process Lasso 2017-06-04 10:54 - 2017-06-04 10:54 - 00000000 ____D C:\Users\Hector\Desktop\working 2017-06-04 09:19 - 2017-06-04 09:19 - 00000163 _____ C:\Users\Hector\Desktop\Fallout 4 Nexus - Mods and community.url 2017-06-02 22:44 - 2017-06-02 22:44 - 00000000 ____D C:\Users\Hector\AppData\Local\Foxit Reader 2017-06-02 22:43 - 2017-06-07 16:48 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-06-02 22:43 - 2017-06-02 22:43 - 00000000 ____D C:\Windows\SysWOW64\directx 2017-06-02 22:43 - 2017-06-02 22:43 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2017-06-02 21:55 - 2017-06-02 22:00 - 00000000 ____D C:\Users\Hector\AppData\Local\Bilago 2017-06-02 21:29 - 2017-06-04 12:58 - 00000000 ____D C:\Fraps 2017-06-02 21:29 - 2017-06-02 21:29 - 00000599 _____ C:\Users\Public\Desktop\Fraps.lnk 2017-06-02 21:29 - 2017-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2017-06-01 21:37 - 2017-06-01 21:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\LibreOffice 2017-06-01 21:33 - 2017-06-11 10:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-06-01 21:28 - 2017-06-01 21:28 - 00000000 ____D C:\Users\Hector\AppData\Local\Zemana 2017-06-01 21:28 - 2017-06-01 21:28 - 00000000 ____D C:\Users\Hector\AppData\Local\AntiLogger Free 2017-06-01 21:28 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\13048001-E8B5-4A5B-9F-93-4B-42-84-8F-BC-FA.sys 2017-06-01 21:24 - 2017-06-11 10:06 - 00000000 ____D C:\Users\Hector\Desktop\mbar 2017-05-31 22:47 - 2017-06-07 11:03 - 00000000 ____D C:\Users\Hector\AppData\Roaming\TS3Client 2017-05-31 22:47 - 2017-05-31 22:47 - 00001024 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2017-05-31 22:47 - 2017-05-31 22:47 - 00000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2017-05-31 22:47 - 2017-05-31 22:47 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-05-31 22:44 - 2017-06-11 10:29 - 00000000 ____D C:\Users\Hector\Desktop\other 2017-05-31 22:31 - 2017-05-31 22:31 - 01663672 _____ (Malwarebytes) C:\Users\Hector\Desktop\JRT.exe 2017-05-31 22:29 - 2017-06-11 10:06 - 00000000 ____D C:\AdwCleaner 2017-05-31 22:28 - 2017-05-31 22:29 - 04110280 _____ C:\Users\Hector\Desktop\adwcleaner_6.047.exe 2017-05-31 18:39 - 2017-05-31 18:39 - 00000071 _____ C:\Users\Hector\Desktop\Online Malware Detection - ESET.url 2017-05-31 18:22 - 2017-05-31 18:22 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\Program Files\HitmanPro 2017-05-31 18:21 - 2017-05-31 18:26 - 00000000 ____D C:\ProgramData\HitmanPro 2017-05-30 21:35 - 2017-05-30 21:28 - 00002150 _____ C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2017-05-30 21:29 - 2017-06-12 14:49 - 00000000 ____D C:\Users\Hector\AppData\Local\ClassicShell 2017-05-30 21:29 - 2017-05-30 21:29 - 00000000 ____D C:\Users\Hector\AppData\Roaming\ClassicShell 2017-05-30 21:28 - 2017-05-30 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2017-05-30 21:28 - 2017-05-30 21:28 - 00000000 ____D C:\Program Files\Classic Shell 2017-05-30 06:22 - 2017-05-30 06:22 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-05-29 13:01 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2017-05-29 12:25 - 2017-05-29 12:22 - 00004929 _____ C:\Windows\system32\Drivers\etc\hosts.20170529-122536.backup 2017-05-29 12:19 - 2017-05-29 12:19 - 00001771 _____ C:\Users\Public\Desktop\Defraggler.lnk 2017-05-29 12:19 - 2017-05-29 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2017-05-29 12:19 - 2017-05-29 12:19 - 00000000 ____D C:\Program Files\Defraggler 2017-05-29 11:58 - 2017-05-29 15:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-05-29 11:58 - 2017-05-29 13:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-05-29 11:58 - 2017-05-29 11:58 - 00001478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-05-29 11:58 - 2017-05-29 11:58 - 00001466 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-05-29 11:58 - 2017-05-29 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-05-29 11:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2017-05-29 08:03 - 2017-05-29 08:03 - 00111558 _____ C:\Users\Hector\Documents\cc_20170529_080310.reg 2017-05-28 21:35 - 2017-05-28 21:35 - 00000000 ____D C:\Users\Hector\AppData\Roaming\SUPERAntiSpyware.com 2017-05-28 21:33 - 2017-06-12 12:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-05-28 21:33 - 2017-05-28 21:33 - 00001865 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-05-28 21:33 - 2017-05-28 21:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-05-28 21:33 - 2017-05-28 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-05-28 12:55 - 2017-06-12 12:09 - 00000000 ____D C:\Users\Hector\Desktop\rkill 2017-05-27 08:16 - 2017-06-09 10:38 - 00000000 ____D C:\Users\Hector\AppData\Local\Fallout4 2017-05-26 22:35 - 2017-05-28 10:06 - 00000000 ____D C:\Users\Hector\Desktop\folder locker script 2017-05-26 22:33 - 2017-05-26 22:33 - 00000000 __SHD C:\Windows\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} 2017-05-26 20:45 - 2017-05-26 20:45 - 00000222 _____ C:\Users\Hector\Desktop\Fallout 4.url 2017-05-26 18:03 - 2017-05-26 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-05-26 18:03 - 2017-05-26 18:03 - 00000000 ____D C:\Program Files\7-Zip 2017-05-26 17:14 - 2017-05-26 17:18 - 00001386 ___SH C:\Users\Hector\AppData\Roaming\systemFP.$dk 2017-05-26 17:14 - 2017-05-26 17:14 - 00110800 _____ C:\Windows\Secure64.dll 2017-05-26 17:14 - 2017-05-26 17:14 - 00035840 _____ C:\Windows\SysWOW64\WinFPdrv.sys 2017-05-26 17:14 - 2010-06-21 15:25 - 00272896 _____ (NewSoftwares.net,Inc.) C:\Windows\FPContextMenu64.dll 2017-05-26 17:06 - 2017-05-26 17:06 - 00000000 ____D C:\Program Files\AESCrypt 2017-05-26 16:23 - 2017-05-26 16:23 - 01180853 _____ C:\Users\Hector\Documents\VeraCrypt Rescue Disk.zip 2017-05-26 16:08 - 2017-05-26 16:08 - 00000000 ____D C:\Users\Hector\Documents\My AxCrypt 2017-05-26 16:07 - 2017-05-26 16:51 - 00000000 ____D C:\Users\Hector\AppData\Local\AxCrypt 2017-05-26 16:06 - 2017-05-26 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AxCrypt 2017-05-26 16:06 - 2017-05-26 16:06 - 00000000 ____D C:\Program Files\AxCrypt 2017-05-26 14:34 - 2017-05-26 14:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-05-26 14:32 - 2017-05-26 14:32 - 00000000 ____D C:\ProgramData\VeraCrypt 2017-05-26 14:24 - 2017-05-26 16:31 - 00000000 ____D C:\Users\Hector\AppData\Roaming\VeraCrypt 2017-05-26 14:24 - 2017-05-26 14:24 - 00467368 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys 2017-05-26 14:24 - 2017-05-26 14:24 - 00000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk 2017-05-26 14:24 - 2017-05-26 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt 2017-05-26 14:24 - 2017-05-26 14:24 - 00000000 ____D C:\Program Files\VeraCrypt 2017-05-26 10:51 - 2017-05-26 10:51 - 00003674 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask 2017-05-26 10:51 - 2016-11-11 05:19 - 00964608 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2017-05-26 10:51 - 2016-11-11 03:15 - 00925184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll 2017-05-26 10:51 - 2016-07-16 07:43 - 61366272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll 2017-05-26 10:51 - 2016-07-16 07:43 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagesp1.dll 2017-05-26 10:51 - 2016-07-16 07:42 - 03288576 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll 2017-05-26 10:50 - 2017-05-26 10:51 - 00000000 ____D C:\Program Files (x86)\Arc-Symbolic 2017-05-26 10:50 - 2016-07-16 07:42 - 61366272 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll 2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptostorm Client 2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\Program Files\TAP-Windows 2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client 2017-05-25 13:02 - 2017-05-25 13:02 - 00000000 ____D C:\Users\Hector\Privax Ltd 2017-05-25 10:59 - 2017-05-25 10:59 - 00000000 ____D C:\Users\Hector\AppData\Local\GlassWire 2017-05-25 10:58 - 2017-05-25 10:58 - 00001970 _____ C:\Users\Public\Desktop\GlassWire.lnk 2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire 2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\GlassWire 2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\Program Files (x86)\GlassWire 2017-05-25 10:58 - 2015-05-29 00:30 - 00008392 _____ C:\Windows\system32\Drivers\gwdrv.cat 2017-05-25 10:58 - 2015-05-29 00:15 - 00033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys 2017-05-24 07:07 - 2017-05-24 07:07 - 00000000 ____D C:\Users\Hector\AppData\Local\FalloutNV 2017-05-23 22:41 - 2017-05-23 22:41 - 00000221 _____ C:\Users\Hector\Desktop\Fallout New Vegas.url 2017-05-23 22:25 - 2017-05-23 22:25 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Macromedia 2017-05-23 22:23 - 2017-05-23 22:23 - 00000222 _____ C:\Users\Hector\Desktop\The Binding of Isaac.url 2017-05-23 22:02 - 2017-05-23 22:02 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2017-05-23 22:02 - 2017-05-23 22:02 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2017-05-23 22:02 - 2017-05-23 22:02 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2017-05-23 22:02 - 2017-05-23 22:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll 2017-05-23 22:02 - 2017-05-23 22:02 - 00000220 _____ C:\Users\Hector\Desktop\DOOM 3.url 2017-05-23 21:34 - 2017-05-23 21:34 - 00000222 _____ C:\Users\Hector\Desktop\RollerCoaster Tycoon Deluxe.url 2017-05-23 20:19 - 2017-05-23 20:19 - 00038656 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap-tb-0901.sys 2017-05-23 08:34 - 2016-09-16 20:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys 2017-05-22 15:30 - 2017-05-22 15:30 - 00000000 ____D C:\prboom 2017-05-22 12:02 - 2017-05-22 12:02 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-05-22 12:02 - 2017-05-18 01:21 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-05-22 12:02 - 2017-03-10 17:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll 2017-05-22 12:02 - 2017-03-10 17:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-05-22 12:02 - 2017-03-10 17:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe 2017-05-22 12:02 - 2017-03-10 17:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-05-22 12:01 - 2017-05-18 03:35 - 40201848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 35390072 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 35282040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 28624504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 11056456 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 11028664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 10551072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 09248144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 04114248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 03797112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 03624784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 03256440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438233.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 01606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438233.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 01278528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 01275944 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 01056704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00993912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00993872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00964032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00775864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00725112 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00612272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00583800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-05-22 12:01 - 2017-05-18 03:35 - 00045061 _____ C:\Windows\system32\nvinfo.pb 2017-05-22 09:57 - 2017-05-22 09:57 - 00000000 ____D C:\Users\Hector\AppData\Local\zdoom 2017-05-21 21:13 - 2017-05-21 21:17 - 00000000 ____D C:\Users\Hector\AppData\Roaming\GZDoom 2017-05-21 21:08 - 2017-05-26 10:59 - 00000000 ____D C:\Program Files (x86)\Gzdoom 2017-05-20 23:23 - 2017-05-21 11:34 - 00000000 ____D C:\Users\Hector\Desktop\Zandronum 2017-05-20 16:28 - 2017-05-20 16:28 - 00000000 ____D C:\Users\Hector\AppData\Local\doomseeker 2017-05-20 16:23 - 2017-05-22 10:32 - 00000000 ____D C:\Users\Hector\AppData\Roaming\.doomseeker 2017-05-20 15:42 - 2017-05-26 10:58 - 00000000 ____D C:\Program Files (x86)\Zandronum 2017-05-19 18:00 - 2017-05-19 18:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2017-05-19 10:06 - 2017-05-19 10:06 - 00000000 ____D C:\Users\Hector\AppData\Local\IsolatedStorage 2017-05-19 10:06 - 2017-05-19 10:06 - 00000000 ____D C:\ProgramData\Kill Ping 2017-05-19 10:04 - 2017-05-19 10:07 - 00000000 ____D C:\Program Files\Kill Ping 2017-05-18 14:16 - 2017-05-18 14:16 - 00000962 _____ C:\Users\Public\Desktop\Blizzard App.lnk 2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Local\Blizzard Entertainment 2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Local\Battle.net 2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App 2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2017-05-18 14:13 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Battle.net 2017-05-18 14:13 - 2017-05-18 14:16 - 00000000 ____D C:\Program Files (x86)\Blizzard App 2017-05-18 14:12 - 2017-05-18 14:13 - 00000000 ____D C:\ProgramData\Battle.net 2017-05-17 19:56 - 2017-05-17 19:56 - 00000000 ____D C:\Users\Hector\Documents\Razer 2017-05-15 16:38 - 2017-05-26 15:38 - 00000000 ____D C:\Users\Hector\Desktop\wallpapers 2017-05-15 16:11 - 2017-05-15 16:11 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Corsair 2017-05-15 16:11 - 2017-05-15 16:11 - 00000000 ____D C:\Users\Hector\AppData\Local\Corsair 2017-05-15 16:07 - 2017-05-15 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine 2017-05-15 16:07 - 2017-05-15 16:07 - 00000000 ____D C:\Program Files (x86)\Corsair 2017-05-14 11:21 - 2017-05-14 11:21 - 00000000 ____D C:\Users\Hector\AppData\Local\ElevatedDiagnostics 2017-05-13 20:49 - 2017-05-13 20:49 - 00000000 ____D C:\Users\Hector\AppData\LocalLow\Smartly Dressed Games 2017-05-13 09:05 - 2017-05-23 08:29 - 00000000 ____D C:\Users\Hector\AppData\Local\Razer 2017-05-13 09:01 - 2017-05-23 08:35 - 00000000 ____D C:\Program Files (x86)\Razer 2017-05-13 09:01 - 2017-05-23 08:34 - 00000000 ____D C:\ProgramData\Razer 2017-05-13 09:01 - 2017-05-15 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2017-05-13 09:01 - 2016-10-08 02:56 - 00137840 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys 2017-05-13 00:49 - 2017-05-13 00:49 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2017-05-13 00:49 - 2017-05-13 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-05-13 00:49 - 2017-05-13 00:49 - 00000000 ____D C:\Program Files\VS Revo Group ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-12 14:58 - 2017-04-21 22:11 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-12 14:29 - 2017-05-12 21:02 - 00004184 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2DB31378-71D9-4C30-B3CD-22E5BDB23514} 2017-06-12 13:28 - 2017-04-22 12:16 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-06-12 12:10 - 2017-04-23 14:30 - 00000000 ____D C:\Users\Hector\AppData\Local\CrashDumps 2017-06-12 11:00 - 2017-04-21 22:50 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-12 10:56 - 2017-04-21 21:54 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-12 10:29 - 2017-04-25 21:02 - 00000000 ____D C:\Users\Hector\AppData\Roaming\vlc 2017-06-11 14:39 - 2017-04-22 12:22 - 02974362 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-11 14:38 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-06-11 14:34 - 2017-04-21 22:50 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-11 14:34 - 2017-04-21 22:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-11 14:34 - 2017-04-21 22:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-11 14:33 - 2017-04-22 12:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-11 14:33 - 2017-04-21 22:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-11 14:33 - 2016-07-16 02:04 - 00262144 _____ C:\Windows\system32\config\BBI 2017-06-11 10:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-11 10:12 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-10 20:34 - 2017-04-21 22:38 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-06-09 15:17 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Resources 2017-06-08 17:55 - 2017-05-12 00:31 - 00000000 ____D C:\Users\Hector\AppData\Roaming\qBittorrent 2017-06-08 17:54 - 2017-05-12 00:31 - 00000000 ____D C:\Users\Hector\AppData\Local\qBittorrent 2017-06-08 17:53 - 2017-04-22 12:37 - 00000000 ____D C:\ProgramData\Package Cache 2017-06-08 17:43 - 2017-05-10 20:48 - 00000000 ____D C:\Users\Hector\Desktop\Av and productivity 2017-06-08 17:20 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector 2017-06-07 13:14 - 2017-04-21 21:40 - 00000000 ____D C:\ProgramData\Killer 2017-06-07 12:17 - 2017-04-21 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-07 12:17 - 2017-04-21 22:50 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-07 10:06 - 2017-05-08 16:39 - 00000000 ____D C:\Users\Hector\AppData\Local\gtk-2.0 2017-06-07 10:06 - 2017-05-08 16:29 - 00000000 ____D C:\Users\Hector\.gimp-2.8 2017-06-07 08:26 - 2017-04-26 20:49 - 00000000 ____D C:\Users\Hector\AppData\Local\Downloaded Installations 2017-06-05 20:01 - 2017-04-22 12:16 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-05 17:45 - 2017-04-21 22:45 - 00000000 ____D C:\Users\Hector\AppData\Roaming\.minecraft 2017-06-05 17:45 - 2017-04-21 22:44 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-06-05 17:42 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector\AppData\Local\VirtualStore 2017-06-03 10:23 - 2017-04-21 22:56 - 00000000 ____D C:\ProgramData\Origin 2017-06-03 09:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness 2017-06-02 16:49 - 2017-04-21 23:02 - 00000000 ____D C:\Program Files (x86)\Origin 2017-06-02 08:59 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-01 21:34 - 2017-04-21 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-01 14:52 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector\AppData\Local\Packages 2017-06-01 08:02 - 2017-05-07 16:01 - 00000000 ____D C:\Users\Public\Documents\Winstep 2017-05-31 22:38 - 2017-04-22 12:17 - 00000000 ____D C:\Users\defaultuser0 2017-05-31 18:22 - 2017-05-12 00:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-05-30 21:47 - 2017-04-22 12:32 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-05-30 21:42 - 2017-04-22 12:33 - 00000000 ___RD C:\Users\Hector\OneDrive 2017-05-29 16:11 - 2017-04-21 23:11 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Origin 2017-05-29 16:10 - 2017-04-23 16:22 - 00000778 _____ C:\Users\Public\Desktop\Battlefield 1.lnk 2017-05-29 16:06 - 2017-04-21 23:12 - 00000000 ____D C:\Program Files (x86)\Origin Games 2017-05-29 13:01 - 2017-05-10 20:39 - 00000000 ____D C:\Program Files\Common Files\AV 2017-05-29 11:58 - 2017-05-12 19:30 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-05-27 08:16 - 2017-04-23 21:06 - 00000000 ____D C:\Users\Hector\Documents\My Games 2017-05-26 22:56 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-05-26 10:49 - 2017-05-07 17:33 - 00000000 ____D C:\Program Files (x86)\Arc-Regular 2017-05-25 15:56 - 2017-04-21 22:07 - 00000000 ____D C:\Users\Hector\AppData\Local\NVIDIA Corporation 2017-05-25 15:34 - 2017-04-21 22:07 - 00000000 ____D C:\Users\Hector\AppData\Local\NVIDIA 2017-05-25 15:34 - 2017-04-21 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-23 08:37 - 2017-04-22 00:23 - 00000000 ____D C:\Windows\system32\MRT 2017-05-23 08:35 - 2017-04-22 00:23 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-05-22 15:42 - 2017-04-21 22:58 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy 2017-05-22 09:18 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-05-18 03:35 - 2017-04-21 22:07 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-05-18 01:48 - 2017-04-21 21:54 - 06437824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 00548984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-05-18 01:48 - 2017-04-21 21:54 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-05-17 19:56 - 2017-04-25 17:50 - 00602152 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys 2017-05-16 16:41 - 2017-04-21 21:45 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-16 16:41 - 2017-04-21 21:45 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-16 14:09 - 2017-04-21 21:54 - 07993157 _____ C:\Windows\system32\nvcoproc.bin 2017-05-15 17:12 - 2017-05-12 00:30 - 00000952 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-05-14 11:30 - 2017-05-12 00:28 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Foxit Software 2017-05-14 11:23 - 2017-05-12 00:30 - 00003306 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2017-05-13 20:23 - 2017-05-10 20:39 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-05-13 20:23 - 2017-04-21 22:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\discord 2017-05-13 19:02 - 2017-05-12 00:30 - 00000956 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-05-13 16:08 - 2017-05-12 00:30 - 00003530 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2017-05-13 14:57 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM ==================== Files in the root of some directories ======= 2017-06-09 15:43 - 2017-06-09 15:43 - 0134164 _____ () C:\Users\Hector\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2017-05-26 17:14 - 2017-05-26 17:18 - 0001386 ___SH () C:\Users\Hector\AppData\Roaming\systemFP.$dk 2017-06-12 14:40 - 2017-06-12 14:40 - 0307816 _____ () C:\Users\Hector\AppData\Local\ars.cache 2017-06-12 14:41 - 2017-06-12 14:41 - 0705429 _____ () C:\Users\Hector\AppData\Local\census.cache 2017-06-12 14:30 - 2017-06-12 14:30 - 0000036 _____ () C:\Users\Hector\AppData\Local\housecall.guid.cache 2017-06-07 10:06 - 2017-06-07 10:06 - 0015946 _____ () C:\Users\Hector\AppData\Local\recently-used.xbel 2017-06-05 09:55 - 2017-06-05 09:55 - 0007605 _____ () C:\Users\Hector\AppData\Local\Resmon.ResmonCfg 2017-06-12 14:42 - 2017-06-12 14:42 - 0000010 _____ () C:\Users\Hector\AppData\Local\sponge.last.runtime.cache 2017-05-03 22:41 - 2017-05-03 22:41 - 0047323 _____ () C:\ProgramData\agent.1493865717.bdinstall.bin 2017-04-21 21:42 - 2017-04-21 21:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2017-05-12 21:30 - 2017-05-12 21:51 - 0019535 _____ () C:\ProgramData\empty.ico ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-07 15:30 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135056 Share Posted June 12, 2017 Hello Hector, Continue with the following and posst the requested logs.... Thanks for those logs, I want you to UNinstall three programs. First open Spybot Anti-Beacon, select the "Undo" option to re-enable tracking services for now. Reboot for those changes to take effect. I`ll fix the data collection to stop with FRST fix... Next, Uninstall the following:Wise Registry Cleaner 9.44 Spybot - Search & Destroy Spybot Anti-Beacon Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download and save RogueKiller to your Desktop from this link:https://www.fosshub.com/RogueKiller.html/setup.exe Right click setup.exe and select Run as Administrator to start installing RogueKiller. At the next window Checkmark "Install 32 and 64 bit versions, then select "Next" In the next window skip Licence I.D. and Licence Key, select "Next" In the next window make no changes and select "Next" In the next window leave both "Additional Shortcuts" checkmarked, then select "Next" In the next window make no changes and select "Install" RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish. RogueKiller will launch. Accept UAC, then read and accept "User Agreements" In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes select "Open Report" In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply Let me see that log in your reply... Let me see those logs in your reply.... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135064 Share Posted June 12, 2017 Hey Kevin, So i followed the steps you told me and i'm attaching the logs,just a thought don't know if it's a false positive but some of the roguekiller detections seem weird like glasswire and keyscrambler which i know are legitimate software and also dropbox update service anyways it's fine also after all of this is finished can i reinstall the applications you told me to uninstall because i use those very often anyways thanks for the help also i haven't removed anything in rogue killer so just letting you know. changelog.txt Fixlog.txt malwarebyteslogfile.txt Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135073 Share Posted June 12, 2017 Can I see the log from RogueKiller...? Regarding SpyBot programs, you can install them if you want, just be aware they are of not needed as you have Malwarebytes premium... Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135075 Share Posted June 12, 2017 (edited) im pretty sure changelog.txt is the roguekiller log but i can search my desktop again if not ill scan again see if i can get another log EDIT; ok im sorry XD i found the log here it is roguekiller.txt Edited June 12, 2017 by Hec Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135076 Share Posted June 12, 2017 Changelog.txt is the historical log of changes made to to the RogueKiller program, not the log from the scan I requested... Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135077 Share Posted June 12, 2017 made this reply incase you didnt see the edit roguekiller.txt Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135084 Share Posted June 12, 2017 RogueKiller log entries are not necessarily malicious, there are codes attached that give more information if you understand the code.... Never take it as given that produced entries should always be removed.... Continue with the following:Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Program Files (x86)\PhantomPeer\phantompeerd.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the results back here please. Thank you, Kevin.... Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135085 Share Posted June 12, 2017 Hey kevin, so this is the result, regarding phantompeer maybe it came bundled with something i already have peerblock thought it would work as a sort of firewall but it just blocks all p2p connections, i just searched it and phantompeer is a vpn so in the directory there is two files one that requires administrator privilages and one that doesn;t the one that requires privilages got 0/60 detection and the one that doesn't 0/61 i didn't see anything to copy so im a bit confused Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135087 Share Posted June 12, 2017 (edited) if you want there is file detail PE header basic information Target machine Intel 386 or later processors and compatible processors Compilation timestamp 2016-11-11 00:49:36 Entry Point 0x000014C0 Number of sections 15 PE sections Name Virtual address Virtual size Raw size Entropy MD5 .text 4096 5969340 5969408 6.11 5fbb1d8c220b3fd7030e28313709d675 .data 5976064 28624 28672 0.50 105b8a47284040718e72816e13476f16 .rdata 6004736 663788 664064 6.20 3d248d3d949ad7acee7e638437a03f02 .bss 6672384 211584 0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 6885376 20368 20480 5.45 28fc23b33206b3b34129dc5b035efdc6 .CRT 6905856 52 512 0.26 b936cf3516134e72f909ea71d594cea3 .tls 6909952 32 512 0.21 5b1360bb2f7c1b112aae0a64983e1a04 /4 6914048 2504 2560 2.61 4c94f6e4082c3087012d8b53d52f03f9 /19 6918144 193218 193536 6.14 334f0871633270b99382aaf77ab00aed /31 7114752 23934 24064 4.65 5009b85f4c1841459516674850aa1e5a Show all Overlays MD5 eb0d89d048bc2e79d86a7130dd960724 File type data Offset 7042048 Size 2606504 Entropy 5.12 PE imports [+] ADVAPI32.dll [+] COMCTL32.DLL [+] COMDLG32.DLL [+] GDI32.dll [+] KERNEL32.dll [+] OLEAUT32.dll [+] SHELL32.DLL [+] USER32.dll [+] WINSPOOL.DRV [+] WS2_32.dll [+] WSOCK32.DLL [+] msvcrt.dll [+] ole32.dll ExifTool file metadata MIMEType application/octet-stream Subsystem Windows GUI MachineType Intel 386 or later, and compatibles FileTypeExtension exe TimeStamp 2016:11:11 01:49:36+01:00 FileType Win32 EXE PEType PE32 CodeSize 5969408 LinkerVersion 2.25 EntryPoint 0x14c0 InitializedDataSize 6683648 SubsystemVersion 4.0 ImageVersion 0.0 OSVersion 4.0 UninitializedDataSize 211968 d1254ffbf08f1988cacd2e90531f281d SHA1 147092099fba07cfb9031fe23b267e75f5c330df SHA256 120608812a60e2787dae8db2d229e2b1f27e89288b11d87385c144c8917a9bbf ssdeep 196608:KT4EEp3Ysh4bDxuYwByFce5WBTxd0PgNqcTp3TZrtkerP67LDzZ:b5FWbDxugWBTxd0UVzrVih authentihash 20aae16e7613686b31453c7b901735fa6489156d5e7d4d02d7886051e5d097a8 imphash 5e534298a4da5a43f7c78e1f71ed618b File size 9.2 MB ( 9648552 bytes ) File type Win32 EXE Magic literal PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID InstallShield setup (50.1%) Win64 Executable (generic) (32.1%) Win32 Dynamic Link Library (generic) (7.6%) Win32 Executable (generic) (5.2%) Generic Win/DOS Executable (2.3%) Tags peexe overlay VirusTotal metadata First submission 2016-12-09 05:54:36 UTC ( 6 months ago ) Last submission 2017-06-12 22:25:12 UTC ( 5 minutes ago ) File names VPNClientd.exe phantompeerd.exe phantompeerd.exe Edited June 12, 2017 by Hec Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135088 Share Posted June 12, 2017 there is also this: Opened files C:\WINDOWS\system32\taskkill.exe (successful) Created processes taskkill /f /im openvpn.exe (successful) Code injections in the following processes taskkill.exe (successful) Opened mutexes ShimCacheMutex (successful) Hooking activity TYPE: WH_GETMESSAGEMETHOD: SetWindowsHook (successful) Runtime DLLs version.dll (successful) advapi32.dll (successful) wsock32.dll (successful) c:\windows\system32\mswsock.dll (successful) hnetcfg.dll (successful) rpcrt4.dll (successful) c:\windows\system32\wshtcpip.dll (successful) user32.dll (successful) ws2_32.dll (successful) Additional details The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function. UDP communications <MACHINE_DNS_SERVER>:53 Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135089 Share Posted June 12, 2017 I`m not confused, just want the results from VirusTotal or the link to VirusTotal results.... Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135090 Share Posted June 12, 2017 ohh ok here are the links also i meant im confused anyways here you go: https://www.virustotal.com/en/file/120608812a60e2787dae8db2d229e2b1f27e89288b11d87385c144c8917a9bbf/analysis/1497306312/ https://www.virustotal.com/en/file/88e773eaaf788b7b4e8494f476e26f3694da6292604904a42af754a86c49851b/analysis/1497306358/ Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135093 Share Posted June 12, 2017 Thanks for those links, what is happening with your PC, is it responding as expected..? do you have any remaining issues or concerns,,,? Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135095 Share Posted June 12, 2017 the issues have gone away since i removed the PUP earlier in the thread but they resumed but it seemed that with the scans the issues were resolved also just a thought i know there is very few security programs in mac compared to pc in fact the only one i have is mbam and bitdefender but just know bitdefender found 4 trojans and one worm in my MAC im not sure if they can spread via a network but that maybe the root of my problems worms or trojans spreading via a network bitdefender provides very little info but i know the trojans start with GEN:Trojan.h.... bitdefender doesnt show the rest no log options either Link to post Share on other sites More sharing options...
kevinf80 Posted June 12, 2017 ID:1135096 Share Posted June 12, 2017 I do not use a Mac or have any experience with a Mac.... One last scan please: Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Post the produced log... Thank you, Kevin Link to post Share on other sites More sharing options...
Hec Posted June 12, 2017 Author ID:1135112 Share Posted June 12, 2017 i finished scanning and no threats where found i also didn't get the option for the log, in any case your help was greatly appreciated my computer seems to be in working order if you think there is any more steps i should take feel free to tell me but otherwise i think i'm good. thank you for for all the help, Hector Link to post Share on other sites More sharing options...
Hec Posted June 13, 2017 Author ID:1135122 Share Posted June 13, 2017 well the coincidences keep happening ive never gotten a fake scam email but it appears i just did it was an email claiming to be from paypal asking me to log in to view my account statements, being new to paypal i click the link and it redirects me to chrome where ublock and avast both block the website it had something about easy privacy which a user mentioned in a mbam forum thread i was just reading thankfully this wasn't in my main computer just my mac i did open the email in my main pc but i opened the link in my mac due to my current paranoia due to recent events is it possible that keyloggers or adware can be installed by just opening the email, sorry if this bothers you don't want to waste your time i just got concerned. Link to post Share on other sites More sharing options...
kevinf80 Posted June 13, 2017 ID:1135154 Share Posted June 13, 2017 One of the main conduits for spreading malicious infections is emails. When you receive emails that require actions as you describe then yes your system is definitely under threat... Never open emails or links within emails that want you to upload or even add vital information such as PayPal, Ebay, Credit Card, or Banking details, such companies never send emails asking for critical information. Probably anyone who has an email address and uses the internet will receive suspicious emails, if you are not 100% certain of authenticity then never open such emails or links within such emails. Unless you have any other issues or concerns we can clean up.... Uninstall Sophos AV and RogueKiller http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Hec Posted June 13, 2017 Author ID:1135163 Share Posted June 13, 2017 Hey Kevin, thank you for all your help I will do this as soon as I can like I specified today I’m going on a trip but I will do all of this as soon as possible and thanks again have a nice/night. Link to post Share on other sites More sharing options...
kevinf80 Posted June 13, 2017 ID:1135167 Share Posted June 13, 2017 Thanks for the update Hector, enjoy your trip.... Regards, Kevin Link to post Share on other sites More sharing options...
Recommended Posts