Jump to content

Help possible malware infection along with pup.optional.installcore


Hec
 Share

Recommended Posts

(first time posting here sorry if i'm doing something wrong or if my formatting isn't exactly up to standard)

so today i was doing the usual using my computer i decided i wanted to get a different motion wallpaper for deskscapes or videopaper but might have accidentally downloaded from the wrong site i recognized that and took the zip file and scanned it with virustotal which detected various types of malware including ransomeware and a few trojans i quickly deleted the file, but it seems something might have slipped by since malwarebytes detected pup.optional.installcore i swiftly deleted it, then as gray square started spreading to my desktop sort of like the one in the link: https://www.google.com.pr/imgres?imgurl=http%3A%2F%2Fwallup.net%2Fwp-content%2Fuploads%2F2016%2F03%2F09%2F326492-Kyle_Gray-abstract-square-748x479.jpg&imgrefurl=http%3A%2F%2Fwallup.net%2Fkyle-gray-abstract-square%2F&docid=F_s_g4UavjESUM&tbnid=BgkX-cDtma5JsM%3A&vet=10ahUKEwiPg8qT_rXUAhVU0GMKHUoRDyUQMwgpKAMwAw..i&w=748&h=479&bih=745&biw=1563&q=gray%20square%20in%20desktop&ved=0ahUKEwiPg8qT_rXUAhVU0GMKHUoRDyUQMwgpKAMwAw&iact=mrc&uact=8

i freaked out so i started windows in safe mode there i ran rkill and gmer i also ran mbam, hitman pro, spybot s&d 2, superantispyware and tdsskiller nothing detected so i go back to normal mode and see the gray squares are still present, so i change my wallpaper ran rkill again nothing terminated and i am currently scanning with avast.

specs: windows 10 64 bit gtx 1070 msi aero i5 6600 1tb toshiba hdd samsung 850 evo ssd 256gb 12gb crucial ballistix sport lt ram msi b150 gaming m3

Link to post
Share on other sites

please anybody help the situation is getting worse windows is just not working correctly its all weird i even see instances of rundll32 running as a primary process you can view so its not hidden installations of alternate antivirus/antimalware programs also fail and rkill was prevented from running i proceded to rename rkill to a jumble of words like fshagvdsaujkdgaujydgaujvdhuakdvygauidgvadvahgv.com which was succesful r kill terminated this C:\Users\Hector\AppData\Local\Temp\{6B17C1C8-4660-4CE5-871E-1F76F4B7A6B9}\ISBEW64.exe (PID: 3240) [T-HEUR] scans with all my security programs reveal nothing ive been forced to try to look for a very advanced option reformatting the drive is out of the table as i have data i cannot risk losing and installing my software again would be a pain, i am further puzzled on how i keep encountering malware problems i think it was the instance of malware that corrupted my bios and forced me to complately wipe the drive and use a backup bios (this was ages ago) a backdoor might be lingering please i have not recieved answers and i only have so much time before i go on a trip this has been a great pain any help is welcome i was contemplating using combofix in windows 8 compatibility mode but that is risky and only a proffesional should do it but that is how dire my situation is currently doing an online scan with housecall micro which had to load various executables i dont know if this is normal.

Edited by Hec
Link to post
Share on other sites

Hello Hec and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Hey kevin,

Thank you for responding my name is Hector feel free to call me that anyways thank you for helping me out i enabled hidden files and did the FRST scan here is the first log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by Hectorivanxbox (administrator) on DESKTOP-V0AEIFA (12-06-2017 15:02:52)
Running from C:\Users\Hector\Desktop
Loaded Profiles: Hectorivanxbox (Available Profiles: defaultuser0 & Hectorivanxbox)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Smart PC Utilities, Ltd.) C:\Program Files\Smart PC Utilities\Game Fire\GFTray.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-07-21] (Realtek Semiconductor)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [702136 2016-07-13] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-05] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [4131792 2015-09-10] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear)
HKU\S-1-5-20\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [Discord] => C:\Users\Hector\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4954176 2017-05-22] (GOG.com)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5774800 2017-05-23] (SecureMix LLC)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5489808 2017-05-26] (IDRIX)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [PhantomPeer] => C:\Program Files (x86)\PhantomPeer\phantompeer.exe [13160177 2016-11-10] ()
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [3737344 2017-05-17] (Datpol)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Run: [VideoPaper] => C:\Users\Hector\Downloads\extras\video paper\VideoPaper.exe [394240 2015-11-29] (Ize)
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7956384 2017-06-12] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe [1352064 2017-05-24] (TunnelBear)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-04-21]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2017-06-08]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
Startup: C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-06-11]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{37ee2001-6d4c-4a6d-8448-f196b99b3acf}: [NameServer] 23.105.70.204
Tcpip\..\Interfaces\{37ee2001-6d4c-4a6d-8448-f196b99b3acf}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{841d3d36-97c9-47ae-a054-e9bbca42bb2e}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{fb9a4d1b-fed9-4491-a26e-a694bd87ecc0}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-606003240-2892683779-3573181930-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default [2017-06-12]
CHR Extension: (Google Slides) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-21]
CHR Extension: (Arc dark chrome theme) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\adicoenigffoolephelklheejpcpoolk [2017-05-09]
CHR Extension: (Google Docs) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21]
CHR Extension: (Google Drive) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-21]
CHR Extension: (YouTube) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-21]
CHR Extension: (uBlock Origin) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-18]
CHR Extension: (Adaware Ad Block) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2017-06-01]
CHR Extension: (Google Search) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-04-21]
CHR Extension: (Avast Passwords) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-05-12]
CHR Extension: (Google Sheets) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-21]
CHR Extension: (HTTPS Everywhere) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-21]
CHR Extension: (Doom) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnpofpbcpmigidknilkmpaiiddbpbmd [2017-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
CHR Extension: (ScriptSafe) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-05-28]
CHR Extension: (Gmail) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-05-13] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-12] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.)
S2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-04-23] (EasyAntiCheat Ltd)
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-22] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-22] (GOG.com)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-31] (SurfRight B.V.)
S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [139472 2017-05-18] (eVenture Limited)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177288 2015-05-29] ()
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-28] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-05] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [112592 2015-09-10] (Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155920 2017-05-22] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3125656 2017-05-22] (Electronic Arts)
S2 phantompeerd; C:\Program Files (x86)\PhantomPeer\bin\nssm.exe [331264 2016-09-24] () [File not signed]
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-04-18] (Razer Inc)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-13] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-04-28] (Razer Inc.)
R2 SbaService; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage Next\SbaService.exe [26296 2015-10-14] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe [61184 2017-05-17] (Datpol)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2017-05-24] (TunnelBear)
R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [92328 2017-06-05] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
U5 cmdccav; C:\Windows\System32\Drivers\cmdccav.sys [431520 2017-06-07] (COMODO)
R3 CorsairGamingAudioService; C:\Windows\system32\DRIVERS\CorsairGamingAudioamd64.sys [123384 2016-03-03] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-01] ()
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
U4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-06-12] ()
R3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2016-11-23] (The OpenVPN Project)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e24w10x64.sys [156744 2015-10-07] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [186304 2017-06-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-06-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-06-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-06-12] (Malwarebytes)
R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-10-26] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [1873768 2017-05-17] (SpyShelter)
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Premium\SpyshelterKb.sys [867184 2017-05-17] (SpyShelter)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2017-05-23] (The OpenVPN Project)
R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2017-05-26] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files\Smart PC Utilities\Game Fire\GameFire.sys [14544 2017-06-11] (OpenLibSys.org)
U3 ffldrfog; C:\Users\Hector\AppData\Local\Temp\ffldrfog.sys [56584 2017-06-12] (GMER) [File not signed] <==== ATTENTION
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-12 15:02 - 2017-06-12 15:03 - 00030669 _____ C:\Users\Hector\Desktop\FRST.txt
2017-06-12 15:02 - 2017-06-12 15:02 - 00000000 ____D C:\FRST
2017-06-12 15:01 - 2017-06-12 15:02 - 02438656 _____ (Farbar) C:\Users\Hector\Desktop\FRST64.exe
2017-06-12 14:42 - 2017-06-12 14:42 - 00000010 _____ C:\Users\Hector\AppData\Local\sponge.last.runtime.cache
2017-06-12 14:41 - 2017-06-12 14:41 - 00705429 _____ C:\Users\Hector\AppData\Local\census.cache
2017-06-12 14:41 - 2017-06-12 14:41 - 00003198 _____ C:\Windows\System32\Tasks\DRScanner Startup
2017-06-12 14:41 - 2017-06-12 14:41 - 00002121 _____ C:\Users\Public\Desktop\HouseCall for Home IoT Devices.lnk
2017-06-12 14:41 - 2017-06-12 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home IoT Devices
2017-06-12 14:41 - 2017-06-12 14:41 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-06-12 14:40 - 2017-06-12 14:40 - 00307816 _____ C:\Users\Hector\AppData\Local\ars.cache
2017-06-12 14:34 - 2017-06-12 14:41 - 00000000 ____D C:\ProgramData\Trend Micro
2017-06-12 14:34 - 2017-06-12 14:34 - 00000000 ____D C:\Windows\Trend Micro
2017-06-12 14:31 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-06-12 14:30 - 2017-06-12 14:30 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hector\Downloads\HousecallLauncher64.exe
2017-06-12 14:30 - 2017-06-12 14:30 - 00000036 _____ C:\Users\Hector\AppData\Local\housecall.guid.cache
2017-06-12 14:28 - 2017-06-12 14:28 - 00003220 _____ C:\Windows\System32\Tasks\CCAVPostInstall
2017-06-12 14:24 - 2017-06-12 14:28 - 00000000 ____D C:\ProgramData\COMODO
2017-06-12 14:23 - 2017-06-12 14:24 - 09380952 _____ (COMODO) C:\Users\Hector\Downloads\ccav_installer.exe
2017-06-12 14:07 - 2017-06-12 14:16 - 120079408 _____ (VirusBlokAda ltd.) C:\Users\Hector\Downloads\vba32-personal-latest-multilanguage.exe
2017-06-12 13:49 - 2017-06-12 13:49 - 00000000 ____D C:\Users\Hector\AppData\Local\AdAwareUpdater
2017-06-12 13:43 - 2017-06-12 13:43 - 01931969 _____ C:\Users\Hector\Downloads\ProcessExplorer.zip
2017-06-12 13:40 - 2017-06-12 13:40 - 02558896 _____ C:\Users\Hector\Downloads\Adaware_Installer.exe
2017-06-12 13:40 - 2017-06-12 13:40 - 00000000 ____D C:\ProgramData\adaware
2017-06-12 12:19 - 2017-06-12 12:19 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-06-12 12:16 - 2017-06-11 21:24 - 00458503 _____ C:\Windows\system32\Drivers\etc\hosts.20170612-121651.backup
2017-06-12 12:08 - 2017-06-12 12:09 - 00288560 _____ C:\TDSSKiller.3.1.0.15_12.06.2017_12.08.35_log.txt
2017-06-12 11:52 - 2017-06-12 12:02 - 00000000 ____D C:\Program Files\Process Hacker 2
2017-06-12 10:19 - 2017-06-12 10:19 - 07275289 _____ C:\Users\Hector\Downloads\National Anthem of USSR.mp4
2017-06-12 09:54 - 2017-06-12 09:54 - 06463660 _____ (Punk Software ) C:\Users\Hector\Downloads\RocketDock-v1.3.5.exe
2017-06-12 09:54 - 2017-06-12 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2017-06-12 09:54 - 2017-06-12 09:54 - 00000000 ____D C:\Program Files (x86)\RocketDock
2017-06-11 21:29 - 2017-06-11 21:35 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Rainmeter
2017-06-11 21:29 - 2017-06-11 21:29 - 01821463 _____ C:\Users\Hector\Downloads\honeycomb_by_apiium-d7q5yuz.rmskin
2017-06-11 21:29 - 2017-06-11 21:29 - 00676305 _____ C:\Users\Hector\Downloads\cleartext_for_rainmeter__v3_4___21_may_2017__by_redsaph-d8lh1a9.rmskin
2017-06-11 21:29 - 2017-06-11 21:29 - 00360894 _____ C:\Users\Hector\Downloads\visbubble__round_visualizer_for_rainmeter_by_undefinist-d82wfbx.rmskin
2017-06-11 21:29 - 2017-06-11 21:29 - 00124566 _____ C:\Users\Hector\Downloads\rainmeter___elegance_1_0_by_lilshizzy-d3jpo7v.rmskin
2017-06-11 21:29 - 2017-06-11 21:29 - 00000000 ____D C:\Users\Hector\Documents\Rainmeter
2017-06-11 21:28 - 2017-06-11 21:28 - 02270216 _____ (Rainmeter) C:\Users\Hector\Downloads\Rainmeter-4.1-r2807-beta.exe
2017-06-11 21:28 - 2017-06-11 21:28 - 00001755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-06-11 21:28 - 2017-06-11 21:28 - 00000000 ____D C:\Program Files\Rainmeter
2017-06-11 10:56 - 2017-06-11 10:56 - 00000000 ____D C:\Users\Hector\Documents\4A Games
2017-06-11 10:50 - 2017-06-11 10:50 - 00000000 ____D C:\Users\Hector\AppData\Local\4A Games
2017-06-11 10:46 - 2017-06-12 12:07 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Wise Registry Cleaner
2017-06-11 10:46 - 2017-06-11 10:46 - 00001326 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2017-06-11 10:46 - 2017-06-11 10:46 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Wise Euask
2017-06-11 10:46 - 2017-06-11 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2017-06-11 10:45 - 2017-06-11 10:45 - 02815512 _____ (WiseCleaner.com ) C:\Users\Hector\Downloads\WRCFree.exe
2017-06-11 09:48 - 2017-06-11 09:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-11 09:45 - 2017-06-11 09:45 - 00000000 ____D C:\Users\Hector\Downloads\extras
2017-06-11 09:26 - 2017-06-11 09:26 - 00000000 ____D C:\Users\Hector\AppData\Local\4kdownload.com
2017-06-10 20:34 - 2017-06-10 20:34 - 00000222 _____ C:\Users\Hector\Desktop\Metro Last Light Redux.url
2017-06-09 17:24 - 2017-06-11 09:06 - 00000000 ____D C:\Users\Hector\Downloads\New folder
2017-06-09 17:20 - 2017-06-09 17:48 - 00000000 ____D C:\Users\Hector\AppData\Local\Stardock
2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Users\Public\Documents\Stardock
2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Users\Hector\Documents\Stardock
2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\ProgramData\Stardock
2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-06-09 17:20 - 2017-06-09 17:20 - 00000000 ____D C:\Program Files (x86)\Stardock
2017-06-09 17:19 - 2017-06-09 17:19 - 00000000 ____D C:\Users\Hector\Downloads\Stardock
2017-06-09 15:43 - 2017-06-09 15:59 - 00000000 ____D C:\ProgramData\Freemake
2017-06-09 15:43 - 2017-06-09 15:59 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-06-09 15:43 - 2017-06-09 15:45 - 00000000 ____D C:\Users\Hector\Documents\Freemake
2017-06-09 15:43 - 2017-06-09 15:43 - 00134164 _____ C:\Users\Hector\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2017-06-09 15:43 - 2017-06-09 15:43 - 00000000 ____D C:\Users\Hector\AppData\Local\FreemakeVideoDownloader
2017-06-09 15:43 - 2017-06-09 15:43 - 00000000 ____D C:\Program Files\WinPcap
2017-06-09 15:14 - 2012-11-07 21:08 - 00135680 _____ (Michael Barnathan) C:\Windows\VideoScreensaver.scr
2017-06-09 05:11 - 2017-06-09 05:11 - 00479928 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll
2017-06-09 05:11 - 2017-06-09 05:11 - 00440504 _____ (COMODO) C:\Windows\system32\ccavvrt64.dll
2017-06-09 05:11 - 2017-06-09 05:11 - 00369760 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll
2017-06-09 05:11 - 2017-06-09 05:11 - 00342200 _____ (COMODO) C:\Windows\SysWOW64\ccavvrt32.dll
2017-06-08 18:49 - 2017-06-08 19:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\SpyShelter
2017-06-08 18:49 - 2017-06-08 18:49 - 00001176 _____ C:\Users\Hector\Desktop\SpyShelter Premium.lnk
2017-06-08 18:49 - 2017-06-08 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2017-06-08 18:49 - 2017-06-08 18:49 - 00000000 ____D C:\Program Files (x86)\SpyShelter Premium
2017-06-08 18:49 - 2016-09-01 16:26 - 00052992 _____ (Datpol) C:\Windows\system32\SpyShelterShellExt.dll
2017-06-08 18:49 - 2016-09-01 16:26 - 00045824 _____ (Datpol) C:\Windows\SysWOW64\SpyShelterShellExt.dll
2017-06-08 18:19 - 2017-06-08 18:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\phantompeer
2017-06-08 18:18 - 2017-06-08 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhantomPeer
2017-06-08 18:17 - 2017-06-08 18:18 - 00000000 ____D C:\Program Files (x86)\PhantomPeer
2017-06-08 18:09 - 2017-06-08 18:38 - 00000000 ____D C:\Program Files\PeerBlock
2017-06-08 18:09 - 2017-06-08 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2017-06-08 17:54 - 2017-06-08 17:54 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2017-06-08 17:53 - 2017-06-08 17:53 - 00000000 ____D C:\Users\Hector\AppData\Local\Package Cache
2017-06-08 17:42 - 2017-06-08 18:54 - 00000000 ____D C:\Users\Hector\Desktop\vpn's
2017-06-08 17:40 - 2017-06-08 18:16 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Hide.me
2017-06-08 17:40 - 2017-06-08 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2017-06-08 17:40 - 2017-06-08 17:40 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2017-06-08 17:20 - 2017-06-08 17:20 - 07102464 _____ C:\Users\Hector\NTUSER.rhk
2017-06-08 17:19 - 2017-06-08 17:19 - 00004084 _____ C:\Windows\System32\Tasks\Wise Registry Cleaner Schedule Task
2017-06-08 17:05 - 2017-06-10 20:53 - 00000000 ____D C:\Users\Hector\AppData\Roaming\TunnelBear
2017-06-08 17:05 - 2017-06-08 17:36 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2017-06-08 17:05 - 2017-06-08 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-06-08 16:58 - 2017-06-11 10:46 - 00000000 ____D C:\Program Files (x86)\Wise
2017-06-07 21:38 - 2017-06-07 21:43 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-06-07 21:15 - 2017-06-07 21:15 - 00431520 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys
2017-06-07 20:23 - 2017-06-11 10:15 - 00000000 ____D C:\Users\Hector\Desktop\other (2)
2017-06-07 20:07 - 2017-06-07 20:07 - 00380928 _____ C:\Users\Hector\Desktop\5973cz0i.exe
2017-06-07 20:00 - 2017-06-07 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2017-06-07 20:00 - 2017-06-07 20:00 - 00000000 ____D C:\Program Files\File Shredder
2017-06-07 18:12 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2017-06-07 18:06 - 2017-06-07 18:06 - 00000049 _____ C:\Users\Hector\Desktop\url void.url
2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\Users\Hector\AppData\Roaming\QFX Software
2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\ProgramData\QFX Software
2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2017-06-07 13:46 - 2017-06-07 13:46 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2017-06-07 13:46 - 2017-02-19 15:15 - 00233248 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys
2017-06-07 13:37 - 2017-06-07 13:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2017-06-07 13:37 - 2017-06-07 13:37 - 00000000 ____D C:\Program Files (x86)\NirSoft
2017-06-07 12:44 - 2017-06-07 12:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_system32WtfEngineDrv_01009.Wdf
2017-06-07 12:44 - 2017-06-07 12:44 - 00000000 ____D C:\Users\Hector\AppData\Local\AAA_Internet_Publishing,_
2017-06-07 12:22 - 2017-06-07 12:22 - 00000426 _____ C:\Windows\system32\.crusader
2017-06-07 12:09 - 2017-06-07 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-06-07 12:09 - 2017-06-07 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-06-07 12:09 - 2017-06-07 12:09 - 00001205 _____ C:\Users\Hector\Desktop\Malwarebytes Anti-Exploit.lnk
2017-06-07 12:09 - 2017-06-07 12:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-06-07 11:16 - 2017-06-07 08:32 - 00458503 _____ C:\Windows\system32\Drivers\etc\hosts.20170607-111602.backup
2017-06-07 11:09 - 2016-12-27 13:00 - 00000000 ____D C:\Users\Hector\Desktop\Unpark-CPU-App
2017-06-07 11:04 - 2017-06-07 11:04 - 00071264 _____ C:\Users\Hector\Documents\cc_20170607_110430.reg
2017-06-07 11:01 - 2017-06-07 11:01 - 00000044 _____ C:\Users\Hector\Documents\SOMETHING.TXT
2017-06-07 10:59 - 2017-06-07 10:59 - 00000000 ____D C:\Users\Hector\.TeamSpeak 3
2017-06-07 10:45 - 2017-06-07 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz GameBoost FREE
2017-06-07 10:45 - 2017-06-07 10:45 - 00000000 ____D C:\Program Files (x86)\Toolwiz GameBoost FREE
2017-06-07 10:06 - 2017-06-07 10:06 - 00015946 _____ C:\Users\Hector\AppData\Local\recently-used.xbel
2017-06-07 08:45 - 2014-01-23 15:34 - 00427376 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
2017-06-07 08:27 - 2017-06-07 08:27 - 00000000 ____D C:\Users\Hector\AppData\Local\Thalonet,_Inc._dba_Haste
2017-06-07 08:27 - 2017-06-07 08:27 - 00000000 ____D C:\Users\Hector\AppData\Local\Haste
2017-06-07 08:26 - 2017-06-07 08:26 - 00000000 ____D C:\Program Files\Haste
2017-06-07 08:26 - 2017-06-07 08:26 - 00000000 _____ C:\Windows\system32\cd
2017-06-06 15:17 - 2017-06-06 15:17 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-06-06 12:41 - 2017-06-06 12:41 - 00000000 ____D C:\Users\Hector\AppData\Local\ESET
2017-06-05 21:37 - 2017-06-05 21:37 - 00000941 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Users\Hector\Documents\Nexus Mod Manager
2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Users\Hector\AppData\Local\Black_Tree_Gaming
2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-06-05 21:37 - 2017-06-05 21:37 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-06-05 20:17 - 2017-06-05 20:01 - 00092328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-06-05 20:16 - 2017-06-05 20:16 - 00003428 _____ C:\Windows\System32\Tasks\GameFire
2017-06-05 20:16 - 2017-06-05 20:16 - 00003134 _____ C:\Windows\System32\Tasks\GameFireSkipUAC
2017-06-05 20:16 - 2017-06-05 20:16 - 00002156 _____ C:\Users\Public\Desktop\Game Fire.lnk
2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Users\Hector\Documents\Smart PC Utilities
2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Utilities
2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Program Files\Smart PC Utilities
2017-06-05 20:16 - 2017-06-05 20:16 - 00000000 ____D C:\Program Files (x86)\Contig
2017-06-05 20:15 - 2017-06-05 20:15 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Smart PC Utilities
2017-06-05 17:40 - 2017-06-05 17:40 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnalogX
2017-06-05 17:40 - 2017-06-05 17:40 - 00000000 ____D C:\Program Files (x86)\AnalogX
2017-06-05 09:55 - 2017-06-05 09:55 - 00007605 _____ C:\Users\Hector\AppData\Local\Resmon.ResmonCfg
2017-06-04 14:19 - 2017-06-04 14:19 - 00003106 _____ C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2017-06-04 14:19 - 2017-06-04 14:19 - 00003096 _____ C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\Users\Hector\AppData\Roaming\ProcessLasso
2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\ProgramData\ProcessLasso
2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-06-04 14:19 - 2017-06-04 14:19 - 00000000 ____D C:\Program Files\Process Lasso
2017-06-04 10:54 - 2017-06-04 10:54 - 00000000 ____D C:\Users\Hector\Desktop\working
2017-06-04 09:19 - 2017-06-04 09:19 - 00000163 _____ C:\Users\Hector\Desktop\Fallout 4 Nexus - Mods and community.url
2017-06-02 22:44 - 2017-06-02 22:44 - 00000000 ____D C:\Users\Hector\AppData\Local\Foxit Reader
2017-06-02 22:43 - 2017-06-07 16:48 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-06-02 22:43 - 2017-06-02 22:43 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-06-02 22:43 - 2017-06-02 22:43 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-06-02 21:55 - 2017-06-02 22:00 - 00000000 ____D C:\Users\Hector\AppData\Local\Bilago
2017-06-02 21:29 - 2017-06-04 12:58 - 00000000 ____D C:\Fraps
2017-06-02 21:29 - 2017-06-02 21:29 - 00000599 _____ C:\Users\Public\Desktop\Fraps.lnk
2017-06-02 21:29 - 2017-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-06-01 21:37 - 2017-06-01 21:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\LibreOffice
2017-06-01 21:33 - 2017-06-11 10:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-01 21:28 - 2017-06-01 21:28 - 00000000 ____D C:\Users\Hector\AppData\Local\Zemana
2017-06-01 21:28 - 2017-06-01 21:28 - 00000000 ____D C:\Users\Hector\AppData\Local\AntiLogger Free
2017-06-01 21:28 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\13048001-E8B5-4A5B-9F-93-4B-42-84-8F-BC-FA.sys
2017-06-01 21:24 - 2017-06-11 10:06 - 00000000 ____D C:\Users\Hector\Desktop\mbar
2017-05-31 22:47 - 2017-06-07 11:03 - 00000000 ____D C:\Users\Hector\AppData\Roaming\TS3Client
2017-05-31 22:47 - 2017-05-31 22:47 - 00001024 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-05-31 22:47 - 2017-05-31 22:47 - 00000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-05-31 22:47 - 2017-05-31 22:47 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-05-31 22:44 - 2017-06-11 10:29 - 00000000 ____D C:\Users\Hector\Desktop\other
2017-05-31 22:31 - 2017-05-31 22:31 - 01663672 _____ (Malwarebytes) C:\Users\Hector\Desktop\JRT.exe
2017-05-31 22:29 - 2017-06-11 10:06 - 00000000 ____D C:\AdwCleaner
2017-05-31 22:28 - 2017-05-31 22:29 - 04110280 _____ C:\Users\Hector\Desktop\adwcleaner_6.047.exe
2017-05-31 18:39 - 2017-05-31 18:39 - 00000071 _____ C:\Users\Hector\Desktop\Online Malware Detection - ESET.url
2017-05-31 18:22 - 2017-05-31 18:22 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-31 18:22 - 2017-05-31 18:22 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-31 18:21 - 2017-05-31 18:26 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-30 21:35 - 2017-05-30 21:28 - 00002150 _____ C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2017-05-30 21:29 - 2017-06-12 14:49 - 00000000 ____D C:\Users\Hector\AppData\Local\ClassicShell
2017-05-30 21:29 - 2017-05-30 21:29 - 00000000 ____D C:\Users\Hector\AppData\Roaming\ClassicShell
2017-05-30 21:28 - 2017-05-30 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2017-05-30 21:28 - 2017-05-30 21:28 - 00000000 ____D C:\Program Files\Classic Shell
2017-05-30 06:22 - 2017-05-30 06:22 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-29 13:01 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-29 12:25 - 2017-05-29 12:22 - 00004929 _____ C:\Windows\system32\Drivers\etc\hosts.20170529-122536.backup
2017-05-29 12:19 - 2017-05-29 12:19 - 00001771 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-05-29 12:19 - 2017-05-29 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-05-29 12:19 - 2017-05-29 12:19 - 00000000 ____D C:\Program Files\Defraggler
2017-05-29 11:58 - 2017-05-29 15:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-29 11:58 - 2017-05-29 13:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-29 11:58 - 2017-05-29 11:58 - 00001478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-29 11:58 - 2017-05-29 11:58 - 00001466 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-29 11:58 - 2017-05-29 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-29 11:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-29 08:03 - 2017-05-29 08:03 - 00111558 _____ C:\Users\Hector\Documents\cc_20170529_080310.reg
2017-05-28 21:35 - 2017-05-28 21:35 - 00000000 ____D C:\Users\Hector\AppData\Roaming\SUPERAntiSpyware.com
2017-05-28 21:33 - 2017-06-12 12:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-28 21:33 - 2017-05-28 21:33 - 00001865 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-05-28 21:33 - 2017-05-28 21:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-05-28 21:33 - 2017-05-28 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-05-28 12:55 - 2017-06-12 12:09 - 00000000 ____D C:\Users\Hector\Desktop\rkill
2017-05-27 08:16 - 2017-06-09 10:38 - 00000000 ____D C:\Users\Hector\AppData\Local\Fallout4
2017-05-26 22:35 - 2017-05-28 10:06 - 00000000 ____D C:\Users\Hector\Desktop\folder locker script
2017-05-26 22:33 - 2017-05-26 22:33 - 00000000 __SHD C:\Windows\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2017-05-26 20:45 - 2017-05-26 20:45 - 00000222 _____ C:\Users\Hector\Desktop\Fallout 4.url
2017-05-26 18:03 - 2017-05-26 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-05-26 18:03 - 2017-05-26 18:03 - 00000000 ____D C:\Program Files\7-Zip
2017-05-26 17:14 - 2017-05-26 17:18 - 00001386 ___SH C:\Users\Hector\AppData\Roaming\systemFP.$dk
2017-05-26 17:14 - 2017-05-26 17:14 - 00110800 _____ C:\Windows\Secure64.dll
2017-05-26 17:14 - 2017-05-26 17:14 - 00035840 _____ C:\Windows\SysWOW64\WinFPdrv.sys
2017-05-26 17:14 - 2010-06-21 15:25 - 00272896 _____ (NewSoftwares.net,Inc.) C:\Windows\FPContextMenu64.dll
2017-05-26 17:06 - 2017-05-26 17:06 - 00000000 ____D C:\Program Files\AESCrypt
2017-05-26 16:23 - 2017-05-26 16:23 - 01180853 _____ C:\Users\Hector\Documents\VeraCrypt Rescue Disk.zip
2017-05-26 16:08 - 2017-05-26 16:08 - 00000000 ____D C:\Users\Hector\Documents\My AxCrypt
2017-05-26 16:07 - 2017-05-26 16:51 - 00000000 ____D C:\Users\Hector\AppData\Local\AxCrypt
2017-05-26 16:06 - 2017-05-26 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AxCrypt
2017-05-26 16:06 - 2017-05-26 16:06 - 00000000 ____D C:\Program Files\AxCrypt
2017-05-26 14:34 - 2017-05-26 14:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-26 14:32 - 2017-05-26 14:32 - 00000000 ____D C:\ProgramData\VeraCrypt
2017-05-26 14:24 - 2017-05-26 16:31 - 00000000 ____D C:\Users\Hector\AppData\Roaming\VeraCrypt
2017-05-26 14:24 - 2017-05-26 14:24 - 00467368 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys
2017-05-26 14:24 - 2017-05-26 14:24 - 00000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2017-05-26 14:24 - 2017-05-26 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-05-26 14:24 - 2017-05-26 14:24 - 00000000 ____D C:\Program Files\VeraCrypt
2017-05-26 10:51 - 2017-05-26 10:51 - 00003674 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-05-26 10:51 - 2016-11-11 05:19 - 00964608 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2017-05-26 10:51 - 2016-11-11 03:15 - 00925184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2017-05-26 10:51 - 2016-07-16 07:43 - 61366272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2017-05-26 10:51 - 2016-07-16 07:43 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagesp1.dll
2017-05-26 10:51 - 2016-07-16 07:42 - 03288576 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll
2017-05-26 10:50 - 2017-05-26 10:51 - 00000000 ____D C:\Program Files (x86)\Arc-Symbolic
2017-05-26 10:50 - 2016-07-16 07:42 - 61366272 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptostorm Client
2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\Program Files\TAP-Windows
2017-05-25 13:08 - 2017-05-25 13:08 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client
2017-05-25 13:02 - 2017-05-25 13:02 - 00000000 ____D C:\Users\Hector\Privax Ltd
2017-05-25 10:59 - 2017-05-25 10:59 - 00000000 ____D C:\Users\Hector\AppData\Local\GlassWire
2017-05-25 10:58 - 2017-05-25 10:58 - 00001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\GlassWire
2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\Program Files (x86)\GlassWire
2017-05-25 10:58 - 2015-05-29 00:30 - 00008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2017-05-25 10:58 - 2015-05-29 00:15 - 00033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2017-05-24 07:07 - 2017-05-24 07:07 - 00000000 ____D C:\Users\Hector\AppData\Local\FalloutNV
2017-05-23 22:41 - 2017-05-23 22:41 - 00000221 _____ C:\Users\Hector\Desktop\Fallout New Vegas.url
2017-05-23 22:25 - 2017-05-23 22:25 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Macromedia
2017-05-23 22:23 - 2017-05-23 22:23 - 00000222 _____ C:\Users\Hector\Desktop\The Binding of Isaac.url
2017-05-23 22:02 - 2017-05-23 22:02 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2017-05-23 22:02 - 2017-05-23 22:02 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2017-05-23 22:02 - 2017-05-23 22:02 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2017-05-23 22:02 - 2017-05-23 22:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2017-05-23 22:02 - 2017-05-23 22:02 - 00000220 _____ C:\Users\Hector\Desktop\DOOM 3.url
2017-05-23 21:34 - 2017-05-23 21:34 - 00000222 _____ C:\Users\Hector\Desktop\RollerCoaster Tycoon Deluxe.url
2017-05-23 20:19 - 2017-05-23 20:19 - 00038656 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap-tb-0901.sys
2017-05-23 08:34 - 2016-09-16 20:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-05-22 15:30 - 2017-05-22 15:30 - 00000000 ____D C:\prboom
2017-05-22 12:02 - 2017-05-22 12:02 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-22 12:02 - 2017-05-18 01:21 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-05-22 12:02 - 2017-03-10 17:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-05-22 12:02 - 2017-03-10 17:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-05-22 12:02 - 2017-03-10 17:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-05-22 12:02 - 2017-03-10 17:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-05-22 12:01 - 2017-05-18 03:35 - 40201848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 35390072 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 35282040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 28624504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 11056456 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 11028664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 10551072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 09248144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 04114248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 03797112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 03624784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 03256440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438233.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 01606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438233.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 01278528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 01275944 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 01056704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00993912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00993872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00964032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00775864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00725112 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00612272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00583800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-05-22 12:01 - 2017-05-18 03:35 - 00045061 _____ C:\Windows\system32\nvinfo.pb
2017-05-22 09:57 - 2017-05-22 09:57 - 00000000 ____D C:\Users\Hector\AppData\Local\zdoom
2017-05-21 21:13 - 2017-05-21 21:17 - 00000000 ____D C:\Users\Hector\AppData\Roaming\GZDoom
2017-05-21 21:08 - 2017-05-26 10:59 - 00000000 ____D C:\Program Files (x86)\Gzdoom
2017-05-20 23:23 - 2017-05-21 11:34 - 00000000 ____D C:\Users\Hector\Desktop\Zandronum
2017-05-20 16:28 - 2017-05-20 16:28 - 00000000 ____D C:\Users\Hector\AppData\Local\doomseeker
2017-05-20 16:23 - 2017-05-22 10:32 - 00000000 ____D C:\Users\Hector\AppData\Roaming\.doomseeker
2017-05-20 15:42 - 2017-05-26 10:58 - 00000000 ____D C:\Program Files (x86)\Zandronum
2017-05-19 18:00 - 2017-05-19 18:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-05-19 10:06 - 2017-05-19 10:06 - 00000000 ____D C:\Users\Hector\AppData\Local\IsolatedStorage
2017-05-19 10:06 - 2017-05-19 10:06 - 00000000 ____D C:\ProgramData\Kill Ping
2017-05-19 10:04 - 2017-05-19 10:07 - 00000000 ____D C:\Program Files\Kill Ping
2017-05-18 14:16 - 2017-05-18 14:16 - 00000962 _____ C:\Users\Public\Desktop\Blizzard App.lnk
2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Local\Blizzard Entertainment
2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Local\Battle.net
2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-05-18 14:16 - 2017-05-18 14:16 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-05-18 14:13 - 2017-05-18 14:16 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Battle.net
2017-05-18 14:13 - 2017-05-18 14:16 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-05-18 14:12 - 2017-05-18 14:13 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-17 19:56 - 2017-05-17 19:56 - 00000000 ____D C:\Users\Hector\Documents\Razer
2017-05-15 16:38 - 2017-05-26 15:38 - 00000000 ____D C:\Users\Hector\Desktop\wallpapers
2017-05-15 16:11 - 2017-05-15 16:11 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Corsair
2017-05-15 16:11 - 2017-05-15 16:11 - 00000000 ____D C:\Users\Hector\AppData\Local\Corsair
2017-05-15 16:07 - 2017-05-15 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-05-15 16:07 - 2017-05-15 16:07 - 00000000 ____D C:\Program Files (x86)\Corsair
2017-05-14 11:21 - 2017-05-14 11:21 - 00000000 ____D C:\Users\Hector\AppData\Local\ElevatedDiagnostics
2017-05-13 20:49 - 2017-05-13 20:49 - 00000000 ____D C:\Users\Hector\AppData\LocalLow\Smartly Dressed Games
2017-05-13 09:05 - 2017-05-23 08:29 - 00000000 ____D C:\Users\Hector\AppData\Local\Razer
2017-05-13 09:01 - 2017-05-23 08:35 - 00000000 ____D C:\Program Files (x86)\Razer
2017-05-13 09:01 - 2017-05-23 08:34 - 00000000 ____D C:\ProgramData\Razer
2017-05-13 09:01 - 2017-05-15 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-05-13 09:01 - 2016-10-08 02:56 - 00137840 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2017-05-13 00:49 - 2017-05-13 00:49 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-05-13 00:49 - 2017-05-13 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-05-13 00:49 - 2017-05-13 00:49 - 00000000 ____D C:\Program Files\VS Revo Group

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-12 14:58 - 2017-04-21 22:11 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-12 14:29 - 2017-05-12 21:02 - 00004184 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2DB31378-71D9-4C30-B3CD-22E5BDB23514}
2017-06-12 13:28 - 2017-04-22 12:16 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-12 12:10 - 2017-04-23 14:30 - 00000000 ____D C:\Users\Hector\AppData\Local\CrashDumps
2017-06-12 11:00 - 2017-04-21 22:50 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-12 10:56 - 2017-04-21 21:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-12 10:29 - 2017-04-25 21:02 - 00000000 ____D C:\Users\Hector\AppData\Roaming\vlc
2017-06-11 14:39 - 2017-04-22 12:22 - 02974362 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-11 14:38 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF
2017-06-11 14:34 - 2017-04-21 22:50 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-11 14:34 - 2017-04-21 22:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-11 14:34 - 2017-04-21 22:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-11 14:33 - 2017-04-22 12:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-11 14:33 - 2017-04-21 22:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-11 14:33 - 2016-07-16 02:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-06-11 10:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-11 10:12 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp
2017-06-10 20:34 - 2017-04-21 22:38 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-09 15:17 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Resources
2017-06-08 17:55 - 2017-05-12 00:31 - 00000000 ____D C:\Users\Hector\AppData\Roaming\qBittorrent
2017-06-08 17:54 - 2017-05-12 00:31 - 00000000 ____D C:\Users\Hector\AppData\Local\qBittorrent
2017-06-08 17:53 - 2017-04-22 12:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-08 17:43 - 2017-05-10 20:48 - 00000000 ____D C:\Users\Hector\Desktop\Av and productivity
2017-06-08 17:20 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector
2017-06-07 13:14 - 2017-04-21 21:40 - 00000000 ____D C:\ProgramData\Killer
2017-06-07 12:17 - 2017-04-21 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-07 12:17 - 2017-04-21 22:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-07 10:06 - 2017-05-08 16:39 - 00000000 ____D C:\Users\Hector\AppData\Local\gtk-2.0
2017-06-07 10:06 - 2017-05-08 16:29 - 00000000 ____D C:\Users\Hector\.gimp-2.8
2017-06-07 08:26 - 2017-04-26 20:49 - 00000000 ____D C:\Users\Hector\AppData\Local\Downloaded Installations
2017-06-05 20:01 - 2017-04-22 12:16 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-05 17:45 - 2017-04-21 22:45 - 00000000 ____D C:\Users\Hector\AppData\Roaming\.minecraft
2017-06-05 17:45 - 2017-04-21 22:44 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-05 17:42 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector\AppData\Local\VirtualStore
2017-06-03 10:23 - 2017-04-21 22:56 - 00000000 ____D C:\ProgramData\Origin
2017-06-03 09:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-02 16:49 - 2017-04-21 23:02 - 00000000 ____D C:\Program Files (x86)\Origin
2017-06-02 08:59 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-01 21:34 - 2017-04-21 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-01 14:52 - 2017-04-22 12:32 - 00000000 ____D C:\Users\Hector\AppData\Local\Packages
2017-06-01 08:02 - 2017-05-07 16:01 - 00000000 ____D C:\Users\Public\Documents\Winstep
2017-05-31 22:38 - 2017-04-22 12:17 - 00000000 ____D C:\Users\defaultuser0
2017-05-31 18:22 - 2017-05-12 00:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-30 21:47 - 2017-04-22 12:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-30 21:42 - 2017-04-22 12:33 - 00000000 ___RD C:\Users\Hector\OneDrive
2017-05-29 16:11 - 2017-04-21 23:11 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Origin
2017-05-29 16:10 - 2017-04-23 16:22 - 00000778 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-05-29 16:06 - 2017-04-21 23:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-05-29 13:01 - 2017-05-10 20:39 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-29 11:58 - 2017-05-12 19:30 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-27 08:16 - 2017-04-23 21:06 - 00000000 ____D C:\Users\Hector\Documents\My Games
2017-05-26 22:56 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache
2017-05-26 10:49 - 2017-05-07 17:33 - 00000000 ____D C:\Program Files (x86)\Arc-Regular
2017-05-25 15:56 - 2017-04-21 22:07 - 00000000 ____D C:\Users\Hector\AppData\Local\NVIDIA Corporation
2017-05-25 15:34 - 2017-04-21 22:07 - 00000000 ____D C:\Users\Hector\AppData\Local\NVIDIA
2017-05-25 15:34 - 2017-04-21 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-25 15:34 - 2017-04-21 21:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-23 08:37 - 2017-04-22 00:23 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 08:35 - 2017-04-22 00:23 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 15:42 - 2017-04-21 22:58 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-05-22 09:18 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-18 03:35 - 2017-04-21 22:07 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-05-18 01:48 - 2017-04-21 21:54 - 06437824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 00548984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-05-18 01:48 - 2017-04-21 21:54 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-05-17 19:56 - 2017-04-25 17:50 - 00602152 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-05-16 16:41 - 2017-04-21 21:45 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 16:41 - 2017-04-21 21:45 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-16 14:09 - 2017-04-21 21:54 - 07993157 _____ C:\Windows\system32\nvcoproc.bin
2017-05-15 17:12 - 2017-05-12 00:30 - 00000952 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-14 11:30 - 2017-05-12 00:28 - 00000000 ____D C:\Users\Hector\AppData\Roaming\Foxit Software
2017-05-14 11:23 - 2017-05-12 00:30 - 00003306 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-05-13 20:23 - 2017-05-10 20:39 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-13 20:23 - 2017-04-21 22:37 - 00000000 ____D C:\Users\Hector\AppData\Roaming\discord
2017-05-13 19:02 - 2017-05-12 00:30 - 00000956 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-13 16:08 - 2017-05-12 00:30 - 00003530 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-05-13 14:57 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM

==================== Files in the root of some directories =======

2017-06-09 15:43 - 2017-06-09 15:43 - 0134164 _____ () C:\Users\Hector\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2017-05-26 17:14 - 2017-05-26 17:18 - 0001386 ___SH () C:\Users\Hector\AppData\Roaming\systemFP.$dk
2017-06-12 14:40 - 2017-06-12 14:40 - 0307816 _____ () C:\Users\Hector\AppData\Local\ars.cache
2017-06-12 14:41 - 2017-06-12 14:41 - 0705429 _____ () C:\Users\Hector\AppData\Local\census.cache
2017-06-12 14:30 - 2017-06-12 14:30 - 0000036 _____ () C:\Users\Hector\AppData\Local\housecall.guid.cache
2017-06-07 10:06 - 2017-06-07 10:06 - 0015946 _____ () C:\Users\Hector\AppData\Local\recently-used.xbel
2017-06-05 09:55 - 2017-06-05 09:55 - 0007605 _____ () C:\Users\Hector\AppData\Local\Resmon.ResmonCfg
2017-06-12 14:42 - 2017-06-12 14:42 - 0000010 _____ () C:\Users\Hector\AppData\Local\sponge.last.runtime.cache
2017-05-03 22:41 - 2017-05-03 22:41 - 0047323 _____ () C:\ProgramData\agent.1493865717.bdinstall.bin
2017-04-21 21:42 - 2017-04-21 21:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-12 21:30 - 2017-05-12 21:51 - 0019535 _____ () C:\ProgramData\empty.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-07 15:30

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hello Hector,

Continue with the following and posst the requested logs....

Thanks for those logs, I want you to UNinstall three programs. First open Spybot Anti-Beacon, select the "Undo" option to re-enable tracking services for now. Reboot for those changes to take effect. I`ll fix the data collection to stop with FRST fix...

Next,

Uninstall the following:

Wise Registry Cleaner 9.44
Spybot - Search & Destroy
Spybot Anti-Beacon


Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Let me see that log in your reply...

Let me see those logs in your reply....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hey Kevin,

So i followed the steps you told me and i'm attaching the logs,just a thought don't know if it's a false positive but some of the roguekiller detections seem weird like glasswire and keyscrambler which i know are legitimate software and also dropbox update service anyways it's fine also after all of this is finished can i reinstall the applications you told me to uninstall because i use those very often anyways thanks for the help also i haven't removed anything in rogue killer so just letting you know.

changelog.txt

Fixlog.txt

malwarebyteslogfile.txt

Link to post
Share on other sites

RogueKiller log entries are not necessarily malicious, there are codes attached that give more information if you understand the code.... Never take it as given that produced entries should always be removed....

Continue with the following:

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\PhantomPeer\phantompeerd.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Thank you,

Kevin....

Link to post
Share on other sites

Hey kevin,

so this is the result, regarding phantompeer maybe it came bundled with something i already have peerblock thought it would work as a sort of firewall but it just blocks all p2p connections, i just searched it and phantompeer is a vpn

so in the directory there is two files one that requires administrator privilages and one that doesn;t the one that requires privilages got 0/60 detection and the one that doesn't 0/61 i didn't see anything to copy so im a bit confused

Link to post
Share on other sites

if you want there is file detail

 

 PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-11 00:49:36
Entry Point 0x000014C0
Number of sections 15
 PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 5969340 5969408 6.11 5fbb1d8c220b3fd7030e28313709d675
.data 5976064 28624 28672 0.50 105b8a47284040718e72816e13476f16
.rdata 6004736 663788 664064 6.20 3d248d3d949ad7acee7e638437a03f02
.bss 6672384 211584 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 6885376 20368 20480 5.45 28fc23b33206b3b34129dc5b035efdc6
.CRT 6905856 52 512 0.26 b936cf3516134e72f909ea71d594cea3
.tls 6909952 32 512 0.21 5b1360bb2f7c1b112aae0a64983e1a04
/4 6914048 2504 2560 2.61 4c94f6e4082c3087012d8b53d52f03f9
/19 6918144 193218 193536 6.14 334f0871633270b99382aaf77ab00aed
/31 7114752 23934 24064 4.65 5009b85f4c1841459516674850aa1e5a
Show all
 Overlays
MD5 eb0d89d048bc2e79d86a7130dd960724
File type data
Offset 7042048
Size 2606504
Entropy 5.12
 PE imports
 ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2016:11:11 01:49:36+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
5969408
LinkerVersion
2.25
EntryPoint
0x14c0
InitializedDataSize
6683648
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
UninitializedDataSize
211968
 d1254ffbf08f1988cacd2e90531f281d
SHA1 147092099fba07cfb9031fe23b267e75f5c330df
SHA256 120608812a60e2787dae8db2d229e2b1f27e89288b11d87385c144c8917a9bbf
ssdeep
196608:KT4EEp3Ysh4bDxuYwByFce5WBTxd0PgNqcTp3TZrtkerP67LDzZ:b5FWbDxugWBTxd0UVzrVih
authentihash  20aae16e7613686b31453c7b901735fa6489156d5e7d4d02d7886051e5d097a8
imphash  5e534298a4da5a43f7c78e1f71ed618b
File size 9.2 MB ( 9648552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID InstallShield setup (50.1%)
Win64 Executable (generic) (32.1%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
Tags
peexe overlay
 VirusTotal metadata
First submission 2016-12-09 05:54:36 UTC ( 6 months ago )
Last submission 2017-06-12 22:25:12 UTC ( 5 minutes ago )
File names VPNClientd.exe
phantompeerd.exe
phantompeerd.exe
Edited by Hec
Link to post
Share on other sites

there is also this:

 Opened files
C:\WINDOWS\system32\taskkill.exe (successful)
 Created processes
taskkill /f /im openvpn.exe (successful)
 Code injections in the following processes
taskkill.exe (successful)
 Opened mutexes
ShimCacheMutex (successful)
 Hooking activity
TYPE: WH_GETMESSAGE
METHOD: SetWindowsHook (successful)
 Runtime DLLs
version.dll (successful)
advapi32.dll (successful)
wsock32.dll (successful)
c:\windows\system32\mswsock.dll (successful)
hnetcfg.dll (successful)
rpcrt4.dll (successful)
c:\windows\system32\wshtcpip.dll (successful)
user32.dll (successful)
ws2_32.dll (successful)
 Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
 UDP communications
<MACHINE_DNS_SERVER>:53
Link to post
Share on other sites

the issues have gone away since i removed the PUP earlier in the thread but they resumed but it seemed that with the scans the issues were resolved also just a thought i know there is very few security programs in mac compared to pc in fact the only one i have is mbam and bitdefender but just know bitdefender found 4 trojans and one worm in my MAC im not sure if they can spread via a network but that maybe the root of my problems worms or trojans spreading via a network bitdefender provides very little info but i know the trojans start with GEN:Trojan.h.... bitdefender doesnt show the rest no log options either

 

Link to post
Share on other sites

I do not use a Mac or have any experience with a Mac.... One last scan please:

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Post the produced log...

Thank you,

Kevin

 

Link to post
Share on other sites

i finished scanning and no threats where found i also didn't get the option for the log, in any case your help was greatly appreciated my computer seems to be in working order if you think there is any more steps i should take feel free to tell me but otherwise i think i'm good.

thank you for for all the help,

Hector

Link to post
Share on other sites

well the coincidences keep happening ive never gotten a fake scam email but it appears i just did it was an email claiming to be from paypal asking me to log in to view my account statements, being new to paypal i click the link and it redirects me to chrome where ublock and avast both block the website it had something about easy privacy  which a user mentioned in a mbam forum thread i was just reading thankfully this wasn't in my main computer just my mac i did open the email in my main pc but i opened the link in my mac due to my current paranoia due to recent events is it possible that keyloggers or adware can be installed by just opening the email, sorry if this bothers you don't want to waste your time i just got concerned.

Link to post
Share on other sites

One of the main conduits for spreading malicious infections is emails. When you receive emails that require actions as you describe then yes your system is definitely under threat... Never open emails or links within emails that want you to upload or even add vital information such as PayPal, Ebay, Credit Card, or Banking details, such companies never send emails asking for critical information. Probably anyone who has an email address and uses the internet will receive suspicious emails, if you are not 100% certain of authenticity then never open such emails or links within such emails.

Unless you have any other issues or concerns we can clean up....

Uninstall Sophos AV and RogueKiller http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.