Jump to content

How do I remove OCPF288.temp.exe


Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

There may be more than just to delete that file.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions

Link to post
Share on other sites

Sorry Nasdaq,

Here is the FRST file pasted:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.04.2019 01
Ran by Patrice (administrator) on PATRICE (LENOVO 20289) (20-04-2019 09:35:38)
Running from C:\Users\Patrice\Downloads
Loaded Profiles: UpdatusUser & Patrice (Available Profiles: UpdatusUser & Patrice)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe
(IOLO TECHNOLOGIES, LLC -> Copyright 2018.) C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Cyren -> Cyren, Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Pokki -> Pokki) C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\SSTray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBGovernor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\SystemMechanic.exe
(SatoshiLabs s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(iolo technologies, LLC -> iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ToolKit.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-18] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-22] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-22] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (IOLO TECHNOLOGIES, LLC -> Copyright 2018.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4871680 2017-09-06] (Sanford, L.P.) [File not signed]
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [2033664 2017-09-06] (Sanford, L.P.) [File not signed]
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\RunOnce: [Uninstall C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {2ae7fadd-8ec1-11e4-825b-8086f2a782f2} - "E:\setup.exe" 
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {e04bab34-05dd-11e7-82be-8086f2a782f2} - "E:\setup.exe" 
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\MountPoints2: {fe5a539d-a1a5-11e4-8263-8086f2a782f2} - "E:\VZW_Software_upgrade_assistant.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{d0869df6-64b0-4289-b483-9bff61394420}] -> C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfCredProv.dll [2014-05-22] (Lenovo (Beijing) Limited -> ) [File not signed]
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => No File
AppInit_DLLs:  C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA CORPORATION -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32:  C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA CORPORATION -> NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-05-22]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-02-24]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> )
Startup: C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2018-11-21]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs s.r.o. -> )
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03956B10-86F0-4580-B882-119254E5D0C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {0DA53A98-FA7D-4991-8ABB-7C0F24BEE63F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel(R) Update Manager -> Intel Corporation)
Task: {114F45DF-07B7-477E-9531-C464FF390496} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {14BFC19A-FBE4-4A2E-816D-CB0D3994CD9D} - System32\Tasks\Live Boost Process Governor => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {1B84197F-8697-431E-B778-21EE984F6AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {25B9EACD-7437-4C07-8FD1-EC63F46F280E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {28336419-6BEF-41D3-B19F-AF968ECBB23F} - System32\Tasks\Phoenix360\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {2FC820FB-2A3B-4B81-A272-71C65A59E3BE} - System32\Tasks\Phoenix360\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {36268AEA-A9AF-4A22-B590-AF0C0D7AD83F} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {47E6C795-B03D-455D-BE0F-EB98F7420071} - System32\Tasks\Phoenix360\ioloSystemShield => C:\Program Files (x86)\Phoenix360\System Mechanic\SSTray.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {4BFB6D85-7322-4A3C-A20C-C1748C067C2A} - System32\Tasks\SweetLabs App Platform => C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki)
Task: {4EB89F86-4740-4A57-8393-E74FD691ADAD} - System32\Tasks\Phoenix360\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {65B6BD6E-3B2F-4017-92DC-591EC088FC7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6CECA0B0-07D9-489A-B3D5-8513A96F665A} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {786E35D5-C904-4211-9AA3-916311F0F44B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9DB2662B-54CA-4828-84E1-6E9717FAF52C} - System32\Tasks\Phoenix360\ioloAVDefsDownloader => C:\Program Files (x86)\Phoenix360\System Mechanic\SSDefs.exe (iolo technologies, LLC -> iolo technologies, LLC)
Task: {A4160F6D-2DF8-4392-9599-92ECBF34480F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel(R) Update Manager -> Intel Corporation)
Task: {AFCC202B-B9A0-4175-9327-426B41EC6799} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C1DC4994-FFAB-4C8D-AFBB-22692E079075} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {CF3C28BD-08FC-4900-8B0B-29B8E20CCBF4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1407781348-2952289101-2913086708-1002 => C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {DF9883AF-3803-4986-A2E2-EC723961FB69} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DFA88BF2-6579-4F2C-8361-21AF00F41457} - System32\Tasks\Phoenix360\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (iolo technologies, LLC -> iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{03FCB178-291C-4FE9-BD9E-C136837F06E0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5CC84C9A-2134-4FDA-A67F-DEE740F3C015}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF DefaultProfile: 2xylln3o.default
FF ProfilePath: C:\Users\Patrice\AppData\Roaming\Mozilla\Firefox\Profiles\2xylln3o.default [2019-04-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Patrice\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-01-22]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default [2019-04-20]
CHR Extension: (Slides) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (Ledger Manager) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-06]
CHR Extension: (YouTube) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Sheets) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2017-12-17]
CHR Extension: (Cisco Webex Extension) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-06]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-06]
CHR Extension: (MyEtherWallet) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2018-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\Patrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-10]
CHR HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2017-09-06] (Sanford, L.P.) [File not signed]
S3 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1880864 2018-02-10] (Maxthon (Asia) Limited. -> Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] (Intel Corporation-Mobile Wireless Group -> )
S3 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software)
S3 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab Ltd -> PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab Ltd -> PointGrab LTD)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-05-22] (Lenovo (Beijing) Limited -> )
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [133176 2018-10-12] (Cyren -> Cyren, Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [130616 2018-10-12] (Cyren -> Cyren, Inc.)
R2 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [193408 2018-10-12] (Cyren -> Cyren, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (IOLO TECHNOLOGIES, LLC -> Copyright 2018.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMP; C:\windows\system32\Drivers\amp.sys [202664 2018-10-15] (Cyren -> Cyren, Inc.)
R2 AMPSE; C:\windows\system32\Drivers\ampse.sys [2065632 2018-10-15] (Cyren -> Cyren, Inc.)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153328 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R1 excfs; C:\windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 excsd; C:\windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [4216320 2013-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> )
S3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> )
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [127136 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73912 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [114040 2019-04-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [116440 2014-08-13] (Realtek Semiconductor Corp -> Realtek )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [250024 2019-04-13] (Zemana Ltd. -> Copyright 2017.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [250024 2019-04-13] (Zemana Ltd. -> Copyright 2017.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 09:35 - 2019-04-20 09:37 - 000033033 _____ C:\Users\Patrice\Downloads\FRST.txt
2019-04-20 09:35 - 2019-04-20 09:35 - 000000000 ____D C:\Users\Patrice\Downloads\FRST-OlderVersion
2019-04-20 09:35 - 2019-04-20 09:35 - 000000000 ____D C:\FRST
2019-04-20 09:34 - 2019-04-20 09:35 - 002434048 _____ (Farbar) C:\Users\Patrice\Downloads\FRST64 (1).exe
2019-04-20 09:15 - 2019-04-20 09:15 - 000002274 _____ C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iolo Premium Support.lnk
2019-04-20 09:14 - 2019-04-20 09:14 - 002211568 _____ (LogMeIn, Inc.) C:\Users\Patrice\Downloads\Support-LogMeInRescue.exe
2019-04-16 16:57 - 2019-04-20 09:26 - 000073912 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2019-04-16 16:57 - 2019-04-20 09:25 - 000274416 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-04-16 16:57 - 2019-04-16 16:57 - 000127136 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2019-04-16 16:57 - 2019-04-16 16:57 - 000114040 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2019-04-13 08:39 - 2019-04-20 09:35 - 000066487 _____ C:\windows\ZAM.krnl.trace
2019-04-13 08:39 - 2019-04-20 09:35 - 000031575 _____ C:\windows\ZAM_Guard.krnl.trace
2019-04-13 08:39 - 2019-04-13 08:39 - 000250024 _____ (Copyright 2017.) C:\windows\system32\Drivers\zamguard64.sys
2019-04-13 08:39 - 2019-04-13 08:39 - 000250024 _____ (Copyright 2017.) C:\windows\system32\Drivers\zam64.sys
2019-04-13 08:39 - 2019-04-13 08:39 - 000001303 _____ C:\Users\Public\Desktop\Malware Killer.lnk
2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\Users\Patrice\AppData\Local\Zemana
2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\Users\Patrice\AppData\Local\Iolo Technologies
2019-04-13 08:39 - 2019-04-13 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Killer
2019-04-13 08:37 - 2019-04-13 08:38 - 017496568 _____ (iolo technologies, LLC) C:\Users\Patrice\Downloads\MalwareKillerSetup.exe
2019-04-09 17:37 - 2019-04-09 17:37 - 000000000 ____D C:\windows\LastGood.Tmp
2019-04-09 16:39 - 2019-04-01 21:16 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-04-09 16:39 - 2019-03-26 12:11 - 007079936 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2019-04-09 16:39 - 2019-03-26 11:57 - 005276160 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2019-04-09 16:39 - 2019-03-26 11:40 - 007798272 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-04-09 16:39 - 2019-03-26 11:35 - 005270528 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 16:39 - 2019-03-26 04:16 - 001311976 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-04-09 16:39 - 2019-03-26 02:14 - 025736704 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-04-09 16:39 - 2019-03-26 01:52 - 002902528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-04-09 16:39 - 2019-03-26 01:50 - 000577024 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-04-09 16:39 - 2019-03-26 01:12 - 020280832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-04-09 16:39 - 2019-03-26 01:08 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-04-09 16:39 - 2019-03-26 01:05 - 015284736 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-04-09 16:39 - 2019-03-26 01:00 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-04-09 16:39 - 2019-03-26 00:56 - 001040384 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-04-09 16:39 - 2019-03-26 00:51 - 000498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-04-09 16:39 - 2019-03-26 00:48 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-04-09 16:39 - 2019-03-26 00:48 - 001556992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-04-09 16:39 - 2019-03-26 00:24 - 013682176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-04-09 16:39 - 2019-03-26 00:08 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-04-09 16:39 - 2019-03-26 00:04 - 001332224 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-04-09 16:39 - 2019-03-20 21:29 - 002452432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-04-09 16:39 - 2019-03-16 00:03 - 002535664 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-04-09 16:39 - 2019-03-15 23:46 - 000805176 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-04-09 16:39 - 2019-03-15 23:36 - 001902752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-04-09 16:39 - 2019-03-15 23:29 - 000611656 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-04-09 16:39 - 2019-03-15 22:51 - 001755136 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-04-09 16:39 - 2019-03-15 22:49 - 001493504 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-04-09 16:39 - 2019-03-15 22:48 - 003324416 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-04-09 16:39 - 2019-03-15 22:47 - 003617280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-04-09 16:39 - 2019-03-14 01:57 - 007368952 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-04-09 16:39 - 2019-03-14 01:56 - 001677024 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-04-09 16:39 - 2019-03-14 01:56 - 001537560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-04-09 16:39 - 2019-03-13 15:13 - 001369096 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2019-04-09 16:39 - 2019-03-09 12:51 - 001115136 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2019-04-09 16:39 - 2019-03-09 12:35 - 001085952 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2019-04-09 16:39 - 2019-03-09 12:28 - 002348544 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2019-04-09 16:39 - 2019-03-09 12:19 - 001550848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2019-04-09 16:39 - 2019-03-09 12:01 - 003547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2019-04-09 16:39 - 2019-03-09 10:20 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-04-09 16:39 - 2019-02-09 14:55 - 022373096 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2019-04-09 16:39 - 2019-02-09 14:23 - 019790664 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2019-04-09 16:38 - 2019-03-30 16:57 - 000126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys
2019-04-09 16:38 - 2019-03-26 02:00 - 000035840 _____ (Microsoft Corporation) C:\windows\system32\sxssrv.dll
2019-04-09 16:38 - 2019-03-26 01:40 - 005777920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-04-09 16:38 - 2019-03-26 01:40 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-04-09 16:38 - 2019-03-26 01:22 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2019-04-09 16:38 - 2019-03-26 01:15 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2019-04-09 16:38 - 2019-03-26 01:10 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-04-09 16:38 - 2019-03-26 01:09 - 000381440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-04-09 16:38 - 2019-03-26 01:06 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-04-09 16:38 - 2019-03-26 00:43 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-04-09 16:38 - 2019-03-26 00:36 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-04-09 16:38 - 2019-03-26 00:29 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-04-09 16:38 - 2019-03-26 00:26 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2019-04-09 16:38 - 2019-03-26 00:23 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-04-09 16:38 - 2019-03-26 00:22 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-04-09 16:38 - 2019-03-26 00:22 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-04-09 16:38 - 2019-03-26 00:21 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-04-09 16:38 - 2019-03-26 00:02 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-04-09 16:38 - 2019-03-15 22:39 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-04-09 16:38 - 2019-03-15 22:39 - 000046080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-04-09 16:38 - 2019-03-09 13:08 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\oleprn.dll
2019-04-09 16:38 - 2019-03-09 12:47 - 000111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleprn.dll
2019-04-09 16:38 - 2019-03-09 12:43 - 003822080 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2019-04-09 16:38 - 2019-03-09 12:31 - 003274752 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2019-04-09 16:38 - 2019-03-09 10:20 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2019-04-09 16:38 - 2019-03-09 10:20 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2019-04-09 16:38 - 2019-03-09 10:20 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-04-09 16:38 - 2019-03-09 10:20 - 000340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2019-04-09 16:38 - 2019-02-24 10:43 - 001308456 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-04-09 16:38 - 2019-02-21 13:36 - 000059392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2019-04-09 16:38 - 2019-02-21 13:35 - 000684032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-04-09 16:38 - 2019-02-21 13:34 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2019-04-09 16:38 - 2019-02-21 13:34 - 000281088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2019-04-09 16:38 - 2019-02-21 12:31 - 000747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-04-09 16:38 - 2019-02-11 23:48 - 000092672 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2019-04-05 20:20 - 2019-04-05 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-05 17:48 - 2019-03-29 16:07 - 000835480 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-04-05 17:48 - 2019-03-29 16:07 - 000179608 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-03 16:59 - 2019-04-03 16:59 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2019-04-03 16:59 - 2019-04-03 16:59 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2019-03-31 09:01 - 2019-03-31 09:01 - 000019896 _____ C:\Users\Patrice\Downloads\TaxStatement_2019 (1).pdf
2019-03-30 20:53 - 2019-03-30 20:53 - 000000355 _____ C:\Users\Patrice\Documents\Homegroup - Shortcut.lnk
2019-03-30 20:53 - 2019-03-30 20:53 - 000000355 _____ C:\Users\Patrice\Documents\Homegroup - Shortcut (2).lnk
2019-03-30 14:51 - 2019-03-30 14:51 - 000019896 _____ C:\Users\Patrice\Downloads\TaxStatement_2019.pdf
2019-03-29 20:18 - 2019-03-29 20:18 - 000198512 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2019-03-29 18:39 - 2019-04-13 09:46 - 000003158 _____ C:\windows\System32\Tasks\Live Boost Process Governor
2019-03-29 18:39 - 2019-03-29 18:40 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Phoenix360
2019-03-29 17:28 - 2019-03-29 17:28 - 000000000 ____D C:\ProgramData\Commtouch
2019-03-29 17:28 - 2019-03-29 17:28 - 000000000 ____D C:\Program Files\Common Files\Commtouch
2019-03-29 17:28 - 2018-10-15 02:49 - 002065632 ____R (Cyren, Inc.) C:\windows\system32\Drivers\ampse.sys
2019-03-29 17:28 - 2018-10-15 02:49 - 000202664 ____R (Cyren, Inc.) C:\windows\system32\Drivers\amp.sys
2019-03-29 17:24 - 2019-04-13 09:41 - 000000000 ____D C:\ProgramData\Phoenix360
2019-03-29 17:24 - 2019-04-13 08:39 - 000000000 ____D C:\windows\System32\Tasks\Phoenix360
2019-03-29 17:24 - 2019-04-13 08:39 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2019-03-29 17:24 - 2019-03-29 17:24 - 000001826 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2019-03-29 17:24 - 2019-03-29 17:24 - 000000000 ____D C:\Users\Patrice\AppData\Local\Phoenix360
2019-03-29 17:24 - 2019-03-29 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2019-03-29 17:24 - 2019-02-08 08:19 - 000082160 _____ (Raxco Software, Inc.) C:\windows\system32\Drivers\PDFsFilter.sys
2019-03-29 17:23 - 2019-04-13 08:38 - 000000000 ____D C:\Users\Patrice\AppData\Local\Downloaded Installations
2019-03-29 17:21 - 2019-03-29 17:22 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\iolo
2019-03-29 17:21 - 2019-03-29 17:21 - 000426352 _____ C:\Users\Patrice\Downloads\smpro_dm.exe
2019-03-29 16:20 - 2019-03-29 16:20 - 000000000 __SHD C:\found.001
2019-03-29 16:06 - 2019-03-29 16:06 - 000000000 __SHD C:\found.000
2019-03-27 15:43 - 2019-03-27 15:43 - 000000000 _____ C:\Users\Patrice\AppData\Local\{AF883D66-9E7C-4156-B6B9-6F6DFED173A9}
2019-03-25 16:42 - 2019-03-25 16:42 - 000002547 _____ C:\Users\Public\Desktop\TurboTax 2018.lnk
2019-03-25 16:42 - 2019-03-25 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2018
2019-03-25 16:04 - 2019-03-25 16:14 - 226743344 _____ C:\Users\Patrice\Downloads\TurboTax_Home__Business__State_2018_Tax_Software_PC_Download_Amazon_Exclusive.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 09:28 - 2014-12-26 11:40 - 000000000 __RDO C:\Users\Patrice\OneDrive
2019-04-20 09:28 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice
2019-04-20 09:28 - 2014-05-22 15:50 - 000000000 ____D C:\Users\UpdatusUser
2019-04-20 09:24 - 2013-08-22 10:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-04-20 09:15 - 2017-01-09 21:48 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-04-19 20:19 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice\AppData\Local\SweetLabs App Platform
2019-04-19 16:02 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-19 16:02 - 2013-08-22 11:36 - 000000000 ____D C:\windows\AppReadiness
2019-04-18 20:53 - 2014-12-26 20:18 - 000000000 ____D C:\Users\Patrice\Documents\Excel
2019-04-18 20:49 - 2014-12-26 11:44 - 000000000 ____D C:\Users\Patrice\AppData\Local\Deployment
2019-04-18 18:30 - 2013-08-22 11:36 - 000000000 ____D C:\windows\system32\NDF
2019-04-16 16:54 - 2013-08-22 09:25 - 000524288 ___SH C:\windows\system32\config\BBI
2019-04-15 16:04 - 2018-03-24 21:30 - 000000000 ____D C:\Users\Patrice\AppData\Local\Glance
2019-04-14 20:19 - 2018-03-21 16:29 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\DigiByte
2019-04-14 12:39 - 2014-12-26 11:39 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1407781348-2952289101-2913086708-1002
2019-04-14 12:16 - 2017-06-08 19:39 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Exodus
2019-04-14 12:13 - 2015-09-21 17:44 - 000000000 ____D C:\Users\Patrice\AppData\Local\ElevatedDiagnostics
2019-04-14 11:02 - 2018-07-26 18:45 - 000002247 _____ C:\Users\Patrice\Desktop\Exodus.lnk
2019-04-14 11:02 - 2017-06-08 19:39 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2019-04-14 11:01 - 2018-09-26 15:47 - 000000000 ____D C:\Users\Patrice\AppData\Local\exodus
2019-04-13 10:50 - 2013-08-22 09:36 - 000000000 ____D C:\windows\Inf
2019-04-13 09:45 - 2013-10-07 15:23 - 000000000 ____D C:\windows\Panther
2019-04-12 17:42 - 2014-12-26 20:14 - 000000000 ____D C:\Users\Patrice\Documents\PATRICE
2019-04-12 15:46 - 2015-04-11 11:38 - 000000000 ____D C:\Users\Patrice\AppData\Local\CrashDumps
2019-04-11 16:17 - 2014-12-26 11:46 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-11 16:17 - 2014-12-26 11:46 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-10 15:35 - 2015-10-30 20:17 - 000003308 _____ C:\windows\System32\Tasks\SweetLabs App Platform
2019-04-09 17:23 - 2014-12-26 11:33 - 000000454 _____ C:\Users\Patrice\Downloads\Desktop.lnk
2019-04-09 17:20 - 2013-08-22 10:44 - 000414800 _____ C:\windows\system32\FNTCACHE.DAT
2019-04-09 17:06 - 2013-08-22 11:36 - 000000000 ___RD C:\windows\ToastData
2019-04-09 17:05 - 2015-01-09 19:08 - 000000000 ___SD C:\windows\system32\CompatTel
2019-04-09 17:05 - 2015-01-09 19:08 - 000000000 ____D C:\windows\system32\appraiser
2019-04-09 17:02 - 2013-08-22 11:20 - 000000000 ____D C:\windows\CbsTemp
2019-04-09 16:55 - 2015-01-07 18:39 - 000000000 ____D C:\windows\system32\MRT
2019-04-09 16:44 - 2015-01-07 18:39 - 131129288 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-04-07 13:39 - 2015-01-17 21:52 - 000000000 ____D C:\windows\Minidump
2019-04-05 20:20 - 2017-01-09 21:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\windows\SysWOW64\NV
2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\windows\system32\NV
2019-04-05 17:29 - 2014-05-22 15:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-03 19:29 - 2013-10-07 14:27 - 000866884 _____ C:\windows\system32\PerfStringBackup.INI
2019-04-01 15:26 - 2017-01-09 21:48 - 000000922 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-31 18:57 - 2014-12-26 11:44 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-31 18:52 - 2017-01-09 21:48 - 000003664 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-03-30 20:53 - 2015-01-14 21:01 - 000000000 ___RD C:\Users\Patrice\Dropbox
2019-03-30 17:52 - 2014-12-26 20:18 - 000000000 ____D C:\Users\Patrice\Documents\Adobe
2019-03-30 16:18 - 2014-12-26 20:17 - 000000000 ____D C:\Users\Patrice\Documents\TurboTax
2019-03-29 20:18 - 2019-03-01 11:44 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-03-29 18:33 - 2014-05-22 16:33 - 000000000 ____D C:\ProgramData\Temp
2019-03-29 18:00 - 2018-02-19 22:12 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LitecoinCash Core
2019-03-29 17:24 - 2014-05-22 16:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-03-27 17:10 - 2014-12-26 11:44 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-26 18:45 - 2014-12-26 11:33 - 000000000 ____D C:\Users\Patrice\AppData\Local\Packages
2019-03-25 16:41 - 2015-03-07 16:17 - 000000000 ____D C:\Users\Patrice\AppData\Roaming\Intuit
2019-03-25 16:41 - 2015-03-07 16:15 - 000000000 ____D C:\Program Files (x86)\TurboTax
2019-03-25 16:16 - 2015-03-07 16:16 - 000001254 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2019-03-23 07:47 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-23 07:46 - 2015-02-16 09:06 - 000000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-12-21 19:46 - 2015-12-21 19:46 - 000000017 _____ () C:\Users\Patrice\AppData\Local\resmon.resmoncfg
2019-03-27 15:43 - 2019-03-27 15:43 - 000000000 _____ () C:\Users\Patrice\AppData\Local\{AF883D66-9E7C-4156-B6B9-6F6DFED173A9}

Some files in TEMP:
====================
2019-04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2015-11-16 18:18
==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hi,

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Host App Service (HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\SweetLabs_AP) (Version: 0.269.8.727 - Pokki) <==== ATTENTION
Start Menu (HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.727 - Pokki)

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
 

  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.


Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the file is not deleted Boot to Save mode and delete the file in that Mode.

fixlist.txt

Link to post
Share on other sites

Nasdaq,

Seems to have worked like you said. Yeah!

Here are the files.

Merci beaucoup

PaMal

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.04.2019 01
Ran by Patrice (20-04-2019 13:06:50) Run:1
Running from C:\Users\Patrice\Desktop
Loaded Profiles: UpdatusUser & Patrice (Available Profiles: UpdatusUser & Patrice)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
(Pokk?i -> Pokki) C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => No File
Task: {4BFB6D85-7322-4A3C-A20C-C1748C067C2A} - System32\Tasks\SweetLabs App Platform => C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-1407781348-2952289101-2913086708-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Patrice\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\Patrice\Dropbox:user.myxattr [0]
FirewallRules: [{ABD410AD-93CB-4768-A9A1-13CE1844F5C6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{3635C8AD-7CB3-4259-A6A7-4EE361F6201A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{05390CEA-78CD-44BA-9148-729AB3B8C29D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{F3137A83-1F34-40F5-A3A6-A70524343D19}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [TCP Query User{35F09278-08F2-4600-9130-B36DF91C4A9B}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe No File
FirewallRules: [UDP Query User{10F08DF4-5AB7-47AA-9909-8710963C3AB1}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe No File
FirewallRules: [{96917F9B-5282-4707-9621-62CF87E283E0}] => (Allow) C:\Users\Patrice\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [TCP Query User{F001A61C-C69D-433C-BE11-CD09DD5CEC0F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{25C24454-369A-43C8-B9F8-7FC3ABA999DE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{3BD0754D-1D97-474E-ACC9-A3CC0390CE43}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{956B6C8E-7502-4FB3-A3EC-BFDEB9AC8E5A}C:\program files\litecoincash\litecoincash-qt.exe] => (Allow) C:\program files\litecoincash\litecoincash-qt.exe No File
FirewallRules: [UDP Query User{71ABA8C7-748F-4251-8240-466688142EA5}C:\program files\litecoincash\litecoincash-qt.exe] => (Allow) C:\program files\litecoincash\litecoincash-qt.exe No File
C:\Users\Patrice\AppData\Local\SweetLabs App Platform
2019-?04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Patrice\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe => No running process found
"C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll" => Value data removed successfully
"C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" => Value data removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BFB6D85-7322-4A3C-A20C-C1748C067C2A}" => not found
"C:\windows\System32\Tasks\SweetLabs App Platform" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
HKU\S-1-5-21-1407781348-2952289101-2913086708-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Users\Patrice\Dropbox => ":user.myxattr" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABD410AD-93CB-4768-A9A1-13CE1844F5C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3635C8AD-7CB3-4259-A6A7-4EE361F6201A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05390CEA-78CD-44BA-9148-729AB3B8C29D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3137A83-1F34-40F5-A3A6-A70524343D19}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35F09278-08F2-4600-9130-B36DF91C4A9B}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10F08DF4-5AB7-47AA-9909-8710963C3AB1}C:\users\patrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96917F9B-5282-4707-9621-62CF87E283E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F001A61C-C69D-433C-BE11-CD09DD5CEC0F}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25C24454-369A-43C8-B9F8-7FC3ABA999DE}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3BD0754D-1D97-474E-ACC9-A3CC0390CE43}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{956B6C8E-7502-4FB3-A3EC-BFDEB9AC8E5A}C:\program files\litecoincash\litecoincash-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71ABA8C7-748F-4251-8240-466688142EA5}C:\program files\litecoincash\litecoincash-qt.exe" => removed successfully
"C:\Users\Patrice\AppData\Local\SweetLabs App Platform" => not found
2019-?04-09 17:24 - 2019-04-10 15:28 - 039865512 _____ () C:\Users\Patrice\AppData\Local\Temp\octF28B.tmp.exe => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14992458 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2543762 B
Edge => 0 B
Chrome => 67005616 B
Firefox => 11023634 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 220369 B
systemprofile32 => 128 B
LocalService => 9088 B
NetworkService => 28622848 B
UpdatusUser => 0 B
Patrice => 55608149 B

RecycleBin => 0 B
EmptyTemp: => 179.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:07:44 ====

 

And the Malewarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/20/19
Scan Time: 1:16 PM
Log File: 031c01b0-6390-11e9-adc1-8086f2a782f2.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10254
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: PATRICE\Patrice

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 279805
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 16 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.