Jump to content

Need Help removing CLoudnet virus that keeps coming back


Recommended Posts

Good Day, 

I need help removing a cloudnet virus that keeps coming back which I have been attempting to remove for months but it keeps returning. I have been using MalwareBytes which detects the 8 infected files every time it scans after a reboot and have tried using other software such as HitmanPro but the virus keeps coming back. 

I recently saw a thread where somebody used something called FRST fixlist to fix such malware and wanted to know how it could be done and if I can do it as a beginner? 

Scan Results.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Let me know what problems persists.

Wait for further instructions
====

p.s.
Please let me know if your Default Browse is Synced with other devices.

Link to post
Share on other sites

Hi Nasdaq, 

 

Thank you so much for your reply and help.  No, my default browse is not synced with other devices. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-03-2020
Ran by Administrator (administrator) on APELELE-PC (Hewlett-Packard HP G62 Notebook PC) (31-03-2020 17:50:30)
Running from C:\Users\Administrator.Apelele-PC\Desktop\FRST
Loaded Profiles: Administrator (Available Profiles: Apelele & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Greyfirst Corporation) [File not signed] C:\Program Files (x86)\Celtx\celtx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Thinking Man Software) [File not signed] C:\Program Files (x86)\D4\D4.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dimension4] => C:\Program Files (x86)\D4\D4.exe [355840 2013-11-27] (Thinking Man Software) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\...\MountPoints2: {1e5cdadb-c5ff-11e9-a74e-e51fce0f80eb} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\...\MountPoints2: {ae2fc1ee-6d8d-11ea-abee-99dd3e42daeb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\...\MountPoints2: {e4cea567-d12c-11e9-b25d-952e35f96ff1} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\80.0.3621.133\Installer\chrmstp.exe [2020-03-19] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2009-12-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A367C56-2DEB-4EAA-9984-5BD95390A5E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {15C78E9E-7A7D-496B-B7C1-0302E3709C75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {1679FC0C-B5BA-4E81-87FE-B701FE8FF38C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1B3F917D-D53E-439B-AB25-ED9D3A4FB998} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C38C2B4-2325-4DCE-A657-C19CF6E0D63F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {27F75543-B235-4ED0-BD9A-4E88D0E6CA61} - \WpsExternal_Administrator_20181208153121 -> No File <==== ATTENTION
Task: {28B5C0AB-FC44-4D27-8E42-4C5974FE0008} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\AutoUpdate.exe [2369808 2020-03-06] (IObit Information Technology -> IObit)
Task: {2A476521-F856-48B2-AD15-EEB8E06FC555} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2010-05-23] (Hewlett-Packard Company -> )
Task: {372D6E01-4B99-4400-A9E9-4EBE542B20F2} - \MicrosoftSearchIndexer -> No File <==== ATTENTION
Task: {41091D8C-3D02-477C-9F31-7AD6CDF46A39} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
Task: {41C0332F-CE49-4180-B63A-769AA517B3BF} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5C3A34E0-BCD2-40B2-BA98-EB5B9BDB25ED} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {5C87DBE8-BF25-4449-A0C3-B5B87FA10ACD} - \WpsExternal_Administrator_20190806162256 -> No File <==== ATTENTION
Task: {5D0FBC1D-2633-47A2-BFF1-2B94C3E36BE4} - System32\Tasks\AdobeAAMUpdater-1.0-Apelele-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6436662E-1FF8-4D8D-973E-DE2DF7E6A578} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {6436662E-1FF8-4D8D-973E-DE2DF7E6A578} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {6436662E-1FF8-4D8D-973E-DE2DF7E6A578} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {6D4A7BC2-80CC-42DF-B996-00924E6586EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F1C560A-66C3-4CE2-B44E-2437CD3AA770} - System32\Tasks\Java(TM) Platform SE 6 U17 => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {7FC10A73-87F0-4C48-907D-94C1B2648F0E} - System32\Tasks\WpsUpdateTask_Administrator => C:\Users\Administrator.Apelele-PC\AppData\Local\Kingsoft\WPS Office\11.2.0.8641\office6\wpsupdate.exe [157352 2019-08-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {82EAB02A-BEC8-443E-B576-B996C39597E6} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\Scheduler.exe [149776 2020-02-27] (IObit Information Technology -> IObit)
Task: {87E6E767-6C7E-4D7D-AEF3-58E4F53A1E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-25] (Google Inc -> Google Inc.)
Task: {8B677B27-DAE3-405D-83B5-F2E82641B286} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-01-05] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {8D9CA4EF-45C0-4CBF-9190-45C51642488B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2023832 2020-03-09] (Avast Software s.r.o. -> AVAST Software)
Task: {922C3B1E-942B-4485-8ADD-D1FAF7C7FBD7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {95DA5963-2C82-4FDC-B14D-6AD62EB2A185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-25] (Google Inc -> Google Inc.)
Task: {9C4A0712-9DE7-4D3E-ADCB-7777AE22EDFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {A61157BB-0A71-41A3-893F-2B5A462A333C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2010-05-23] (Hewlett-Packard Company -> )
Task: {B20DFE3D-3FEF-4B17-A637-6230715C6CF0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {B20DFE3D-3FEF-4B17-A637-6230715C6CF0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {C6FA4E4E-92CD-47B4-A556-2D404030E037} - \Driver Booster Installer -> No File <==== ATTENTION
Task: {CD422FF6-661A-4043-B729-5DAFB4E4ED6C} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1997904 2019-11-04] (Smadsoft) [File not signed]
Task: {D18D895F-E63B-47BC-9E87-7D89A0B04F34} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {DA3877E7-4AA1-47A8-9EE0-AC870B2E4486} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
Task: {DA6E08F5-C270-472D-A736-BE6CB846441E} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\DriverBooster.exe [7892240 2020-03-06] (IObit Information Technology -> IObit)
Task: {DB58861A-511A-4C89-AD47-75C52801534B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {DB58861A-511A-4C89-AD47-75C52801534B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {E42C8940-791E-4812-A43E-C73816B2FD02} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2023832 2020-03-09] (Avast Software s.r.o. -> AVAST Software)
Task: {F2DAF99C-87AF-4C45-80BC-4DCC6D256E9C} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2010-05-23] (Hewlett-Packard Company -> )
Task: {FC61795B-B485-4812-B921-38C5D4D35FA6} - System32\Tasks\{A506F9F2-E014-4891-96D9-AFC53FA6EED2} => C:\Windows\system32\pcalua.exe -a C:\Users\Administrator.Apelele-PC\Downloads\windirstat1_1_2_setup.exe -d C:\Users\Administrator.Apelele-PC\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{86BBFF66-F102-41D7-916A-D4A58B91D095}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{973A600A-B46D-4DEC-8522-30A8A042865C}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3656845367-3278222974-3694736955-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0BE8BE18-CFCC-4B00-AE6C-93045AE94DEE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0BE8BE18-CFCC-4B00-AE6C-93045AE94DEE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hdwlg5qh.default-1557861345676
FF ProfilePath: C:\Users\Administrator.Apelele-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hdwlg5qh.default-1557861345676 [2020-03-31]
FF ProfilePath: C:\Users\Administrator.Apelele-PC\AppData\Roaming\Greyfirst\Celtx\Profiles\xne3mgfc.default [2020-03-31]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2017-12-15] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2017-12-15] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2017-12-15] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2017-12-15] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2017-12-15] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2017-12-15] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2017-12-15] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2020-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2020-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default [2020-03-31]
CHR Extension: (Free Avira Phantom VPN – Unblock Websites) - C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkdflfgjdajbhocmfjolpjbebdkcjog [2019-06-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2020-03-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-24]
CHR Profile: C:\Users\Administrator.Apelele-PC\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-10-07] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-11-17] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\80.0.3621.133\elevation_service.exe [1124080 2020-03-09] (Avast Software s.r.o. -> AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
R2 Dimension4; C:\Program Files (x86)\D4\D4.exe [355840 2013-11-27] (Thinking Man Software) [File not signed]
S3 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-01-25] (EasyBits Software AS -> EasyBits Software AS) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-31] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268368 2019-08-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2291568 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
S3 wpscloudsvr; C:\Users\Administrator.Apelele-PC\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [363688 2019-08-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [130336 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37864 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205576 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [271120 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206608 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [64272 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279360 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42976 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175400 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110560 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84056 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848672 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [458584 2020-03-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235184 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316256 2020-03-04] (Avast Software s.r.o. -> AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2019-08-16] (IVT SOFTWARE TECHNOLOGY Inc. -> IVT Corporation.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-03-31] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-08-16] (Martin Malik - REALiX -> REALiX(tm))
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-03-31] (Malwarebytes Inc -> Malwarebytes)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [225280 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2584280 2019-08-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2019-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2019-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 WsResetDevice; C:\Windows\SysWOW64\DRIVERS\WsResetDevice.sys [33544 2016-03-18] (Shenzhen Wondershare Information Technology Co., Ltd. -> WonderShare Software)
U1 aswbdisk; no ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 17:50 - 2020-03-31 17:51 - 000000000 ____D C:\FRST
2020-03-31 17:49 - 2020-03-31 17:50 - 000000000 ____D C:\Users\Administrator.Apelele-PC\Desktop\FRST
2020-03-31 14:21 - 2020-03-31 14:21 - 000004174 _____ C:\Users\Administrator.Apelele-PC\Downloads\Dream Wedding.txt
2020-03-31 14:20 - 2020-03-31 14:20 - 000004190 _____ C:\Users\Administrator.Apelele-PC\Downloads\Dream Wedding.fountain
2020-03-31 13:39 - 2020-03-31 13:39 - 000002382 _____ C:\Users\Administrator.Apelele-PC\Desktop\Scan Results.txt
2020-03-31 12:58 - 2020-03-31 12:58 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-03-31 12:58 - 2020-03-31 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-03-31 12:57 - 2020-03-31 12:57 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-03-31 12:57 - 2020-03-31 12:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-03-30 14:28 - 2020-03-30 14:29 - 000002388 _____ C:\Users\Administrator.Apelele-PC\Desktop\Rkill.txt
2020-03-30 14:28 - 2020-03-30 14:28 - 000000000 ____D C:\Users\Administrator.Apelele-PC\Desktop\rkill
2020-03-30 14:12 - 2020-03-30 14:20 - 001957784 _____ (Malwarebytes) C:\Users\Administrator.Apelele-PC\Downloads\MBSetup (1).exe
2020-03-28 19:15 - 2020-03-28 19:15 - 000001853 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2020-03-28 10:26 - 2020-03-28 10:30 - 001191894 _____ C:\Users\Administrator.Apelele-PC\Downloads\Unconfirmed 296567.crdownload
2020-03-28 09:49 - 2020-03-28 10:00 - 000173555 _____ C:\Users\Administrator.Apelele-PC\Downloads\Unconfirmed 940966.crdownload
2020-03-25 20:15 - 2020-03-25 20:16 - 045733828 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E05_-_Here_Comes_Treble_a6452ce2bd3b7dd24353c9b308358875.mp4
2020-03-25 19:18 - 2020-03-25 19:19 - 059807479 _____ C:\Users\Administrator.Apelele-PC\Downloads\Awkwafina_Is_Nora_From_Queens_-_S01E02_-_Unknown_f866817bd92cd3406f5b0099a9839df0.mp4
2020-03-25 18:48 - 2020-03-25 18:49 - 040576318 _____ C:\Users\Administrator.Apelele-PC\Downloads\Awkwafina_Is_Nora_From_Queens_-_S01E02_-_Unknown_cbe58ae657ed151edaa056e2d04b2651.avi
2020-03-25 18:46 - 2020-03-25 18:47 - 045767433 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E04_-_Work_Bus_ad110c9bfde734c441340ea0a0566fd3.mp4
2020-03-25 17:50 - 2020-03-25 17:51 - 039974282 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Other_Two_-_S01E01_-_Pilot_b5d588fe44c55ce320211dcdd68e74b5.avi
2020-03-25 17:48 - 2020-03-25 17:49 - 050652652 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Other_Two_-_S01E10_-_Chase_Performs_at_the_VMAs_fde8a35576414e23a0d22e0479bbe7bb.avi
2020-03-25 07:50 - 2020-03-25 07:52 - 060153292 _____ C:\Users\Administrator.Apelele-PC\Downloads\Awkwafina_Is_Nora_From_Queens_-_S01E01_-_Unknown_23d86adbb103123582dabf97d6e97b88.mp4
2020-03-24 19:54 - 2020-03-24 19:55 - 047172890 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E03_-_Andys_Ancestry_a3546a14979b73f9aa0bfb946fe39bc5.mp4
2020-03-24 19:51 - 2020-03-24 19:52 - 045869592 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E02_-_Roys_Wedding_d062b386d8f1df2674fe19d75309126f (1).mp4
2020-03-24 19:51 - 2020-03-24 19:51 - 045869592 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E02_-_Roys_Wedding_d062b386d8f1df2674fe19d75309126f.mp4
2020-03-24 19:15 - 2020-03-24 19:17 - 045766205 _____ C:\Users\Administrator.Apelele-PC\Downloads\The_Office_(US)_-_S09E01_-_New_Guys_d0cc8c7bcedf1aa348d77af81a13b1c2.mp4
2020-03-24 19:00 - 2020-03-24 19:03 - 080134003 _____ C:\Users\Administrator.Apelele-PC\Downloads\Avenue_5_-_S01E05_-_Unknown_7587e112756a5ef296983c009f59f636.mp4
2020-03-24 18:50 - 2020-03-24 18:50 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Roaming\ADBDriverInstaller
2020-03-24 18:49 - 2020-03-24 18:50 - 009667561 _____ C:\Users\Administrator.Apelele-PC\Downloads\adbdriver.zip
2020-03-24 18:36 - 2017-11-25 20:35 - 000009899 _____ C:\Users\Administrator.Apelele-PC\Desktop\womic.cat
2020-03-24 18:34 - 2020-03-24 18:34 - 000154177 _____ C:\Users\Administrator.Apelele-PC\Downloads\womic-driver-package.zip
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\2C0A
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0C0A
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0C04
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0816
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0804
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0424
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\041F
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\041E
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\041D
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\041B
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0419
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0416
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0415
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0414
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0413
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0412
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0411
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0410
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\040E
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\040D
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\040C
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\040B
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\040A
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0408
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0407
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0406
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0405
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0404
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Windows\system32\0401
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2020-03-24 18:12 - 2020-03-24 18:12 - 000000000 ____D C:\Program Files (x86)\Renesas Electronics
2020-03-24 18:11 - 2020-03-24 18:11 - 007087616 _____ (Lenovo Group Limited ) C:\Users\Administrator.Apelele-PC\Downloads\8ay210ww.exe
2020-03-24 17:27 - 2020-03-31 12:52 - 000003130 _____ C:\Windows\system32\Tasks\Driver Booster Scheduler
2020-03-24 17:27 - 2020-03-31 12:52 - 000003122 _____ C:\Windows\system32\Tasks\Driver Booster Update
2020-03-24 17:27 - 2020-03-31 12:52 - 000002878 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Administrator)
2020-03-24 17:27 - 2020-03-24 17:43 - 000002234 _____ C:\Users\Public\Desktop\Driver Booster 7.lnk
2020-03-24 17:27 - 2020-03-24 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7
2020-03-24 17:16 - 2020-03-24 17:16 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Roaming\Sun
2020-03-24 17:15 - 2020-03-24 17:15 - 000098288 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-03-24 17:15 - 2020-03-24 17:15 - 000000000 ____D C:\ProgramData\Oracle
2020-03-24 17:15 - 2020-03-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-03-24 07:30 - 2020-03-24 07:32 - 024820296 _____ (IObit ) C:\Users\Administrator.Apelele-PC\Downloads\driver_booster_setup.exe
2020-03-19 19:14 - 2020-03-19 19:16 - 081286148 _____ C:\Users\Administrator.Apelele-PC\Downloads\Avenue_5_-_S01E04_-_Unknown_c4660a4446fedb1515ccf33259ea9655.mp4
2020-03-19 18:16 - 2020-03-19 18:35 - 094591069 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E08_-_Ghost-Like_894a8f8d7b6858b5c8f918d4ce2a3e95.mp4
2020-03-19 18:12 - 2020-03-19 22:12 - 000000516 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2020-03-18 21:28 - 2020-03-19 06:33 - 100759381 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E07_-_Obsessed-Like_42fad2164fe30c32ccd6b1ff383cfe30.mp4
2020-03-18 21:13 - 2020-03-18 21:15 - 087964824 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E06_-_Ready-Like_bed707f2ecbf8f96255fd84543da58a1.mp4
2020-03-18 20:03 - 2020-03-18 20:05 - 095226776 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E05_-_High-Like_9d0c61e4d477c67d1b2a7ed35ee48e81.mp4
2020-03-18 19:30 - 2020-03-18 19:31 - 087081046 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E04_-_Fresh-Like_6188c69df05fdba4a9f8f17e1047ff3d.mp4
2020-03-17 22:03 - 2020-03-17 22:05 - 084369775 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E03_-_Backwards-Like_9643250c5e8bf21c975962bb17c88681.mp4
2020-03-17 21:14 - 2020-03-17 21:15 - 083880184 _____ C:\Users\Administrator.Apelele-PC\Downloads\Insecure_-_S03E02_-_Familiar-Like_bc42d6ecf8b8b6b0293f3be0ebee850f.mp4
2020-03-16 19:51 - 2020-03-16 19:53 - 072462101 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E10_-_Unknown_a3b48d9747a6fc1392db1464bcb221fa.webm
2020-03-16 19:12 - 2020-03-16 19:14 - 078259563 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E09_-_Unknown_a0fea85001f78a18d689c51db4fd471f.webm
2020-03-15 20:09 - 2020-03-15 20:10 - 068985381 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E08_-_Unknown_2e55a6d54626752df20bbd4d4c38a6a0.webm
2020-03-15 19:08 - 2020-03-15 19:10 - 088752054 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E07_-_Unknown_616a432768b6e4a9fee3e4dc92d6f584.webm
2020-03-15 16:09 - 2020-03-30 20:30 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-03-15 16:09 - 2020-03-25 21:15 - 000002828 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-03-15 16:09 - 2020-03-15 16:09 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-03-15 16:09 - 2020-03-15 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-03-15 16:08 - 2020-03-25 07:36 - 000000000 ____D C:\Program Files\CCleaner
2020-03-15 16:05 - 2020-03-15 16:06 - 022195200 _____ (Piriform Software Ltd) C:\Users\Administrator.Apelele-PC\Downloads\cctrialsetup.exe
2020-03-15 12:54 - 2020-03-15 13:11 - 272998917 _____ C:\Users\Administrator.Apelele-PC\Downloads\Love_and_other_Drugs__(2010)_BluRay_high_(fzmovies.net)_77848ffdc7205026ab3b6e4ce57850ef.mp4
2020-03-15 12:47 - 2020-03-15 12:49 - 088379434 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E06_-_Unknown_8b86ba73f2b27fafb9d82edbd9184ba1.webm
2020-03-14 20:00 - 2020-03-14 20:34 - 201744671 _____ C:\Users\Administrator.Apelele-PC\Downloads\They_Came_Together_(2014)_BluRay_high_(fzmovies.net)_81e938e7ffab4035f4e12bfdbb1467f7.mp4
2020-03-14 11:15 - 2020-03-14 20:07 - 075124487 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E05_-_Unknown_6db6f273356c2a09c895abe7e896adbe.webm
2020-03-13 19:36 - 2020-03-13 19:37 - 084684116 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E04_-_Unknown_26c7bd69ee21a7cd49107a6c2e083d49.webm
2020-03-12 21:26 - 2020-03-12 21:28 - 066713060 _____ C:\Users\Administrator.Apelele-PC\Downloads\Avenue_5_-_S01E03_-_Unknown_7a159d82309a8a0d3cf88dbc5f7eca20.webm
2020-03-12 21:25 - 2020-03-12 21:27 - 075977248 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E03_-_Unknown_3de912e8371531a21a44a393e024ff02.webm
2020-03-12 21:22 - 2020-03-12 21:29 - 291499773 _____ C:\Users\Administrator.Apelele-PC\Downloads\Do_the_Right_Thing_(1989)_BluRay_high_(fzmovies.net)_f57a91e3f4e56618058a2f546fedc94b.mp4
2020-03-12 20:16 - 2020-03-12 20:17 - 075250605 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E02_-_Unknown_9aa7949f58998c262e7934b0a1717e1c.webm
2020-03-12 19:38 - 2020-03-12 19:39 - 068306088 _____ C:\Users\Administrator.Apelele-PC\Downloads\Avenue_5_-_S01E02_-_Unknown_749c737184edc9f54bb8c33b01d2f508.webm
2020-03-12 07:47 - 2020-03-12 19:05 - 076194127 _____ C:\Users\Administrator.Apelele-PC\Downloads\Avenue_5_-_S01E01_-_Unknown_f5623a5b39e64abc90480489fc975589.webm
2020-03-12 07:35 - 2020-03-12 07:37 - 093464392 _____ C:\Users\Administrator.Apelele-PC\Downloads\High_Fidelity_-_S01E01_-_Unknown_95b5e646c752d7c3f9900129cb4c9180.webm
2020-03-09 19:28 - 2020-03-09 19:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-05 07:09 - 2020-03-05 07:10 - 001928352 _____ (Malwarebytes) C:\Users\Administrator.Apelele-PC\Downloads\MBSetup.exe
2020-03-05 07:05 - 2020-03-04 06:42 - 000368056 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-03-04 06:43 - 2020-03-04 06:42 - 000235184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-03-04 06:43 - 2020-03-04 06:42 - 000175400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-03-02 18:51 - 2020-03-31 12:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-03-02 18:51 - 2020-03-25 21:15 - 000003446 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 16:32 - 2017-12-15 18:07 - 000000000 ____D C:\Program Files (x86)\Celtx
2020-03-31 15:37 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2020-03-31 13:14 - 2009-07-14 06:45 - 000023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-31 13:14 - 2009-07-14 06:45 - 000023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-31 13:05 - 2015-03-25 16:41 - 000000000 ____D C:\Users\Apelele
2020-03-31 12:52 - 2019-11-17 16:28 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-03-31 12:49 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-29 18:00 - 2017-12-18 15:42 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Local\ElevatedDiagnostics
2020-03-29 11:32 - 2017-12-15 20:39 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Roaming\vlc
2020-03-28 19:15 - 2020-02-24 18:07 - 000000000 ____D C:\Program Files\HitmanPro
2020-03-28 19:13 - 2017-12-15 20:32 - 000000000 ____D C:\Users\Administrator.Apelele-PC\Downloads\SHAREit
2020-03-28 19:12 - 2019-08-18 17:22 - 000004008 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Administrator
2020-03-28 09:58 - 2019-08-07 11:00 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Local\Vysor
2020-03-28 09:57 - 2018-11-01 17:10 - 000000000 ____D C:\Program Files (x86)\Shortcut Virus Remover
2020-03-26 17:40 - 2018-05-01 22:13 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\LocalLow\Mozilla
2020-03-25 21:15 - 2019-11-17 16:30 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-03-25 21:15 - 2015-06-14 14:15 - 000003694 _____ C:\Windows\system32\Tasks\Adobe Reader and Acrobat Manager
2020-03-25 21:15 - 2015-06-14 14:15 - 000003616 _____ C:\Windows\system32\Tasks\Java(TM) Platform SE 6 U17
2020-03-25 21:15 - 2015-03-25 17:55 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 21:15 - 2015-03-25 17:55 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-25 21:15 - 2015-03-25 16:47 - 000003712 _____ C:\Windows\system32\Tasks\RecoveryCDWin7
2020-03-25 21:15 - 2015-03-25 16:47 - 000003412 _____ C:\Windows\system32\Tasks\ServicePlan
2020-03-24 18:14 - 2010-04-10 22:12 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2020-03-24 18:12 - 2009-07-14 07:37 - 000000000 ____D C:\Windows\system32\0409
2020-03-24 18:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-03-24 17:29 - 2019-08-16 15:53 - 000000000 ____D C:\ProgramData\ProductData
2020-03-24 17:29 - 2019-08-16 15:53 - 000000000 ____D C:\ProgramData\IObit
2020-03-24 17:17 - 2019-12-30 12:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-03-24 17:17 - 2010-04-11 00:47 - 000000000 ____D C:\Program Files\Java
2020-03-24 17:17 - 2010-04-11 00:47 - 000000000 ____D C:\Program Files (x86)\Java
2020-03-24 17:15 - 2010-04-11 00:47 - 000299504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2020-03-24 17:10 - 2019-08-02 20:57 - 000000948 _____ C:\Users\Public\Desktop\Bandicam.lnk
2020-03-24 07:39 - 2019-08-02 20:57 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2020-03-24 07:39 - 2019-08-02 20:57 - 000000000 ____D C:\Program Files (x86)\Bandicam
2020-03-20 07:31 - 2019-08-16 10:50 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-19 18:42 - 2019-11-17 16:40 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-03-19 18:42 - 2019-11-17 16:40 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-03-19 18:42 - 2019-11-17 16:40 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-03-19 18:42 - 2019-11-17 16:40 - 000002346 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-03-18 20:08 - 2015-03-25 18:06 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-18 20:08 - 2015-03-25 18:06 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-17 21:43 - 2018-03-05 18:51 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForAdministrator.job
2020-03-15 16:54 - 2018-04-26 10:21 - 000000000 ____D C:\Users\Administrator.Apelele-PC\Documents\Sean Wedding
2020-03-15 16:23 - 2017-12-20 11:32 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Local\CrashDumps
2020-03-15 16:23 - 2017-12-15 18:14 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Roaming\uTorrent
2020-03-15 16:12 - 2020-02-20 18:59 - 000003248 _____ C:\Windows\system32\Tasks\{A506F9F2-E014-4891-96D9-AFC53FA6EED2}
2020-03-15 16:12 - 2019-11-17 16:38 - 000003372 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2020-03-15 16:12 - 2019-11-17 16:38 - 000003244 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2020-03-15 16:12 - 2019-11-16 12:52 - 000000000 ____D C:\Windows\pss
2020-03-15 16:12 - 2018-11-01 16:52 - 000003184 _____ C:\Windows\system32\Tasks\smadav
2020-03-15 16:12 - 2018-03-19 18:28 - 000003524 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Apelele-PC-Administrator
2020-03-15 16:12 - 2018-03-05 18:51 - 000003236 _____ C:\Windows\system32\Tasks\HPCeeScheduleForAdministrator
2020-03-15 16:12 - 2018-02-17 15:22 - 000003726 _____ C:\Windows\system32\Tasks\Registration
2020-03-14 08:05 - 2017-12-17 19:02 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Local\Adobe
2020-03-12 21:07 - 2018-11-01 16:52 - 000000000 ____D C:\Users\Administrator.Apelele-PC\AppData\Roaming\Smadav
2020-03-11 07:42 - 2020-02-25 06:02 - 000000000 _____ C:\Windows\system32\last.dump
2020-03-11 07:25 - 2019-11-17 16:25 - 000458584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-03-05 06:51 - 2019-11-17 16:34 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-03-04 06:42 - 2019-11-17 16:25 - 000848672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000316256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000279360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000271120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000206608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000205576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000110560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000084056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000042976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-03-04 06:42 - 2019-11-17 16:25 - 000037864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys

==================== Files in the root of some directories ========

2018-02-19 16:32 - 2018-02-19 16:32 - 000000479 _____ () C:\Program Files (x86)\02201816320927.bat
2018-09-29 11:56 - 2018-09-29 11:56 - 000000000 _____ () C:\Users\Administrator.Apelele-PC\AppData\Local\oobelibMkey.log
2018-08-04 10:56 - 2018-08-04 10:56 - 000000017 _____ () C:\Users\Administrator.Apelele-PC\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-03-28 14:44
==================== End of FRST.txt ========================

 

 

Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

If the item repoted by Malwarebytes check this out.
If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Post the Fixlog.txt and let me know what problem persists.


 

fixlist.txt

Link to post
Share on other sites

Hi Nasdaq,

sorry I have been unable to reply due to the forum thinking my replies are consistent with Spam. Above is the fixlog. 

I scanned with MalwareBytes again and it didn't detect the 8 infected trojan files anymore. 

 

Thanks

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.