Jump to content


Photo

Blue screen and can only go online in safe mode.


  • This topic is locked This topic is locked
11 replies to this topic

#1 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 17 January 2018 - 03:39 PM

I dont think it's malware related but maybe down to registry cleaner type software, I used recently. I cant stop myself, Im always looking for that 'better' software. Yeh I know...........

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Carla (administrator) on CARLA-PC (17-01-2018 19:37:58)
Running from C:\Users\Carla\Desktop
Loaded Profiles: Carla &  (Available Profiles: Carla)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleFirefoxHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-27] (Intel Corporation)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980984 2018-01-08] (Glarysoft Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193207976\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [Google Update] => C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-17] (Google Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-12-15] (Glarysoft Ltd)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].tx
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\MountPoints2: {2b1b6cde-db21-11e6-8646-002454ab0aa3} - F:\LaunchU3.exe
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\MountPoints2: {c8ec07ff-ea55-11e4-8aa1-002454ab0aa3} - F:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\MountPoints2: {de631fe0-bf01-11e7-8a34-002454ab0aa3} - F:\SetupWi-Fi.exe
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [Google Update] => C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-17] (Google Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-12-15] (Glarysoft Ltd)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].tx
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\MountPoints2: {2b1b6cde-db21-11e6-8646-002454ab0aa3} - F:\LaunchU3.exe
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\MountPoints2: {c8ec07ff-ea55-11e4-8aa1-002454ab0aa3} - F:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\MountPoints2: {de631fe0-bf01-11e7-8a34-002454ab0aa3} - F:\SetupWi-Fi.exe
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{28C7EF58-F48C-4728-889F-3EF773E478CE}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ACD192B1-F936-455A-8D70-7FD7CB527595}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{F6C119A0-83F6-4AA3-AD6E-FD1ADBBBBF72}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409 [2018-01-17]
FF Homepage: Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409 -> hxxp://google.com/
FF NewTab: Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409 -> hxxp://google.com/
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\abb@amazon.com.xpi [2017-12-18]
FF Extension: (After the Deadline) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\afterthedeadline@afterthedeadline.com.xpi [2017-01-03] [Legacy]
FF Extension: (Autofill Forms) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\autofillForms@blueimp.net.xpi [2017-05-10] [Legacy]
FF Extension: (British English Dictionary) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\en-GB@dictionaries.addons.mozilla.org [2017-01-15] [Legacy] [not signed]
FF Extension: (Fast Translation) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\fasttrans@kemot [2017-01-03] [Legacy]
FF Extension: (__MSG_extName__) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\firefoxdav@icloud.com.xpi [2017-12-14]
FF Extension: (AdBlock) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-11-15]
FF Extension: (S3.Translator) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\s3google@translator.xpi [2017-12-24]
FF Extension: (Bitdefender QuickScan) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-01-03] [Legacy]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\fswwbusx.default-1483376925409\features\{4a9003bd-7f2b-4e87-8d8b-f3d046f2ffa0}\disable-js-shared-memory@mozilla.org.xpi [2018-01-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2157430116-2143525260-3703734809-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2157430116-2143525260-3703734809-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386: @tools.google.com/Google Update;version=3 -> C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386: @tools.google.com/Google Update;version=9 -> C:\Users\Carla\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-04-15] (Freemake) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
S2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2018-01-15] (Bitdefender)
S2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2018-01-15] (Bitdefender)
S2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2018-01-15] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ss_conn_service; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 atc; C:\Windows\System32\DRIVERS\atc.sys [1058784 2018-01-15] (BitDefender S.R.L. Bucharest, ROMANIA)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1765336 2018-01-15] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [155488 2017-10-30] (Bitdefender)
S3 dg_ssudbus; no ImagePath
S3 eapihdrv; no ImagePath
S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-09-22] (Glarysoft Ltd)
S3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [41264 2017-10-25] (Glarysoft Ltd)
S1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2018-01-06] (Glarysoft Ltd)
S0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-17] (Malwarebytes)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
S2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 avckf; system32\DRIVERS\avckf.sys [X]
S0 shtcksfo; System32\drivers\jmobh.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys C879C8AD47FB5CA30D81FDF35DAC1CC2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atc.sys 815A86E8FEBFDDC57F7003D5FF4C5AD1
C:\Windows\System32\DRIVERS\athrx.sys 6C496450404ABDC887E56DF462B34255
C:\Windows\System32\DRIVERS\avc3.sys AAA5C11147EA8793289B09FE249B8FAA
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bddci.sys DFC9F094EB3F73FBE701704157F0DCAC
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 7D2D2284833760A82308CF09F7618E8B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\edrsensor.sys 7AA329443B3FB6D1692DCA7EEA10BD71
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys DC591A7A196E99EFB5A48D708CB989FD
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\GUBootStartup.sys C06C3D6C5A0805B314E3E940632C97CB
C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys D975036847B36A23075CE0035A987D1D
C:\Windows\System32\drivers\GUSBootStartup.sys E4626B663B94E5FEB90F497395B5C059
C:\Windows\System32\drivers\gzflt.sys DD528E0A0C57B02A6FC311AA05D430C2
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 93C367EA831FB39DEE3BA96539A187FB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys A5F72BB0D024E7E463344105BE613AE4
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\IntcDAud.sys C6C1F19205DA83C801BE7C25F4E2EE07
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4DFBEF9BDA2D720F9AADC2FB698C9FEF
C:\Windows\System32\Drivers\ksecpkg.sys 678D90A262C1FD81B1AE40163255EFAB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 6D9BB8B53394B62540A3971FCE2BE8DB
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys EEC4E22876AFC905C9EDBFEB829B8022
C:\Windows\System32\DRIVERS\mrxsmb10.sys 386EFD770CA3B2D36049C17A7A1239BA
C:\Windows\System32\DRIVERS\mrxsmb20.sys A052D084A01D65993DABE3CFE2D8D1BE
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys 261F27367EB6EA6478B940811F0A6F03
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 3F217F77899654833B650ED6A1372BE4
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys E46AF308E96F7730F59B0F250A884CD6
C:\Windows\System32\DRIVERS\netbios.sys 2E19EB10185992AB08BC3688AACA4CE2
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys A97B92D11270695B15C3663BCCB737D3
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 4CE827A5433451551E99C2C1D20E4A43
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys F4287A980C0AA41DE3073F053E5EA73C
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfswin7.sys 9242988D74674C2819D454F001457BAD
C:\Windows\System32\DRIVERS\Sftplaywin7.sys 44391FA910901E2B8A2F831340FD707A
C:\Windows\System32\DRIVERS\Sftredirwin7.sys 8654DBDC8ED8ED7257618D11B6C590BE
C:\Windows\System32\DRIVERS\Sftvolwin7.sys 648F0152A7BAE175905C22E8BD839760
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 8980499A526581794A20B12E2E264661
C:\Windows\System32\DRIVERS\srv2.sys 9B90A439B97EBBD2A9ABEFFBBC1EEC71
C:\Windows\System32\DRIVERS\srvnet.sys 9E30361776E07AD940791927A0FC9B3A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\trufos.sys AA129EFF64E41947F6A46388A7F5F966
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\DRIVERS\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\system32\drivers\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-17 19:39 - 2018-01-17 19:39 - 000000877 _____ C:\Users\Carla\Desktop\SALog.txt
2018-01-17 19:37 - 2018-01-17 19:40 - 000034312 _____ C:\Users\Carla\Desktop\FRST.txt
2018-01-17 19:36 - 2018-01-17 19:36 - 002393088 _____ (Farbar) C:\Users\Carla\Desktop\FRST64.exe
2018-01-17 19:33 - 2018-01-17 19:33 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Carla\Desktop\rkill.exe
2018-01-17 18:27 - 2018-01-17 18:27 - 000285608 _____ C:\Windows\Minidump\011718-21013-01.dmp
2018-01-17 14:50 - 2018-01-17 14:50 - 000001036 _____ C:\Users\Public\Desktop\File Viewer Plus.lnk
2018-01-17 14:50 - 2018-01-17 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Viewer Plus
2018-01-17 14:30 - 2018-01-17 14:30 - 000285608 _____ C:\Windows\Minidump\011718-20904-01.dmp
2018-01-17 14:27 - 2018-01-17 18:34 - 000359902 _____ C:\Windows\ntbtlog.txt
2018-01-17 14:27 - 2018-01-17 14:28 - 000285608 _____ C:\Windows\Minidump\011718-21247-01.dmp
2018-01-17 14:26 - 2018-01-17 14:26 - 000285608 _____ C:\Windows\Minidump\011718-19531-01.dmp
2018-01-17 14:25 - 2018-01-17 18:26 - 380552847 _____ C:\Windows\MEMORY.DMP
2018-01-17 14:18 - 2018-01-17 18:28 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-17 12:49 - 2018-01-17 12:49 - 033618304 _____ (EaseUS ) C:\Users\Carla\Desktop\drw_setup.exe
2018-01-17 12:15 - 2018-01-17 15:23 - 000000000 ____D C:\Users\Carla\AppData\Local\File Viewer Plus
2018-01-17 12:15 - 2018-01-17 12:15 - 000000000 ____D C:\Users\Public\File Viewer Plus
2018-01-17 12:14 - 2018-01-17 14:50 - 000000000 ____D C:\Program Files (x86)\File Identifier
2018-01-17 12:13 - 2018-01-17 14:50 - 000000000 ____D C:\Program Files (x86)\File Viewer Plus
2018-01-17 12:10 - 2018-01-17 12:11 - 051823232 _____ (Sharpened Productions ) C:\Users\Carla\Desktop\fvp_setup_2.2.1.262fi.exe
2018-01-16 15:36 - 2018-01-16 15:36 - 000000000 ___HD C:\OneDriveTemp
2018-01-16 15:12 - 2018-01-16 15:23 - 000000000 ____D C:\Users\Carla\AppData\Roaming\Wise Registry Cleaner
2018-01-16 15:12 - 2018-01-16 15:12 - 000000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2018-01-16 15:12 - 2018-01-16 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2018-01-16 15:12 - 2018-01-16 15:12 - 000000000 ____D C:\Program Files (x86)\Wise
2018-01-13 14:45 - 2018-01-13 14:45 - 000030243 _____ C:\ProgramData\agent.update.1515850781.bdinstall.bin
2018-01-12 21:04 - 2018-01-12 21:04 - 008198432 _____ (Malwarebytes) C:\Users\Carla\Desktop\AdwCleaner.exe
2018-01-09 15:35 - 2018-01-01 03:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-09 15:35 - 2018-01-01 03:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-09 15:35 - 2018-01-01 03:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-09 15:35 - 2018-01-01 03:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-09 15:35 - 2018-01-01 03:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-09 15:35 - 2018-01-01 03:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-09 15:35 - 2018-01-01 03:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-09 15:35 - 2018-01-01 03:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-09 15:35 - 2018-01-01 03:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-09 15:35 - 2018-01-01 03:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-09 15:35 - 2018-01-01 03:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-09 15:35 - 2018-01-01 03:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-09 15:35 - 2018-01-01 02:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-09 15:35 - 2018-01-01 02:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-09 15:35 - 2018-01-01 02:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-09 15:35 - 2017-12-29 19:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-09 15:35 - 2017-12-29 19:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-09 15:35 - 2017-12-29 19:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-09 15:35 - 2017-12-29 19:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-09 15:35 - 2017-12-29 18:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-09 15:35 - 2017-12-29 18:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-09 15:35 - 2017-12-29 18:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-09 15:35 - 2017-12-29 18:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-09 15:35 - 2017-12-29 10:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-09 15:35 - 2017-12-29 09:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-09 15:35 - 2017-12-29 09:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-09 15:35 - 2017-12-29 09:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-09 15:35 - 2017-12-29 09:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-09 15:35 - 2017-12-29 09:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-09 15:35 - 2017-12-29 09:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-09 15:35 - 2017-12-29 09:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-09 15:35 - 2017-12-29 09:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-09 15:35 - 2017-12-29 08:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-09 15:35 - 2017-12-29 08:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-09 15:35 - 2017-12-29 08:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-09 15:35 - 2017-12-21 07:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-09 15:34 - 2018-01-01 03:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-09 15:34 - 2018-01-01 03:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-09 15:34 - 2018-01-01 03:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-09 15:34 - 2018-01-01 03:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-09 15:34 - 2018-01-01 03:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-09 15:34 - 2018-01-01 03:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-09 15:34 - 2018-01-01 03:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-09 15:34 - 2018-01-01 03:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-09 15:34 - 2018-01-01 03:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-09 15:34 - 2018-01-01 03:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-09 15:34 - 2018-01-01 03:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-09 15:34 - 2018-01-01 03:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-09 15:34 - 2018-01-01 03:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-09 15:34 - 2018-01-01 03:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-09 15:34 - 2018-01-01 03:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-09 15:34 - 2018-01-01 03:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-09 15:34 - 2018-01-01 03:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-09 15:34 - 2018-01-01 03:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-09 15:34 - 2018-01-01 03:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-09 15:34 - 2018-01-01 02:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-09 15:34 - 2018-01-01 02:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-09 15:34 - 2018-01-01 02:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-09 15:34 - 2018-01-01 02:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-09 15:34 - 2018-01-01 02:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-09 15:34 - 2018-01-01 02:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-09 15:34 - 2018-01-01 02:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-09 15:34 - 2018-01-01 02:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-09 15:34 - 2018-01-01 02:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-09 15:34 - 2018-01-01 02:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-09 15:34 - 2018-01-01 02:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-09 15:34 - 2018-01-01 02:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-09 15:34 - 2018-01-01 02:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-09 15:34 - 2018-01-01 02:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-09 15:34 - 2018-01-01 02:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-09 15:34 - 2018-01-01 02:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-09 15:34 - 2018-01-01 02:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-09 15:34 - 2018-01-01 02:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-09 15:34 - 2018-01-01 02:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-09 15:34 - 2018-01-01 02:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-09 15:34 - 2018-01-01 02:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-09 15:34 - 2018-01-01 02:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-09 15:34 - 2018-01-01 02:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-09 15:34 - 2018-01-01 02:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-09 15:34 - 2018-01-01 02:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-09 15:34 - 2017-12-30 08:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-09 15:34 - 2017-12-30 07:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-09 15:34 - 2017-12-29 19:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-09 15:34 - 2017-12-29 19:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-09 15:34 - 2017-12-29 19:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-09 15:34 - 2017-12-29 19:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-09 15:34 - 2017-12-29 19:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-09 15:34 - 2017-12-29 18:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-09 15:34 - 2017-12-29 18:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-09 15:34 - 2017-12-29 18:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-09 15:34 - 2017-12-29 18:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-09 15:34 - 2017-12-29 18:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-09 15:34 - 2017-12-29 18:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-09 15:34 - 2017-12-29 18:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-09 15:34 - 2017-12-29 18:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-09 15:34 - 2017-12-29 18:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-09 15:34 - 2017-12-29 18:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-09 15:34 - 2017-12-29 18:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-09 15:34 - 2017-12-29 18:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-09 15:34 - 2017-12-29 09:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-09 15:34 - 2017-12-29 09:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-09 15:34 - 2017-12-29 09:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-09 15:34 - 2017-12-29 09:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-09 15:34 - 2017-12-29 09:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-09 15:34 - 2017-12-29 09:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-09 15:34 - 2017-12-29 09:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-09 15:34 - 2017-12-29 09:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-09 15:34 - 2017-12-29 09:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-09 15:34 - 2017-12-29 09:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-09 15:34 - 2017-12-29 09:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-09 15:34 - 2017-12-29 09:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-09 15:34 - 2017-12-29 09:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-09 15:34 - 2017-12-29 09:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-09 15:34 - 2017-12-29 09:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-09 15:34 - 2017-12-29 09:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-09 15:34 - 2017-12-29 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-09 15:34 - 2017-12-29 09:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-09 15:34 - 2017-12-29 09:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-09 15:34 - 2017-12-29 09:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-09 15:34 - 2017-12-13 17:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-09 15:34 - 2017-12-13 17:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-09 15:34 - 2017-12-13 17:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-09 15:34 - 2017-12-13 17:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-09 15:34 - 2017-12-13 16:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-09 15:34 - 2017-12-05 18:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-09 15:34 - 2017-12-05 18:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-09 15:34 - 2017-12-05 18:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-09 15:34 - 2017-12-05 18:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-09 15:34 - 2017-12-05 18:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-09 15:34 - 2017-12-05 16:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-09 15:34 - 2017-12-05 16:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-09 15:33 - 2018-01-01 03:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-09 15:33 - 2018-01-01 03:00 - 0000

Attached Files



#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 17 January 2018 - 05:49 PM

Hello OldGirl and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.


I see you have Wise Registry Cleaner installed. I strongly suggest you remove it.

Registry cleaners are extremely powerful applications and their potential for harming your Operating System far outweighs any small potential for improving your computer's performance. There are a number of them available and some are more safe than others. Keep in mind that no two Registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the Registry entry selected for deletion is, a Registry cleaner can end up being an automated method to cause problems with the Registry.
For routine use by those not familiar with the Registry, the benefits to your computer are negligible while the potential risks are great.


I also see you have Glary Utilities installed. I strongly suggest you remove it.

 

This type of program is in the group of "PC Booster/Tune Up" programs. They are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they will often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need.


In addition, your Addition.txt log is reporting some application errors from these two programs (Wise Registry Cleaner and Glary Utilities) so it is strongly advisable to uninstall them.
 

 

Now, please restart the computer.

 

Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 ss_conn_service; no ImagePath
S3 dg_ssudbus; no ImagePath
S3 eapihdrv; no ImagePath
S3 avckf; system32\DRIVERS\avckf.sys [X]
S0 shtcksfo; System32\drivers\jmobh.sys [X]
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {0D278D09-CD4F-410B-AF63-2D7737461461} - System32\Tasks\{6C0BBA4A-1975-460E-B537-9175F80F8B21} => C:\Windows\system32\pcalua.exe -a C:\Windows\Installer\{9AB85248-154A-4338-98A8-F596E85370BF}\NewShortcut11_28FC022BCC1E4545A85BC4157160DDA5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -c C:\Users\Carla\AppData\Local\Temp\The <==== ATTENTION
Task: {2D1BB2B4-4B09-47EC-A88B-C2751875BF76} - System32\Tasks\{924BE526-054E-408F-B842-A59AF8D2D20B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603
Task: {7922D258-515A-455E-9CC7-E48ED142CC0D} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2017-12-06] (WiseCleaner.com)
AlternateDataStreams: C:\Users\Carla\Desktop\7_Zip_(64bit)_v16.04.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\OneDriveSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\PDFCreator-2_5_2-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\Revo_Uninstaller_v2.0.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\iTunes6464Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Malwarebytes_Anti_Malware_v3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\picasa39-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\setup_2_0_0_3.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Shockwave_Installer_Slim.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Silverlight_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Documents\iTunes:com.dropbox.attributes [168]
CMD: ipconfig /flushDNS
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

  • Download Malwarebytes AdwCleaner and move it to your computer Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator.
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it.
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply.

 

In your next reply please post:
The Fixlog.txt.
The AdwCleaner clean log.

How is the computer behavior at this point?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 18 January 2018 - 05:30 AM

Thank you very much Android 888  :)

 

Aswell as doing as advised I deleted Glaries, Malware Hunter and Wise Cleaner (this is the one I think did the damage) with Revo uninstaller.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Carla (18-01-2018 11:38:10) Run:1
Running from C:\Users\Carla\Desktop
Loaded Profiles: Carla (Available Profiles: Carla)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 ss_conn_service; no ImagePath
S3 dg_ssudbus; no ImagePath
S3 eapihdrv; no ImagePath
S3 avckf; system32\DRIVERS\avckf.sys [X]
S0 shtcksfo; System32\drivers\jmobh.sys [X]
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {0D278D09-CD4F-410B-AF63-2D7737461461} - System32\Tasks\{6C0BBA4A-1975-460E-B537-9175F80F8B21} => C:\Windows\system32\pcalua.exe -a C:\Windows\Installer\{9AB85248-154A-4338-98A8-F596E85370BF}\NewShortcut11_28FC022BCC1E4545A85BC4157160DDA5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -c C:\Users\Carla\AppData\Local\Temp\The <==== ATTENTION
Task: {2D1BB2B4-4B09-47EC-A88B-C2751875BF76} - System32\Tasks\{924BE526-054E-408F-B842-A59AF8D2D20B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603
Task: {7922D258-515A-455E-9CC7-E48ED142CC0D} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2017-12-06] (WiseCleaner.com)
AlternateDataStreams: C:\Users\Carla\Desktop\7_Zip_(64bit)_v16.04.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\OneDriveSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\PDFCreator-2_5_2-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Desktop\Revo_Uninstaller_v2.0.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\iTunes6464Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Malwarebytes_Anti_Malware_v3.0.6.1469.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\picasa39-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\setup_2_0_0_3.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Shockwave_Installer_Slim.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Downloads\Silverlight_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Carla\Documents\iTunes:com.dropbox.attributes [168]
CMD: ipconfig /flushDNS
EmptyTemp:

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 => Error: No automatic fix found for this entry.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found
"HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}" => removed successfully
HKLM\Software\Classes\CLSID\{85A60A59-D3D8-468F-B598-FB4393789EF4} => key not found
"HKU\S-1-5-21-2157430116-2143525260-3703734809-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB62324E-88D3-4B7D-9685-ADE22F76385A}" => removed successfully
HKLM\Software\Classes\CLSID\{DB62324E-88D3-4B7D-9685-ADE22F76385A} => key not found
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.it/search?q={searchTerms} => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-2157430116-2143525260-3703734809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01172018193208386 -> {DB62324E-88D3-4B7D-9685-ADE22F76385A} URL = => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\ss_conn_service" => removed successfully
ss_conn_service => service removed successfully
"HKLM\System\CurrentControlSet\Services\dg_ssudbus" => removed successfully
dg_ssudbus => service removed successfully
eapihdrv => service not found.
"HKLM\System\CurrentControlSet\Services\avckf" => removed successfully
avckf => service removed successfully
"HKLM\System\CurrentControlSet\Services\shtcksfo" => removed successfully
shtcksfo => service removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ExpressZip" => removed successfully
HKLM\Software\Classes\CLSID\{8EEA165E-0B8B-4BA7-9796-50214C767171} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ExpressZip" => removed successfully
HKLM\Software\Classes\CLSID\{8EEA165E-0B8B-4BA7-9796-50214C767171} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D278D09-CD4F-410B-AF63-2D7737461461} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D278D09-CD4F-410B-AF63-2D7737461461}" => removed successfully
C:\Windows\System32\Tasks\{6C0BBA4A-1975-460E-B537-9175F80F8B21} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C0BBA4A-1975-460E-B537-9175F80F8B21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D1BB2B4-4B09-47EC-A88B-C2751875BF76}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D1BB2B4-4B09-47EC-A88B-C2751875BF76}" => removed successfully
C:\Windows\System32\Tasks\{924BE526-054E-408F-B842-A59AF8D2D20B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{924BE526-054E-408F-B842-A59AF8D2D20B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7922D258-515A-455E-9CC7-E48ED142CC0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7922D258-515A-455E-9CC7-E48ED142CC0D}" => removed successfully
C:\Windows\System32\Tasks\WiseCleaner\WRCSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => removed successfully
C:\Users\Carla\Desktop\7_Zip_(64bit)_v16.04.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Desktop\OneDriveSetup.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Desktop\PDFCreator-2_5_2-Setup.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Desktop\Revo_Uninstaller_v2.0.3.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\iTunes6464Setup.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\Malwarebytes_Anti_Malware_v3.0.6.1469.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\picasa39-setup.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\setup_2_0_0_3.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\Shockwave_Installer_Slim.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Downloads\Silverlight_x64.exe => ":BDU" ADS removed successfully
C:\Users\Carla\Documents\iTunes => ":com.dropbox.attributes" ADS removed successfully

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 129197128 B
Java, Flash, Steam htmlcache => 744 B
Windows/system/drivers => 1051300 B
Edge => 0 B
Chrome => 0 B
Firefox => 106626835 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 27930682 B
systemprofile32 => 668194 B
LocalService => 72674 B
NetworkService => 257144 B
Carla => 12362532 B

RecycleBin => 5771520 B
EmptyTemp: => 270.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:38:47 ====

 

 

# AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 18 11:07:51 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-16-2018.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.AmazonTB, Plugin found: __MSG_appName__ -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3007 B] - [2017/12/4 11:40:37]
C:/AdwCleaner/AdwCleaner[C1].txt - [1272 B] - [2018/1/13 13:6:22]
C:/AdwCleaner/AdwCleaner[C2].txt - [1477 B] - [2018/1/17 17:23:34]
C:/AdwCleaner/AdwCleaner[S0].txt - [3197 B] - [2017/12/4 11:38:11]
C:/AdwCleaner/AdwCleaner[S1].txt - [1116 B] - [2018/1/13 13:5:7]
C:/AdwCleaner/AdwCleaner[S2].txt - [1355 B] - [2018/1/17 17:21:24]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

 

Rebooted and still have the blue screen and still have to log on in safe mode.



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 18 January 2018 - 03:58 PM

Hello OldGirl.

Okay, the Blue Screen issue appear to be Video driver problem.

Please proceed as follow:

Reboot in Safe Mode;
Go to Control Panel > System and Security;
Under 'System' click on Device Manager;
Click on View > Show Hidden Devices;
Select the little right arrow in front of Non-Plug and Play Drivers to expand the tree;
Now right-click on 'Security Processor Loader Driver' and select Uninstall;
Click the OK button to accept the security warning and uninstall the driver;
Click Yes to restart the computer in Normal Mode.

Now, go to Control Panel > System and Security > Device Manager;
Right click any device and select Scan for hardware changes to reload the devices;

Close the Device Manager window.

Let me know how you get on.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 18 January 2018 - 04:37 PM

Done - had blue screen on first reboot (after uninstalling driver) so had to log on in safe mode. Laptop is slower now (unless it's my imagination!)



#6 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 18 January 2018 - 04:40 PM

This is the error message on the blue screen, if it helps? 

 

"Paged fault in non paged area"



#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 18 January 2018 - 05:09 PM

Yes it may be useful.

Please try the following steps:

Restart the laptop in Safe Mode.
Open the Control Panel and click on System. You can also right-click on Computer or This PC and choose Properties.
Now click on the Advanced System Settings link on the left hand side.
Under 'Performance', click on the Settings button.
Click on the Advanced tab and then click on the Change button under the Virtual Memory heading.
Uncheck the Automatically manage paging file size for all drives box and then select No paging file.
Click OK several times to get out of all the dialog windows and then restart the laptop in Normal Mode.

Once you are back in, follow the exact steps again shown above, but this time select System managed size and check the Automatically manage paging file size for all drives box.

Restart the laptop in Normal Mode and see if you are still getting the blue screen.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 January 2018 - 06:27 AM

No, Im afraid that didnt work, pc still only working in safe mode.



#9 OldGirl

OldGirl

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 19 January 2018 - 11:16 AM

OK not sure what I did! I decided to do all the 'repair' and 'recovery' things I could do on the laptop without any additional software. A few hours later and I can log on normally! The first few attempts of rolling back to an earlier system restore point didnt work before I started the other stuff, but after I managed to go back about a week and everythings fine.

 

I do think it may have been a combination of windows updates and trying to sort out the resultant slow laptop. Using Wisecleaner without the pertinent knowledge was the last nail in the coffin!

 

I will be doing a clean install as it was due so this post can be closed, I dont want to waste anyones precious time.

 

Thank you Android8888 for your help  :)



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 19 January 2018 - 03:24 PM

Excellent! I'm glad to know that you could solve the problem on your own. :thumbsup:

Now you can remove the tools we used in the process:

Delete FRST64.exe and the Fixlog.txt it produced. Remove also the folder C:\FRST.
Open AdwCleaner, click on File, select 'Uninstall' and click on Yes to completely remove the tool.


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your Antivirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.


Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.


Please keep it up-to-date and run it whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.


Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
How did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Come back whenever you need.

Happy surfing and stay safe. :thumbup:

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 31 August 2018 - 09:27 AM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,143 posts

Posted 31 August 2018 - 09:37 AM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button