Jump to content


Photo

Computer "bogged down" sluggish & occasional popups...


  • Please log in to reply
7 replies to this topic

#1 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 29 March 2019 - 04:02 PM

Hi Guys,

 

It has been a while since I have been here, i always appreciate the help this forum provides.  I have one of of my computers that seems to be slowing down.  There are several popups but only on some days, and on other days....none. I've run the recommended logs and the results are posted herein:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/29/19
Scan Time: 5:10 PM
Log File: 22638eb0-5267-11e9-ae8e-acfdced55dd0.json
 
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.9916
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MULTIBRANDS\jlopresti
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 303505
Threats Detected: 33
Threats Quarantined: 33
Time Elapsed: 7 min, 50 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 1
PUP.Optional.AdvertisingExt.Generic, HKU\S-1-5-21-2321501746-3221011889-664855769-1107\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|clhhdhkbhmkgcognecgihpcanlgefjhg, Quarantined, [14632], [542296],1.0.9916
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 6
PUP.Optional.AdvertisingExt.Generic, C:\USERS\JLOPRESTI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\USERS\JLOPRESTI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\_metadata, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\img, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\USERS\JLOPRESTI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHHDHKBHMKGCOGNECGIHPCANLGEFJHG, Quarantined, [14632], [542296],1.0.9916
 
File: 26
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\000003.log, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\CURRENT, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\LOCK, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\LOG, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\MANIFEST-000001, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\000003.log, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\CURRENT, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\LOCK, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\LOG, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\LOG.old, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\clhhdhkbhmkgcognecgihpcanlgefjhg\MANIFEST-000001, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\USERS\JLOPRESTI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\USERS\JLOPRESTI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CLHHDHKBHMKGCOGNECGIHPCANLGEFJHG\9.1.2.6_0\MANIFEST.JSON, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\img\close.svg, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\img\icon.png, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\img\icon48.png, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\img\info.svg, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\_metadata\computed_hashes.json, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\_metadata\verified_contents.json, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\background.html, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\background.js, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\content.js, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\install.js, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\intextContent.js, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\intextstyle.css, Quarantined, [14632], [542296],1.0.9916
PUP.Optional.AdvertisingExt.Generic, C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg\9.1.2.6_0\vsframe.js, Quarantined, [14632], [542296],1.0.9916
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 16th, december 2018
Running from:C:\Users\jlopresti\Desktop (17:22:28 - 03/29/2019)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Reader XI (11.0.23) ==> is no longer supported
Google Chrome (73.0.3683.86)
Malwarebytes (3.7.1.2839)
Mozilla Firefox (66.0.2)
 
***----------------Analysis Complete-------------------------***
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by jlopresti (administrator) on MBIPURCHASING (29-03-2019 17:49:56)
Running from C:\Users\jlopresti\Desktop
Loaded Profiles: jlopresti (Available Profiles: jlopresti & jparu & dmorgan & MBI International)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DISPLAYLINK -> DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe
(Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DISPLAYLINK -> DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) [File not signed] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Users\jlopresti\AppData\Local\Temp\HouseCall\housecall.bin
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Users\jlopresti\AppData\Local\Temp\HouseCall\HouseCallX_x64\HouseCallX.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED) [File not signed]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\MountPoints2: {191808c6-425f-11e5-9e8e-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-26] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2018-11-21]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) [File not signed]
Startup: C:\Users\jlopresti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-01-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 9.9.9.9 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{5EF538D7-9930-4DC4-BDD6-B0DEDFA679D9}: [DhcpNameServer] 9.9.9.9 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{DDFA3302-E776-4DF2-91B3-D705D0CC9D72}: [NameServer] 192.168.1.250,8.8.8.8
Tcpip\..\Interfaces\{DDFA3302-E776-4DF2-91B3-D705D0CC9D72}: [DhcpNameServer] 9.9.9.9 8.8.8.8 4.2.2.2
 
Internet Explorer:
==================
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> DefaultScope {032AD080-301F-45E5-B6CB-9A76282F75CA} URL = 
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {032AD080-301F-45E5-B6CB-9A76282F75CA} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-03-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-03-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: wu3uz3qi.default
FF ProfilePath: C:\Users\jlopresti\AppData\Roaming\Mozilla\Firefox\Profiles\wu3uz3qi.default [2019-03-29]
FF Homepage: Mozilla\Firefox\Profiles\wu3uz3qi.default -> www.mbitoner.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default [2019-03-29]
CHR Extension: (Slides) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-20]
CHR Extension: (Docs) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-20]
CHR Extension: (Google Drive) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-20]
CHR Extension: (YouTube) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-20]
CHR Extension: (No Name) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhdhkbhmkgcognecgihpcanlgefjhg [2019-03-29]
CHR Extension: (Sheets) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20]
CHR Extension: (Gmail) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11150824 2019-03-22] (Microsoft Corporation -> Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DISPLAYLINK -> DisplayLink Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (LENOVO -> Lenovo)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Leader Technologies Inc -> Aviata, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-01-19] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] (Intel Corporation-Mobile Wireless Group -> )
R2 PCM3.0 for SCCM Agent; C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe [571712 2014-03-03] (Lenovo -> )
R2 PCMAgent; C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe [902952 2015-08-14] (Lenovo -> Lenovo)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205608 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254408 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196304 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320904 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58168 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42496 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169104 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034640 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476256 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-11-25] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-06] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586016 2013-08-30] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R1 NetWorkLocker; C:\Windows\syswow64\drivers\NetworkLocker_x64.sys [20392 2015-08-14] (Lenovo -> )
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [334488 2017-10-17] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-29 17:51 - 2019-03-29 17:51 - 000656171 _____ C:\Users\jlopresti\AppData\Local\census.cache
2019-03-29 17:49 - 2019-03-29 17:52 - 000024193 _____ C:\Users\jlopresti\Desktop\FRST.txt
2019-03-29 17:49 - 2019-03-29 17:49 - 000000000 ____D C:\FRST
2019-03-29 17:48 - 2019-03-29 17:48 - 000313647 _____ C:\Users\jlopresti\AppData\Local\ars.cache
2019-03-29 17:47 - 2019-03-29 17:47 - 002434048 _____ (Farbar) C:\Users\jlopresti\Downloads\FRST64.exe
2019-03-29 17:22 - 2019-03-29 17:22 - 000000961 _____ C:\Users\jlopresti\Desktop\SALog.txt
2019-03-29 17:20 - 2019-03-29 17:20 - 000008030 _____ C:\Users\jlopresti\Desktop\MB RESULTS.txt
2019-03-29 17:11 - 2019-03-29 17:11 - 000000010 _____ C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache
2019-03-29 17:09 - 2019-03-29 17:09 - 000000000 ____D C:\Users\jlopresti\AppData\Local\mbam
2019-03-29 17:09 - 2019-03-29 17:09 - 000000000 ____D C:\ProgramData\Trend Micro
2019-03-29 17:08 - 2019-03-29 17:08 - 000000000 ____D C:\Windows\Trend Micro
2019-03-29 17:05 - 2019-03-29 17:04 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-03-29 17:04 - 2019-03-29 17:04 - 000000000 ____D C:\Users\jlopresti\AppData\Local\mbamtray
2019-03-29 17:03 - 2019-03-29 17:03 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-29 17:03 - 2019-03-29 17:03 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-03-29 17:03 - 2019-03-29 17:03 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-03-29 17:03 - 2019-03-29 17:03 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-03-29 17:03 - 2019-03-29 17:03 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-29 17:03 - 2019-03-29 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-29 17:02 - 2019-03-29 17:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-29 17:02 - 2019-03-29 17:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-29 17:02 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-29 17:02 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2019-03-29 17:01 - 2019-03-29 17:01 - 002527376 _____ (Trend Micro Inc.) C:\Users\jlopresti\Downloads\HousecallLauncher64.exe
2019-03-29 17:01 - 2019-03-29 17:01 - 000000036 _____ C:\Users\jlopresti\AppData\Local\housecall.guid.cache
2019-03-29 17:00 - 2019-03-29 17:00 - 002434048 _____ (Farbar) C:\Users\jlopresti\Desktop\FRST64.exe
2019-03-29 17:00 - 2019-03-29 17:00 - 000899584 _____ C:\Users\jlopresti\Desktop\RGSA.exe
2019-03-29 16:59 - 2019-03-29 17:00 - 062540088 _____ (Malwarebytes ) C:\Users\jlopresti\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9910.exe
2019-03-28 10:53 - 2019-03-28 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-03-28 10:52 - 2019-03-28 10:52 - 007657592 _____ (ESET spol. s r.o.) C:\Users\jlopresti\Downloads\esetonlinescanner_enu (1).exe
2019-03-28 10:42 - 2019-03-28 10:42 - 000000000 _____ C:\Users\jlopresti\Downloads\malwares detected (1).htm
2019-03-22 13:34 - 2019-03-22 13:34 - 007657592 _____ (ESET spol. s r.o.) C:\Users\jlopresti\Downloads\esetonlinescanner_enu.exe
2019-03-22 13:34 - 2019-03-22 13:34 - 000000000 ____D C:\Users\jlopresti\AppData\Local\ESET
2019-03-22 13:33 - 2019-03-22 13:34 - 000000000 ____D C:\AdwCleaner
2019-03-22 13:33 - 2019-03-22 13:33 - 007316688 _____ (Malwarebytes) C:\Users\jlopresti\Downloads\adwcleaner_7.2.7.0.exe
2019-03-22 13:33 - 2019-03-22 13:33 - 007316688 _____ (Malwarebytes) C:\Users\jlopresti\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-22 13:27 - 2019-03-22 13:27 - 000000000 _____ C:\Users\jlopresti\Downloads\malwares detected.htm
2019-03-19 14:15 - 2019-03-26 14:23 - 000012406 _____ C:\Users\jlopresti\Documents\Amazon Results.xlsx
2019-03-18 09:01 - 2019-03-18 09:00 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-03-12 19:31 - 2019-03-05 23:18 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-03-12 19:31 - 2019-03-05 23:18 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-03-12 19:31 - 2019-03-05 23:14 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-03-12 19:31 - 2019-03-05 23:14 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-03-12 19:31 - 2019-03-05 23:13 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-03-12 19:31 - 2019-03-05 23:13 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-03-12 19:31 - 2019-03-05 23:12 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-03-12 19:31 - 2019-03-05 23:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-03-12 19:31 - 2019-03-05 23:04 - 004055784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-03-12 19:31 - 2019-03-05 23:04 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-03-12 19:31 - 2019-03-05 23:02 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-03-12 19:31 - 2019-03-05 23:01 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-03-12 19:31 - 2019-03-05 23:01 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-03-12 19:31 - 2019-03-05 23:01 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-03-12 19:31 - 2019-03-05 23:01 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-03-12 19:31 - 2019-03-05 23:00 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-03-12 19:31 - 2019-03-05 22:42 - 003228160 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-03-12 19:31 - 2019-03-05 22:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-03-12 19:31 - 2019-03-05 22:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-03-12 19:31 - 2019-03-05 22:38 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-03-12 19:31 - 2019-03-05 22:38 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-03-12 19:31 - 2019-03-05 22:38 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-03-12 19:31 - 2019-03-05 22:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-03-12 19:31 - 2019-03-05 22:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-03-12 19:31 - 2019-03-05 22:37 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-03-12 19:31 - 2019-03-04 22:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-03-12 19:31 - 2019-02-26 18:41 - 000397104 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-03-12 19:31 - 2019-02-26 17:47 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-03-12 19:31 - 2019-02-26 03:57 - 025737216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-03-12 19:31 - 2019-02-26 03:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-03-12 19:31 - 2019-02-26 03:45 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-03-12 19:31 - 2019-02-26 03:33 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-03-12 19:31 - 2019-02-26 03:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-03-12 19:31 - 2019-02-26 03:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-03-12 19:31 - 2019-02-26 03:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-03-12 19:31 - 2019-02-26 03:31 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-03-12 19:31 - 2019-02-26 03:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-03-12 19:31 - 2019-02-26 03:25 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-03-12 19:31 - 2019-02-26 03:25 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-03-12 19:31 - 2019-02-26 03:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-03-12 19:31 - 2019-02-26 03:22 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-03-12 19:31 - 2019-02-26 03:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-03-12 19:31 - 2019-02-26 03:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-03-12 19:31 - 2019-02-26 03:20 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-03-12 19:31 - 2019-02-26 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-03-12 19:31 - 2019-02-26 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-03-12 19:31 - 2019-02-26 03:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-03-12 19:31 - 2019-02-26 03:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-03-12 19:31 - 2019-02-26 03:09 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-03-12 19:31 - 2019-02-26 03:07 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-03-12 19:31 - 2019-02-26 03:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-03-12 19:31 - 2019-02-26 03:06 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-03-12 19:31 - 2019-02-26 03:06 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-03-12 19:31 - 2019-02-26 03:05 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-03-12 19:31 - 2019-02-26 03:04 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-03-12 19:31 - 2019-02-26 03:03 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-03-12 19:31 - 2019-02-26 03:02 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-03-12 19:31 - 2019-02-26 03:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-03-12 19:31 - 2019-02-26 03:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-03-12 19:31 - 2019-02-26 03:00 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-03-12 19:31 - 2019-02-26 02:59 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-03-12 19:31 - 2019-02-26 02:58 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-03-12 19:31 - 2019-02-26 02:58 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-03-12 19:31 - 2019-02-26 02:57 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-03-12 19:31 - 2019-02-26 02:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-03-12 19:31 - 2019-02-26 02:57 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-03-12 19:31 - 2019-02-26 02:56 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-03-12 19:31 - 2019-02-26 02:54 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-03-12 19:31 - 2019-02-26 02:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-03-12 19:31 - 2019-02-26 02:46 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-03-12 19:31 - 2019-02-26 02:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-03-12 19:31 - 2019-02-26 02:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-03-12 19:31 - 2019-02-26 02:43 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-03-12 19:31 - 2019-02-26 02:43 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-03-12 19:31 - 2019-02-26 02:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-03-12 19:31 - 2019-02-26 02:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-03-12 19:31 - 2019-02-26 02:41 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-03-12 19:31 - 2019-02-26 02:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-03-12 19:31 - 2019-02-26 02:41 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-03-12 19:31 - 2019-02-26 02:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-03-12 19:31 - 2019-02-26 02:39 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-03-12 19:31 - 2019-02-26 02:38 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-03-12 19:31 - 2019-02-26 02:35 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-03-12 19:31 - 2019-02-26 02:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-03-12 19:31 - 2019-02-26 02:31 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-03-12 19:31 - 2019-02-26 02:31 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-03-12 19:31 - 2019-02-26 02:30 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-03-12 19:31 - 2019-02-26 02:29 - 013681664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-03-12 19:31 - 2019-02-26 02:29 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-03-12 19:31 - 2019-02-26 02:18 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-03-12 19:31 - 2019-02-26 02:12 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-03-12 19:31 - 2019-02-26 02:09 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-03-12 19:31 - 2019-02-26 02:07 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-03-12 19:31 - 2019-02-26 02:06 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-03-12 19:31 - 2019-02-21 23:07 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-03-12 19:31 - 2019-02-21 22:55 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-03-12 19:31 - 2019-02-21 22:35 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-03-12 19:31 - 2019-02-16 02:02 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-03-12 19:31 - 2019-02-16 02:02 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-03-12 19:31 - 2019-02-16 02:02 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-03-12 19:31 - 2019-02-16 02:02 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-03-12 19:31 - 2019-02-16 02:02 - 000443904 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-03-12 19:31 - 2019-02-16 01:50 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-03-12 19:31 - 2019-02-16 01:50 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-03-12 19:31 - 2019-02-16 01:50 - 000321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-03-12 19:31 - 2019-02-16 01:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-03-12 19:31 - 2019-02-16 01:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-03-12 19:31 - 2019-02-15 12:09 - 000485888 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-03-12 19:31 - 2019-02-15 12:09 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-03-12 19:31 - 2019-02-15 11:58 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-03-12 19:31 - 2019-02-15 11:58 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-03-12 19:31 - 2019-02-15 11:40 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-03-12 19:31 - 2019-02-15 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-03-12 19:31 - 2019-02-15 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-03-12 19:31 - 2019-02-15 11:38 - 000360960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-03-12 19:31 - 2019-02-15 11:38 - 000053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-03-12 19:31 - 2019-02-15 11:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-03-12 19:31 - 2019-02-10 12:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-03-12 19:31 - 2019-02-10 12:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-03-12 19:31 - 2019-02-10 12:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-03-12 19:31 - 2019-02-10 12:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-03-12 19:31 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-03-12 19:31 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-03-12 19:31 - 2019-02-10 12:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-03-12 19:31 - 2019-02-10 12:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-03-12 19:31 - 2019-02-10 12:10 - 001680104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-03-12 19:31 - 2019-02-10 12:10 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-03-12 19:31 - 2019-02-10 12:09 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-03-12 19:31 - 2019-02-10 12:09 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-03-12 19:31 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-03-12 19:31 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-03-12 19:31 - 2019-02-10 12:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
201
JoeFixes
(But only if its Broke)

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 29 March 2019 - 05:15 PM

Hello JoeFixes and welcome back to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

Please post the entire content of the Addition.txt log that was created by FRST and saved in your Desktop. I need to see that log in order to help you.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 01 April 2019 - 02:09 PM

Hi Android,

 

Thank you for your prompt reply   I thought I had attached that extra file....apparently not though.  Here it is this time!

 

Thank you

 

joefixes

Attached Files


JoeFixes
(But only if its Broke)

#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 02 April 2019 - 12:55 PM

Hi JoeFixes,

Thank you for attaching the log.


First, remove the unknown Extension from Chrome (if it's still present).
Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extension No Name
A confirmation dialog appears, click Remove.



Now read the instructions below and run the following script fix with FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows + R keys simultaneously on your keyboard. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> DefaultScope {032AD080-301F-45E5-B6CB-9A76282F75CA} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {032AD080-301F-45E5-B6CB-9A76282F75CA} URL =
2019-03-29 17:51 - 2019-03-29 17:51 - 000656171 _____ C:\Users\jlopresti\AppData\Local\census.cache
2019-03-29 17:48 - 2019-03-29 17:48 - 000313647 _____ C:\Users\jlopresti\AppData\Local\ars.cache
2019-03-29 17:11 - 2019-03-29 17:11 - 000000010 _____ C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache
2019-03-29 17:48 - 2019-03-29 17:48 - 000313647 _____ () C:\Users\jlopresti\AppData\Local\ars.cache
2019-03-29 17:51 - 2019-03-29 17:51 - 000656171 _____ () C:\Users\jlopresti\AppData\Local\census.cache
2019-03-29 17:01 - 2019-03-29 17:01 - 000000036 _____ () C:\Users\jlopresti\AppData\Local\housecall.guid.cache
2019-03-29 17:11 - 2019-03-29 17:11 - 000000010 _____ () C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
CMD: ipconfig /flushdns
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

  • Please download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply.

Note: The log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt, where xx is a number (the highest number is the most recent and the one I need to see).


To summarize, please post the contents of:
Fixlog.txt
AdwCleaner clean log.

Let me know how is the computer running now. Are the pop-ups still occurring? If so, in what browser(s)?
 
Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 02 April 2019 - 01:43 PM

Hi Android, 

 

Below is the FIXLOG

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by jlopresti (02-04-2019 15:09:56) Run:1
Running from C:\Users\jlopresti\Desktop
Loaded Profiles: jlopresti (Available Profiles: jlopresti & jparu & dmorgan & MBI International)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> DefaultScope {032AD080-301F-45E5-B6CB-9A76282F75CA} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {032AD080-301F-45E5-B6CB-9A76282F75CA} URL =
2019-03-29 17:51 - 2019-03-29 17:51 - 000656171 _____ C:\Users\jlopresti\AppData\Local\census.cache
2019-03-29 17:48 - 2019-03-29 17:48 - 000313647 _____ C:\Users\jlopresti\AppData\Local\ars.cache
2019-03-29 17:11 - 2019-03-29 17:11 - 000000010 _____ C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache
2019-03-29 17:48 - 2019-03-29 17:48 - 000313647 _____ () C:\Users\jlopresti\AppData\Local\ars.cache
2019-03-29 17:51 - 2019-03-29 17:51 - 000656171 _____ () C:\Users\jlopresti\AppData\Local\census.cache
2019-03-29 17:01 - 2019-03-29 17:01 - 000000036 _____ () C:\Users\jlopresti\AppData\Local\housecall.guid.cache
2019-03-29 17:11 - 2019-03-29 17:11 - 000000010 _____ () C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
CMD: ipconfig /flushdns
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => invalid subkey removed.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2321501746-3221011889-664855769-1107\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{032AD080-301F-45E5-B6CB-9A76282F75CA} => removed successfully
HKLM\Software\Classes\CLSID\{032AD080-301F-45E5-B6CB-9A76282F75CA} => not found
C:\Users\jlopresti\AppData\Local\census.cache => moved successfully
C:\Users\jlopresti\AppData\Local\ars.cache => moved successfully
C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache => moved successfully
"C:\Users\jlopresti\AppData\Local\ars.cache" => not found
"C:\Users\jlopresti\AppData\Local\census.cache" => not found
C:\Users\jlopresti\AppData\Local\housecall.guid.cache => moved successfully
"C:\Users\jlopresti\AppData\Local\sponge.last.runtime.cache" => not found
C:\Windows\SysWOW64\dlumd10.dll => moved successfully
C:\Windows\SysWOW64\dlumd11.dll => moved successfully
C:\Windows\SysWOW64\dlumd9.dll => moved successfully
C:\Windows\System32\dlumd10.dll => moved successfully
C:\Windows\System32\dlumd11.dll => moved successfully
C:\Windows\System32\dlumd9.dll => moved successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8061164 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 216781320 B
Edge => 0 B
Chrome => 428395598 B
Firefox => 1085885724 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
jlopresti => 388556073 B
jparu => 65655781 B
dmorgan => 9461109 B
MBI International => 3937437 B
 
RecycleBin => 39800 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:12:05 ====
 
ADWCleaner did not find anything, so there was no LOG for that.  
 
Let me run this PC for a few days to see how it handles.  
 
Thank you for your help.  I will be back to you in a day or so with some additional results.
 
JoeFixes

JoeFixes
(But only if its Broke)

#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 03 April 2019 - 08:58 AM

Hi JoeFixes,

 

I'll be waiting for your feedback.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 04 April 2019 - 09:04 AM

Android,

 

I thought we could close out this topic.  The PC seems to be running nicely again thanks to your help.  Non popups and it appears to be a bit faster.  That could be imaginary, but I suspect not!

 

Thank you again.

 

JoeFixes


JoeFixes
(But only if its Broke)

#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 04 April 2019 - 10:33 AM

Hi JoeFixes, thank you for the feedback.

 

You're welcome and I'm glad to know the computer is running well. :icon14a:


Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to infect the computers.

I highly recommend you running a program like UCheck or FileHippo Update Checker to see what programs need to be updated.


When the updates are done and if all is well, you can uninstall FRST and AdwCleaner.

To remove FRST:
Rename FRST.exe to Uninstall.exe;
Right clik on Uninstall.exe and select Run as administrator;
Click Yes to accept the UAC warning that may appear.

To remove AdwCleaner:
Open AdwCleaner;
On the left menu pane select Settings;
Select the Application tab and click on Remove button.


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep all programs up-to-date, as well as your Windows Operating System and Antivirus in particular.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
How did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe.


Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button