Solved Not sure what fixlist.txt file I need

Broni · May 2, 2018

2018-04-10 17:24 - 2018-03-29 22:33 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dmvsc.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HyperVideo.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\sysntfy.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\appidtel.exe
2018-04-10 17:24 - 2018-03-29 22:33 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hyperkbd.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgencounter.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-10 17:24 - 2018-03-29 22:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgid.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2018-04-10 17:24 - 2018-03-29 22:33 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2018-04-10 17:24 - 2018-03-29 22:32 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2018-04-10 17:24 - 2018-03-29 22:32 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2018-04-10 17:24 - 2018-03-29 22:32 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\efslsaext.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2018-04-10 17:24 - 2018-03-29 22:32 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys
2018-04-10 17:24 - 2018-03-29 22:32 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Synth3dVsc.sys
2018-04-10 17:24 - 2018-03-29 22:32 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\efssvc.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerSvc.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdPnp.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2018-04-10 17:24 - 2018-03-29 22:32 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmiprop.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWNet.dll
2018-04-10 17:24 - 2018-03-29 22:32 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
2018-04-10 17:24 - 2018-03-29 22:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2018-04-10 17:24 - 2018-03-29 22:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2018-04-10 17:24 - 2018-03-29 22:32 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2018-04-10 17:24 - 2018-03-29 22:31 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2018-04-10 17:24 - 2018-03-29 22:31 - 000286208 _____ (Microsoft Corporation) C:\Windows\system32\icsvc.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\WPTaskScheduler.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-10 17:24 - 2018-03-29 22:31 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-10 17:24 - 2018-03-29 22:31 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2018-04-10 17:24 - 2018-03-29 22:31 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2018-04-10 17:24 - 2018-03-29 22:30 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\icsvcext.dll
2018-04-10 17:24 - 2018-03-29 22:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2018-04-10 17:24 - 2018-03-29 22:30 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2018-04-10 17:24 - 2018-03-29 22:30 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-10 17:24 - 2018-03-29 22:30 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2018-04-10 17:24 - 2018-03-29 22:29 - 000723968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2018-04-10 17:24 - 2018-03-29 22:29 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2018-04-10 17:24 - 2018-03-29 22:29 - 000298496 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2018-04-10 17:24 - 2018-03-29 22:29 - 000253440 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2018-04-10 17:24 - 2018-03-29 22:28 - 000984064 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-04-10 17:24 - 2018-03-29 22:28 - 000820224 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2018-04-10 17:24 - 2018-03-29 22:28 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-10 17:24 - 2018-03-29 22:27 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-10 17:24 - 2018-03-29 22:27 - 000889856 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-04-10 17:24 - 2018-03-29 22:27 - 000332288 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2018-04-10 17:24 - 2018-03-29 22:27 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2018-04-10 17:24 - 2018-03-29 22:25 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-04-10 17:24 - 2018-03-29 22:25 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2018-04-10 17:24 - 2018-03-29 22:25 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-04-10 17:24 - 2018-03-29 22:25 - 000270848 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-04-10 17:24 - 2018-03-29 22:23 - 000387584 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2018-04-10 17:24 - 2018-03-29 22:23 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2018-04-10 17:24 - 2018-03-29 22:23 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2018-04-10 17:24 - 2018-03-29 22:22 - 000826880 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2018-04-10 17:24 - 2018-03-29 22:22 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys
2018-04-10 17:24 - 2018-03-29 22:22 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\fdPnp.dll
2018-04-10 17:24 - 2018-03-29 22:20 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
2018-04-10 17:24 - 2018-03-29 22:20 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\wmiprop.dll
2018-04-10 17:24 - 2018-03-29 22:20 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
2018-04-10 17:24 - 2018-03-29 22:20 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys
2018-04-10 17:24 - 2018-03-13 01:58 - 000441248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-04-10 17:24 - 2018-03-13 01:55 - 000417440 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2018-04-10 17:24 - 2018-03-13 01:53 - 000143264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2018-04-10 17:24 - 2018-03-13 01:52 - 000127136 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2018-04-10 17:24 - 2018-03-13 00:40 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-04-10 17:24 - 2018-03-13 00:38 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2018-04-10 17:24 - 2018-03-13 00:38 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2018-04-10 17:24 - 2018-03-13 00:38 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2018-04-10 17:24 - 2018-03-13 00:37 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\NetDriverInstall.dll
2018-04-10 17:24 - 2018-03-13 00:37 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2018-04-10 17:24 - 2018-03-13 00:37 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2018-04-10 17:24 - 2018-03-13 00:35 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2018-04-10 17:24 - 2018-03-13 00:35 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-04-10 17:24 - 2018-03-13 00:35 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\TtlsAuth.dll
2018-04-10 17:24 - 2018-03-13 00:35 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\TtlsCfg.dll
2018-04-10 17:24 - 2018-03-13 00:35 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll
2018-04-10 17:24 - 2018-03-13 00:34 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\TtlsExt.dll
2018-04-10 17:24 - 2018-03-13 00:34 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2018-04-10 17:24 - 2018-03-13 00:34 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2018-04-10 17:24 - 2018-03-13 00:33 - 000278528 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2018-04-10 17:24 - 2018-03-13 00:33 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2018-04-10 17:24 - 2018-03-13 00:32 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2018-04-10 17:24 - 2018-03-13 00:32 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2018-04-10 17:24 - 2018-03-13 00:31 - 002849792 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2018-04-10 17:24 - 2018-03-13 00:31 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-04-10 17:24 - 2018-03-13 00:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2018-04-10 17:24 - 2018-03-13 00:26 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2018-04-10 17:24 - 2018-03-13 00:25 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2018-04-10 17:24 - 2018-03-13 00:24 - 001275904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2018-04-10 17:24 - 2018-03-12 23:44 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2018-04-10 17:24 - 2018-03-12 23:40 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-04-10 17:24 - 2018-03-12 23:39 - 000230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-04-10 17:24 - 2018-03-12 23:39 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsCfg.dll
2018-04-10 17:24 - 2018-03-12 23:38 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlgpclnt.dll
2018-04-10 17:24 - 2018-03-12 23:37 - 000537088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-04-10 17:24 - 2018-03-12 23:37 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2018-04-10 17:24 - 2018-03-12 23:37 - 000091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2018-04-10 17:24 - 2018-03-12 23:36 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-04-10 17:24 - 2018-03-12 23:36 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2018-04-10 17:24 - 2018-03-12 23:34 - 000706048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-04-10 17:24 - 2018-03-12 23:32 - 001948672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-04-10 17:24 - 2018-03-12 23:31 - 001348608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-04-08 13:23 - 2018-04-08 13:23 - 005561344 _____ C:\Users\Joel Siskin\Downloads\Journal Club Presentation 4-12-18.ppt
2018-04-08 13:06 - 2018-04-08 13:06 - 000049687 _____ C:\Users\Joel Siskin\Downloads\mp2017100x2.xlsx
2018-04-04 18:02 - 2018-04-04 18:02 - 000018466 _____ C:\Users\Joel Siskin\Downloads\HMM KGACMINUR (1).xlsx
2018-04-04 17:54 - 2018-04-04 18:02 - 000018465 _____ C:\Users\Joel Siskin\Downloads\HMM KGACMINUR.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-02 20:21 - 2017-12-08 19:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-02 20:21 - 2017-09-29 03:45 - 000786432 _____ C:\Windows\system32\config\BBI
2018-05-02 20:20 - 2017-08-13 21:40 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-05-02 19:56 - 2017-12-09 15:20 - 000002612 _____ C:\Users\Joel Siskin\Desktop\Google Chrome Canary.lnk
2018-05-02 19:52 - 2017-12-08 19:23 - 000000000 ____D C:\Users\Joel Siskin
2018-05-02 19:40 - 2017-06-20 10:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-02 19:37 - 2017-12-08 19:23 - 000000000 ____D C:\Users\defaultuser0
2018-05-02 19:13 - 2017-12-08 19:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-02 19:06 - 2018-02-24 18:51 - 000004178 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF9EC59A-62D0-4558-BD5C-FAF491BF8747}
2018-05-02 12:11 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-02 12:11 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-02 12:11 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-02 08:39 - 2018-01-21 17:08 - 000000000 ____D C:\Windows\Minidump
2018-05-02 06:45 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-05-01 15:52 - 2017-09-29 08:44 - 000000000 ____D C:\Windows\INF
2018-05-01 15:49 - 2017-12-08 19:36 - 001840180 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-30 07:44 - 2018-03-17 07:30 - 000000000 ____D C:\Users\Joel Siskin\Desktop\Circadian Reading
2018-04-29 00:39 - 2017-06-08 22:10 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\Twitch
2018-04-28 07:59 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\rescache
2018-04-27 22:19 - 2017-12-08 19:35 - 000003388 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4090326390-2817603738-170678854-1005
2018-04-27 22:19 - 2017-06-09 04:41 - 000002381 _____ C:\Users\Joel Siskin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-27 22:19 - 2017-06-09 04:41 - 000000000 ___RD C:\Users\Joel Siskin\OneDrive
2018-04-27 17:46 - 2017-09-29 03:45 - 018087936 _____ C:\Windows\system32\config\HARDWARE
2018-04-12 14:12 - 2017-12-08 19:35 - 000002206 _____ C:\Windows\System32\Tasks\StartCN
2018-04-12 14:10 - 2018-01-22 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2018-04-12 14:10 - 2017-11-30 06:09 - 000000000 ___DC C:\Windows\Panther
2018-04-12 14:10 - 2017-06-10 18:39 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\Azureus
2018-04-12 14:10 - 2017-06-10 11:59 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-11 20:46 - 2017-09-08 10:20 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\RStudio
2018-04-11 20:37 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-11 20:37 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-11 20:37 - 2016-09-08 16:02 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-11 20:33 - 2018-03-18 16:10 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\Spotify
2018-04-11 20:33 - 2018-03-18 16:10 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\Spotify
2018-04-11 20:17 - 2017-06-10 18:20 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\uTorrent
2018-04-11 19:58 - 2017-06-12 01:55 - 000000000 ____D C:\ProgramData\WinZip
2018-04-11 19:17 - 2017-11-15 00:40 - 000000000 ____D C:\Users\Joel Siskin\AppData\LocalLow\uTorrent
2018-04-11 19:05 - 2016-07-16 06:47 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-11 19:04 - 2017-04-11 11:41 - 000000000 ____D C:\AMD
2018-04-11 19:03 - 2017-09-14 08:15 - 000000000 ____D C:\Program Files\Caliper Life Sciences
2018-04-11 19:02 - 2017-06-08 13:48 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\Google
2018-04-11 03:27 - 2017-12-09 15:20 - 000002578 _____ C:\Users\Joel Siskin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2018-04-11 01:57 - 2017-12-08 19:38 - 000000000 ___RD C:\Users\Joel Siskin\3D Objects
2018-04-11 01:57 - 2016-08-31 13:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-10 22:11 - 2018-03-17 07:43 - 000000000 ____D C:\Users\Joel Siskin\Desktop\JC Presentations
2018-04-10 22:11 - 2017-09-29 08:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-04-10 22:11 - 2017-09-29 08:46 - 000000000 ___SD C:\Windows\system32\F12
2018-04-10 22:11 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-10 22:11 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-04-10 22:11 - 2017-09-08 10:19 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\RStudio-Desktop
2018-04-10 17:38 - 2017-06-10 09:04 - 000000000 ____D C:\Windows\system32\MRT
2018-04-10 17:36 - 2017-10-10 13:42 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-10 17:36 - 2017-09-29 08:37 - 000000000 ____D C:\Windows\CbsTemp
2018-04-10 17:36 - 2017-06-10 09:04 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-10 17:28 - 2017-12-12 19:48 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2018-04-08 13:24 - 2017-12-08 19:24 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\Packages
2018-04-04 17:54 - 2018-03-24 15:49 - 000000000 ____D C:\Users\Joel Siskin\Desktop\HMM Files

==================== Files in the root of some directories =======

19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Users\Joel Siskin\eYoyoaeeaYQzO.exe
19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\IEYZ.exe
2018-04-11 19:02 - 2018-04-11 19:02 - 000140800 _____ () C:\Users\Joel Siskin\AppData\Local\installer.dat
2017-12-08 21:06 - 2017-12-08 21:06 - 000007602 _____ () C:\Users\Joel Siskin\AppData\Local\Resmon.ResmonCfg
2018-04-11 19:04 - 2018-04-11 19:04 - 000000003 _____ () C:\Users\Joel Siskin\AppData\Local\wbem.ini
2017-09-08 11:09 - 2018-03-29 17:15 - 000069632 _____ () C:\Users\Joel Siskin\AppData\Local\WebpageIcons.db

Some files in TEMP:
====================
2018-05-02 18:47 - 2018-03-13 02:02 - 001954048 _____ (Microsoft Corporation) C:\Users\Joel Siskin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-01 03:46

==================== End of FRST.txt ============================

Broni · May 2, 2018

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Joel Siskin (02-05-2018 20:37:30)
Running from C:\Users\Joel Siskin\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2017-12-09 00:38:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4090326390-2817603738-170678854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4090326390-2817603738-170678854-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4090326390-2817603738-170678854-1004 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4090326390-2817603738-170678854-501 - Limited - Disabled)
Joel Siskin (S-1-5-21-4090326390-2817603738-170678854-1005 - Administrator - Enabled) => C:\Users\Joel Siskin
WDAGUtilityAccount (S-1-5-21-4090326390-2817603738-170678854-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
ACT Millennium (HKLM-x32\...\{E0A46FD1-C0CE-491F-84FF-17BB813E7C78}) (Version: 3.68.0.1 - AMI)
Activision(R) (HKLM-x32\...\{38594A42-596E-4A30-A658-A7D23781AE53}) (Version: 1.00.0000 - Activision) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Caesar III (HKLM-x32\...\InstallShield_{38594A42-596E-4A30-A658-A7D23781AE53}) (Version: 1.00.0000 - Activision)
Catalyst Control Center Next Localization BR (HKLM\...\{3D91E9F5-EC0A-893D-E776-4979F24655D5}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{574019E3-7456-FA60-5CC1-35109C802C19}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{86C7F189-195F-0134-A755-831676F37E5D}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ABAC575D-B777-DFCB-B401-F6F41AD691FD}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{35FAB53D-C25A-4D42-82CA-FB2C6B2F5439}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0D43EA9F-25E6-739B-BDFE-07B7F2AA5160}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{4CB65FC1-686D-4C61-9E8E-2DF84B0A42E6}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{4D8B78D4-1D74-17E1-9192-591C492932CC}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{118D1DFE-26AE-C7C0-C408-73D50B54ECFD}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{0909BE96-1179-8554-BDD8-421E3A5A02F5}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{CD191D52-613E-66ED-D840-E150BC1BEC46}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{E18773D9-93C0-E554-D396-DC87FC7CC904}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{BBD3BAEC-F5EB-6856-99DE-25F7EF25FD7F}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{4FA243AC-8DA9-0F71-164E-C9E5DFEA34F4}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8BEF39D6-EE04-379F-C82E-6A4B0F73EC0E}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DF1D7FA-29FB-91D6-0CC6-3DAE86930C2B}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F4F790F4-5C97-FF8C-3848-A87BB2D252C5}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D9B90C6-1F40-4E94-F82F-ED6B1BC10170}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{E98A1EEA-5722-2F1D-4F2F-9E517F490742}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7DD7B073-5C9C-7489-3E7B-7A941DC6382B}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A7D7F015-6567-A195-32DD-CBF42703695D}) (Version: 2017.0331.729.11648 - Advanced Micro Devices, Inc.) Hidden
Citrix Receiver 4.10 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.10.1.22 - Citrix Systems, Inc.)
Discord (HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\Discord) (Version: 0.0.300 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\Google Chrome SxS) (Version: 67.0.3394.0 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IsoBuster 4.1 (HKLM-x32\...\IsoBuster_is1) (Version: 4.1 - Smart Projects)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Online Plug-in (HKLM-x32\...\{B1EEA0C1-6B1C-4A55-8893-4EC10C8217D2}) (Version: 14.10.1.22 - Citrix Systems, Inc.) Hidden
PeaZip 6.5.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.5.0 - Giorgio Tani)
R for Windows 3.4.4 (HKLM\...\R for Windows 3.4.4_is1) (Version: 3.4.4 - R Core Team)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.15.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.15.0 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.153 - RStudio)
Self-service Plug-in (HKLM-x32\...\{AF80F541-ED94-48B3-9D93-5C3F105D89CF}) (Version: 4.10.1.7 - Citrix Systems, Inc.) Hidden
Shadow of Mordor - GOTY Edition (HKLM-x32\...\Shadow of Mordor - GOTY Edition_is1) (Version: - )
Shadow of Mordor - HD Textures (HKLM-x32\...\Shadow of Mordor - HD Textures_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Ultimate Epic Battle Simulator (HKLM\...\dWx0aW1hdGVlcGljYmF0dGxlc2ltdWxhdG9y_is1) (Version: 1 - )
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\Joel Siskin\AppData\Local\Google\Chrome SxS\Application\67.0.3394.0\notification_helper.exe (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-22] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-22] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CFA664-D530-4091-BF06-FD4B68A75988} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-31] (Advanced Micro Devices, Inc.)
Task: {18ABD856-86C6-45BF-B8C4-BCAAAF39A9F4} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-22] (WinZip)
Task: {4B543C63-06B6-4324-B614-D53C9FEE7B53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {5642AA74-5F2D-44BA-94D5-40F8BCA1DC4A} - System32\Tasks\S-1-5-21-4090326390-2817603738-170678854-1005\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {83363D74-597E-47B4-90B6-6684F1132BEB} - System32\Tasks\bahoguehogue => C:\Program Files (x86)\clarisse\clarisse.exe
Task: {85B9AA31-CC56-4F2F-8176-6179889D3B9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4090326390-2817603738-170678854-1005UA => C:\Users\Joel Siskin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B9084CDD-71EF-4602-8D18-70DFB29C0F62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {DFAB32C0-C07E-4C2A-812D-453BFFD66F9A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2C52CB5-D509-471E-89A0-477A7D525FF5} - System32\Tasks\hogue => C:\Program Files (x86)\clarisse\clarisse.exe
Task: {FCBB406D-6972-466C-9FEA-ACF2D931F874} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4090326390-2817603738-170678854-1005Core => C:\Users\Joel Siskin\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2015-11-03 19:12 - 2015-11-03 19:12 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2018-05-02 19:40 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 22:37 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 22:37 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-26 22:22 - 2018-04-26 22:22 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-26 22:22 - 2018-04-26 22:22 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-26 22:22 - 2018-04-26 22:22 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-26 22:22 - 2018-04-26 22:22 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-11 03:27 - 2018-04-11 01:38 - 004607320 _____ () C:\Users\Joel Siskin\AppData\Local\Google\Chrome SxS\Application\67.0.3394.0\libglesv2.dll
2018-04-11 03:27 - 2018-04-11 01:38 - 000099672 _____ () C:\Users\Joel Siskin\AppData\Local\Google\Chrome SxS\Application\67.0.3394.0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2018-04-11 20:00 - 000002050 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4090326390-2817603738-170678854-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "lunginglunging"
HKLM\...\StartupApproved\Run: => "lunging"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "appealinglyappealingly"
HKLM\...\StartupApproved\Run32: => "appealingly"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\StartupFolder: => "rigatoni.lnk"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\StartupFolder: => "start.bat"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "wows"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "horneyhorney"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "horney"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "evaluatorsevaluators"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "evaluators"
HKU\S-1-5-21-4090326390-2817603738-170678854-1005\...\StartupApproved\Run: => "mcgwire"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{11B51C3E-5055-4065-9F7C-F07432E28ECE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [UDP Query User{36707E03-9F44-4E61-B75E-9750F512048A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe

==================== Restore Points =========================

01-05-2018 21:54:08 Removed League of Legends

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2018 08:22:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/02/2018 08:22:39 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (05/02/2018 08:22:39 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (05/02/2018 08:21:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/02/2018 08:21:50 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (05/02/2018 08:21:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (05/02/2018 07:58:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/02/2018 07:58:06 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

System errors:
=============
Error: (05/02/2018 08:36:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (05/02/2018 08:34:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (05/02/2018 08:33:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OL8MOA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-5OL8MOA\Joel Siskin SID (S-1-5-21-4090326390-2817603738-170678854-1005) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/02/2018 08:32:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (05/02/2018 08:30:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (05/02/2018 08:29:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OL8MOA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-5OL8MOA\Joel Siskin SID (S-1-5-21-4090326390-2817603738-170678854-1005) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/02/2018 08:28:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (05/02/2018 08:26:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5OL8MOA)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2018-04-11 19:05:25.459
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...2/Optiminz.A&threatid=2147725072&enterprise=0
Name: Trojan:Win32/Optiminz.A
ID: 2147725072
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Joel Siskin\AppData\Local\Temp\setup (1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Joel Siskin\Downloads\GraphPad-Prism_7.exe
Signature Version: AV: 1.265.444.0, AS: 1.265.444.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 19:03:46.079
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...etrahere!rfn&threatid=2147725652&enterprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\drivers\rtcoxsdu.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.265.444.0, AS: 1.265.444.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 19:01:23.459
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Win32/Xadupi&threatid=2147709752&enterprise=0
Name: Trojan:Win32/Xadupi
ID: 2147709752
Severity: Severe
Category: Trojan
Path: file:_C:\Users\JOELSI~1\AppData\Local\Temp\PandaViewer\thumbnail.ico
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\JOELSI~1\AppData\Local\Temp\1523491270V0Rtmp.exe
Signature Version: AV: 1.265.444.0, AS: 1.265.444.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-02-11 19:09:36.743
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E7939DEE-E45E-46E9-8279-3FEE31AAC745}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-03 18:39:25.538
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {15BD7D4C-94CB-40BE-B5BF-1388EAC5853E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-05 17:05:18.989
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2018-03-17 07:13:46.878
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.598.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-17 07:13:46.877
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.5.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-17 07:13:46.872
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.598.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-17 07:13:46.872
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.598.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-05-02 19:40:51.245
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Joel Siskin\AppData\Local\Google\Chrome SxS\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 8189.55 MB
Available physical RAM: 6023.36 MB
Total Virtual: 12541.55 MB
Available Virtual: 10407.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.19 GB) (Free:640.81 GB) NTFS

\\?\Volume{7570cbcf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{7570cbcf-0000-0000-0000-a0abe8000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7570CBCF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=848 MB) - (Type=27)

==================== End of Addition.txt ============================

Broni · May 2, 2018

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Joel M Siskin · May 2, 2018

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Joel Siskin (02-05-2018 21:38:29) Run:1
Running from C:\Users\Joel Siskin\Downloads
Loaded Profiles: Joel Siskin (Available Profiles: defaultuser0 & Joel Siskin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4090326390-2817603738-170678854-1005 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
FF Plugin HKU\S-1-5-21-4090326390-2817603738-170678854-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-4090326390-2817603738-170678854-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
2099-09-26 09:01 - 19737-09-26 09:01 - 000174592 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ImAHsHku.exe
2099-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Users\Joel Siskin\eYoyoaeeaYQzO.exe
2018-05-01 15:41 - 2018-05-01 15:41 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\wmsxzoa
2018-04-27 21:12 - 2018-04-27 21:12 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\zasmetu
2018-04-23 19:47 - 2018-04-23 19:47 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\nvhocau
2018-04-22 18:37 - 2018-04-22 18:37 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\mbnhpta
2018-04-21 20:17 - 2018-04-21 20:17 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\iarpnbu
2018-04-11 20:41 - 2018-04-11 20:41 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\dtovawh
2018-04-11 20:23 - 2018-04-11 20:23 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\dwrvmks
2018-04-11 20:15 - 2018-04-11 20:15 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\sekwcip
2018-04-11 20:05 - 2018-04-11 20:05 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\wehozpu
2018-04-11 19:50 - 2018-04-11 19:50 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\lmnvora
2018-04-11 19:41 - 2018-04-11 20:00 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\kcbppkodfjl
2018-04-11 19:41 - 2018-04-11 20:00 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\cl23gqulk21
2018-04-11 19:41 - 2018-04-11 20:00 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\aldtuxzuq4b
2018-04-11 19:30 - 2018-04-14 08:07 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\racteob
2018-04-11 19:30 - 2018-04-11 20:00 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\hsmld4uogv5
2018-04-11 19:30 - 2018-04-11 19:59 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\elerfo4mods
2018-04-11 19:30 - 2018-04-11 19:30 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\wdazhgl
2018-04-11 19:29 - 2018-04-11 19:59 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\yu5rlvcwzc4
2018-04-11 19:29 - 2018-04-11 19:59 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\hbnz4xk0bqk
2018-04-11 19:23 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\wwc1mgk1pxq
2018-04-11 19:23 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\pieedwouymz
2018-04-11 19:23 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\bkcuek2g3qm
2018-04-11 19:14 - 2018-05-01 19:12 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\wmcagent
2018-04-11 19:14 - 2018-04-11 19:25 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\cgkbdis
2018-04-11 19:12 - 2018-05-01 19:12 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\cscruob
2018-04-11 19:12 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\zcq4u1ko2sp
2018-04-11 19:12 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\p3ym3ktaq53
2018-04-11 19:12 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\dalkkromyzs
2018-04-11 19:12 - 2018-04-11 19:12 - 000000000 ____D C:\Users\Joel Siskin\AppData\Local\cwolgix
2018-04-11 19:11 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\ij5dwodm2t3
2018-04-11 19:11 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\g1lticxsyaq
2018-04-11 19:08 - 2018-05-01 15:38 - 002888704 _____ C:\Windows\system32\lmcvhknsvc.exe
2018-04-11 19:05 - 2018-04-11 19:05 - 000000012 _____ C:\Windows\b2111537
2018-04-11 19:04 - 2018-04-11 19:04 - 000003908 _____ C:\Windows\System32\Tasks\hogue
2018-04-11 19:03 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\lbzopji4vuc
2018-04-11 19:03 - 2018-04-11 19:03 - 000003784 _____ C:\Windows\System32\Tasks\bahoguehogue
2018-04-11 19:02 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\n3ypawbxx2m
2018-04-11 19:02 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\cqzcd5qk1eo
2018-04-11 19:02 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\2e0yfjdpujr
2018-04-11 19:02 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\1jxtq0dw2ko
2018-04-11 19:01 - 2018-04-11 19:58 - 000000000 ____D C:\Users\Joel Siskin\AppData\Roaming\wy2j5p23x5n
19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Users\Joel Siskin\eYoyoaeeaYQzO.exe
19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\IEYZ.exe
2018-04-11 19:02 - 2018-04-11 19:02 - 000140800 _____ () C:\Users\Joel Siskin\AppData\Local\installer.dat
2017-12-08 21:06 - 2017-12-08 21:06 - 000007602 _____ () C:\Users\Joel Siskin\AppData\Local\Resmon.ResmonCfg
2018-04-11 19:04 - 2018-04-11 19:04 - 000000003 _____ () C:\Users\Joel Siskin\AppData\Local\wbem.ini
2017-09-08 11:09 - 2018-03-29 17:15 - 000069632 _____ () C:\Users\Joel Siskin\AppData\Local\WebpageIcons.db
2018-05-02 18:47 - 2018-03-13 02:02 - 001954048 _____ (Microsoft Corporation) C:\Users\Joel Siskin\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {83363D74-597E-47B4-90B6-6684F1132BEB} - System32\Tasks\bahoguehogue => C:\Program Files (x86)\clarisse\clarisse.exe
C:\Program Files (x86)\clarisse\clarisse.exe
Task: {DFAB32C0-C07E-4C2A-812D-453BFFD66F9A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2C52CB5-D509-471E-89A0-477A7D525FF5} - System32\Tasks\hogue => C:\Program Files (x86)\clarisse\clarisse.exe
C:\Program Files (x86)\clarisse

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-4090326390-2817603738-170678854-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D825E1D-057D-4728-8F64-0608FB9D5669}" => removed successfully
HKLM\Software\Classes\CLSID\{9D825E1D-057D-4728-8F64-0608FB9D5669} => not found
"HKU\S-1-5-21-4090326390-2817603738-170678854-1005\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll" => not found
"HKU\S-1-5-21-4090326390-2817603738-170678854-1005\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"C:\Users\Joel Siskin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll" => not found
C:\Windows\SysWOW64\ImAHsHku.exe => moved successfully
C:\Users\Joel Siskin\eYoyoaeeaYQzO.exe => moved successfully
C:\Users\Joel Siskin\AppData\Local\wmsxzoa => moved successfully
C:\Users\Joel Siskin\AppData\Local\zasmetu => moved successfully
C:\Users\Joel Siskin\AppData\Local\nvhocau => moved successfully
C:\Users\Joel Siskin\AppData\Local\mbnhpta => moved successfully
C:\Users\Joel Siskin\AppData\Local\iarpnbu => moved successfully
C:\Users\Joel Siskin\AppData\Local\dtovawh => moved successfully
C:\Users\Joel Siskin\AppData\Local\dwrvmks => moved successfully
C:\Users\Joel Siskin\AppData\Local\sekwcip => moved successfully
C:\Users\Joel Siskin\AppData\Local\wehozpu => moved successfully
C:\Users\Joel Siskin\AppData\Local\lmnvora => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\kcbppkodfjl => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\cl23gqulk21 => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\aldtuxzuq4b => moved successfully
C:\Users\Joel Siskin\AppData\Local\racteob => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\hsmld4uogv5 => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\elerfo4mods => moved successfully
C:\Users\Joel Siskin\AppData\Local\wdazhgl => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\yu5rlvcwzc4 => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\hbnz4xk0bqk => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\wwc1mgk1pxq => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\pieedwouymz => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\bkcuek2g3qm => moved successfully
C:\Users\Joel Siskin\AppData\Local\wmcagent => moved successfully
C:\Users\Joel Siskin\AppData\Local\cgkbdis => moved successfully
C:\Users\Joel Siskin\AppData\Local\cscruob => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\zcq4u1ko2sp => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\p3ym3ktaq53 => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\dalkkromyzs => moved successfully
C:\Users\Joel Siskin\AppData\Local\cwolgix => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\ij5dwodm2t3 => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\g1lticxsyaq => moved successfully
C:\Windows\system32\lmcvhknsvc.exe => moved successfully
C:\Windows\b2111537 => moved successfully
C:\Windows\System32\Tasks\hogue => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\lbzopji4vuc => moved successfully
C:\Windows\System32\Tasks\bahoguehogue => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\n3ypawbxx2m => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\cqzcd5qk1eo => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\2e0yfjdpujr => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\1jxtq0dw2ko => moved successfully
C:\Users\Joel Siskin\AppData\Roaming\wy2j5p23x5n => moved successfully
19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Users\Joel Siskin\eYoyoaeeaYQzO.exe => Error: No automatic fix found for this entry.
19737-09-26 09:01 - 19737-09-26 09:01 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\IEYZ.exe => Error: No automatic fix found for this entry.
C:\Users\Joel Siskin\AppData\Local\installer.dat => moved successfully
C:\Users\Joel Siskin\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Joel Siskin\AppData\Local\wbem.ini => moved successfully
C:\Users\Joel Siskin\AppData\Local\WebpageIcons.db => moved successfully
C:\Users\Joel Siskin\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}" => removed successfully
"HKU\S-1-5-21-4090326390-2817603738-170678854-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83363D74-597E-47B4-90B6-6684F1132BEB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83363D74-597E-47B4-90B6-6684F1132BEB}" => removed successfully
"C:\Windows\System32\Tasks\bahoguehogue" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bahoguehogue" => removed successfully
"C:\Program Files (x86)\clarisse\clarisse.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFAB32C0-C07E-4C2A-812D-453BFFD66F9A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAB32C0-C07E-4C2A-812D-453BFFD66F9A}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2C52CB5-D509-471E-89A0-477A7D525FF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C52CB5-D509-471E-89A0-477A7D525FF5}" => removed successfully
"C:\Windows\System32\Tasks\hogue" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hogue" => removed successfully
C:\Program Files (x86)\clarisse => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-05-2018 21:40:14)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 21:40:15 ====

Joel M Siskin · May 2, 2018

I think it worked! Is there a definitive way to test it?

Broni · May 3, 2018

Your computer should be pretty much clean by now

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Joel M Siskin · May 3, 2018

Here is the security check:
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (65.0.3325.181)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Joel M Siskin · May 3, 2018

And FSS:
Farbar Service Scanner Version: 27-01-2016
Ran by Joel Siskin (administrator) on 03-05-2018 at 15:18:57
Running from "C:\Users\Joel Siskin\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Joel M Siskin · May 3, 2018

And, at last, the sophos:

2018-05-03 20:24:37.092 Sophos Virus Removal Tool version 2.6.1
2018-05-03 20:24:37.092 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2018-05-03 20:24:37.092 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-05-03 20:24:37.092 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2018-05-03 20:24:37.092 Checking for updates...
2018-05-03 20:24:37.154 Update progress: proxy server not available
2018-05-03 20:24:49.280 Option all = no
2018-05-03 20:24:49.280 Option recurse = yes
2018-05-03 20:24:49.321 Option archive = no
2018-05-03 20:24:49.321 Option service = yes
2018-05-03 20:24:49.321 Option confirm = yes
2018-05-03 20:24:49.321 Option sxl = yes
2018-05-03 20:24:49.321 Option max-data-age = 35
2018-05-03 20:24:49.322 Option vdl-logging = yes
2018-05-03 20:24:49.354 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-03 20:24:49.354 Machine ID: 26c0ecb0a3a245e0ab8c08431e58bc0e
2018-05-03 20:24:49.367 Component SVRTcli.exe version 2.6.1
2018-05-03 20:24:49.367 Component control.dll version 2.6.1
2018-05-03 20:24:49.367 Component SVRTservice.exe version 2.6.1
2018-05-03 20:24:49.367 Component engine\osdp.dll version 1.44.1.2286
2018-05-03 20:24:49.367 Component engine\veex.dll version 3.68.6.2286
2018-05-03 20:24:49.367 Component engine\savi.dll version 9.0.7.2286
2018-05-03 20:24:49.380 Component rkdisk.dll version 1.5.31.1
2018-05-03 20:24:49.380 Version info: Product version 2.6.1
2018-05-03 20:24:49.381 Version info: Detection engine 3.68.6
2018-05-03 20:24:49.381 Version info: Detection data 5.46
2018-05-03 20:24:49.381 Version info: Build date 11/28/2017
2018-05-03 20:24:49.381 Version info: Data files added 746
2018-05-03 20:24:49.381 Version info: Last successful update (not yet updated)
2018-05-03 20:24:54.211 Downloading updates...
2018-05-03 20:24:54.211 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE551 LATEST path= baseVersion= [included from product IDE550 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE551 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE551 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE552 LATEST path= baseVersion= [included from product IDE551 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE552 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE552 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I49502] sdds.data0910.xml: found supplement IDE553 LATEST path= baseVersion= [included from product IDE552 LATEST path=]
2018-05-03 20:24:54.211 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE553 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE553 LATEST path=
2018-05-03 20:24:54.211 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-03 20:24:54.527 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-05-03 20:24:54.527 Update progress: [I19463] Product download size 178991033 bytes
2018-05-03 20:24:58.666 Update progress: [I19463] Syncing product IDE547 LATEST path=
2018-05-03 20:24:58.666 Update progress: [I19463] Product download size 4521286 bytes
2018-05-03 20:25:00.046 Update progress: [I19463] Syncing product IDE548 LATEST path=
2018-05-03 20:25:00.046 Update progress: [I19463] Product download size 3541768 bytes
2018-05-03 20:25:01.169 Update progress: [I19463] Syncing product IDE549 LATEST path=
2018-05-03 20:25:01.169 Update progress: [I19463] Product download size 4830037 bytes
2018-05-03 20:25:02.500 Update progress: [I19463] Syncing product IDE550 LATEST path=
2018-05-03 20:25:02.500 Update progress: [I19463] Product download size 2760469 bytes
2018-05-03 20:25:03.242 Update progress: [I19463] Syncing product IDE551 LATEST path=
2018-05-03 20:25:03.242 Update progress: [I19463] Product download size 2676611 bytes
2018-05-03 20:25:11.490 Update progress: [I19463] Syncing product IDE552 LATEST path=
2018-05-03 20:25:11.490 Update progress: [I19463] Product download size 1430816 bytes
2018-05-03 20:25:14.781 Update progress: [I19463] Syncing product IDE553 LATEST path=
2018-05-03 20:25:14.882 Installing updates...
2018-05-03 20:25:15.687 Error level 1
2018-05-03 20:25:30.528 Update successful
2018-05-03 20:25:42.495 Option all = no
2018-05-03 20:25:42.495 Option recurse = yes
2018-05-03 20:25:42.495 Option archive = no
2018-05-03 20:25:42.495 Option service = yes
2018-05-03 20:25:42.495 Option confirm = yes
2018-05-03 20:25:42.495 Option sxl = yes
2018-05-03 20:25:42.497 Option max-data-age = 35
2018-05-03 20:25:42.497 Option vdl-logging = yes
2018-05-03 20:25:42.509 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-03 20:25:42.509 Machine ID: 26c0ecb0a3a245e0ab8c08431e58bc0e
2018-05-03 20:25:42.509 Component SVRTcli.exe version 2.6.1
2018-05-03 20:25:42.509 Component control.dll version 2.6.1
2018-05-03 20:25:42.510 Component SVRTservice.exe version 2.6.1
2018-05-03 20:25:42.510 Component engine\osdp.dll version 1.44.1.2286
2018-05-03 20:25:42.510 Component engine\veex.dll version 3.68.6.2286
2018-05-03 20:25:42.510 Component engine\savi.dll version 9.0.7.2286
2018-05-03 20:25:42.510 Component rkdisk.dll version 1.5.31.1
2018-05-03 20:25:42.510 Version info: Product version 2.6.1
2018-05-03 20:25:42.511 Version info: Detection engine 3.68.6
2018-05-03 20:25:42.511 Version info: Detection data 5.46
2018-05-03 20:25:42.511 Version info: Build date 11/28/2017
2018-05-03 20:25:42.512 Version info: Data files added 866
2018-05-03 20:25:42.512 Version info: Last successful update 5/3/2018 3:25:30 PM

2018-05-03 20:40:38.961 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll
2018-05-03 20:40:41.712 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll
2018-05-03 21:13:33.456 >>> Virus 'Mal/GandCrab-B' found in file C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe
2018-05-03 21:30:43.871 Could not open C:\hiberfil.sys
2018-05-03 21:30:43.871 Could not open C:\pagefile.sys
2018-05-03 21:39:39.142 Could not open C:\swapfile.sys
2018-05-03 21:39:39.314 Could not open C:\System Volume Information\{32464514-4e7b-11e8-a01d-1c1b0dd07263}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-03 21:39:39.314 Could not open C:\System Volume Information\{324647d7-4e7b-11e8-a01d-1c1b0dd07263}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-03 21:39:39.314 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-03 21:39:39.314 Could not open C:\System Volume Information\{724103b1-4db1-11e8-a016-1c1b0dd07263}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-05-03 22:06:39.054 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2018-05-03 22:06:43.710 Could not open C:\Windows\System32\config\BBI
2018-05-03 22:06:44.089 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-05-03 22:06:44.089 Could not open C:\Windows\System32\config\RegBack\SAM
2018-05-03 22:06:44.089 Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-05-03 22:06:44.104 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-05-03 22:06:44.104 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-05-04 01:12:49.533 Could not open LOGICAL:0003:00000000
2018-05-04 01:12:49.544 Could not open D:\
2018-05-04 01:12:49.791 The following items will be cleaned up:
2018-05-04 01:12:49.791 Mal/VMProtBad-A
2018-05-04 01:12:49.791 Mal/VMProtBad-A
2018-05-04 01:12:49.791 Mal/GandCrab-B
2018-05-04 03:47:06.213 Installed boot task components.

2018-05-04 03:47:08.352 The computer must be restarted in order to complete the cleanup.
2018-05-04 03:47:08.455 Error level 5
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/GandCrab-B: RenameFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/GandCrab-B: DriverDeleteDriverKey "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/GandCrab-B: DeleteFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe.SHS"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/GandCrab-B: DeleteFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/VMProtBad-A: RenameFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/VMProtBad-A: DriverDeleteDriverKey "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll.SHS"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:47:08.607 Cleanup on restart pending for Mal/VMProtBad-A: RenameFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"
2018-05-04 03:47:08.608 Cleanup on restart pending for Mal/VMProtBad-A: DriverDeleteDriverKey "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"
2018-05-04 03:47:08.608 Cleanup on restart pending for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll.SHS"
2018-05-04 03:47:08.608 Cleanup on restart pending for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"

2018-05-04 03:47:24.388 Scan completed.
2018-05-04 03:47:24.388

------------------------------------------------------------

2018-05-04 03:49:40.758 Sophos Virus Removal Tool version 2.6.1
2018-05-04 03:49:40.759 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2018-05-04 03:49:40.759 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-05-04 03:49:40.759 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2018-05-04 03:49:40.760 Checking for updates...
2018-05-04 03:49:40.900 Update progress: proxy server not available
2018-05-04 03:50:44.692 Downloading updates...
2018-05-04 03:50:44.700 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
2018-05-04 03:50:44.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE551 LATEST path= baseVersion= [included from product IDE550 LATEST path=]
2018-05-04 03:50:44.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE551 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE551 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I49502] sdds.data0910.xml: found supplement IDE552 LATEST path= baseVersion= [included from product IDE551 LATEST path=]
2018-05-04 03:50:44.701 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE552 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE552 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I49502] sdds.data0910.xml: found supplement IDE553 LATEST path= baseVersion= [included from product IDE552 LATEST path=]
2018-05-04 03:50:44.701 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE553 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE553 LATEST path=
2018-05-04 03:50:44.701 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-05-04 03:50:45.330 Option all = no
2018-05-04 03:50:45.330 Option recurse = yes
2018-05-04 03:50:45.330 Option archive = no
2018-05-04 03:50:45.330 Option service = yes
2018-05-04 03:50:45.330 Option confirm = yes
2018-05-04 03:50:45.330 Option sxl = yes
2018-05-04 03:50:45.333 Option max-data-age = 35
2018-05-04 03:50:45.333 Option vdl-logging = yes
2018-05-04 03:50:45.365 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-04 03:50:45.365 Machine ID: 26c0ecb0a3a245e0ab8c08431e58bc0e
2018-05-04 03:50:45.471 Component SVRTcli.exe version 2.6.1
2018-05-04 03:50:45.471 Component control.dll version 2.6.1
2018-05-04 03:50:45.471 Component SVRTservice.exe version 2.6.1
2018-05-04 03:50:45.471 Component engine\osdp.dll version 1.44.1.2286
2018-05-04 03:50:45.471 Component engine\veex.dll version 3.68.6.2286
2018-05-04 03:50:45.471 Component engine\savi.dll version 9.0.7.2286
2018-05-04 03:50:45.600 Component rkdisk.dll version 1.5.31.1
2018-05-04 03:50:45.610 Version info: Product version 2.6.1
2018-05-04 03:50:45.611 Version info: Detection engine 3.68.6
2018-05-04 03:50:45.611 Version info: Detection data 5.46
2018-05-04 03:50:45.611 Version info: Build date 11/28/2017
2018-05-04 03:50:45.611 Version info: Data files added 866
2018-05-04 03:50:45.611 Version info: Last successful update 5/3/2018 3:25:30 PM
2018-05-04 03:51:00.363 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-05-04 03:51:04.171 Update progress: [I19463] Syncing product IDE547 LATEST path=
2018-05-04 03:51:06.678 Update progress: [I19463] Syncing product IDE548 LATEST path=
2018-05-04 03:51:08.971 Update progress: [I19463] Syncing product IDE549 LATEST path=
2018-05-04 03:51:10.329 Update progress: [I19463] Syncing product IDE550 LATEST path=
2018-05-04 03:51:11.813 Update progress: [I19463] Syncing product IDE551 LATEST path=
2018-05-04 03:51:12.893 Update progress: [I19463] Syncing product IDE552 LATEST path=
2018-05-04 03:51:12.893 Update progress: [I19463] Product download size 28807 bytes
2018-05-04 03:51:12.961 Update progress: [I19463] Syncing product IDE553 LATEST path=
2018-05-04 03:51:13.193 Installing updates...
2018-05-04 03:51:13.822 Error level 1
2018-05-04 03:51:14.598 Update successful
2018-05-04 03:51:26.247 Option all = no
2018-05-04 03:51:26.247 Option recurse = yes
2018-05-04 03:51:26.247 Option archive = no
2018-05-04 03:51:26.247 Option service = yes
2018-05-04 03:51:26.247 Option confirm = yes
2018-05-04 03:51:26.247 Option sxl = yes
2018-05-04 03:51:26.251 Option max-data-age = 35
2018-05-04 03:51:26.251 Option vdl-logging = yes
2018-05-04 03:51:26.266 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-05-04 03:51:26.266 Machine ID: 26c0ecb0a3a245e0ab8c08431e58bc0e
2018-05-04 03:51:26.267 Component SVRTcli.exe version 2.6.1
2018-05-04 03:51:26.267 Component control.dll version 2.6.1
2018-05-04 03:51:26.267 Component SVRTservice.exe version 2.6.1
2018-05-04 03:51:26.267 Component engine\osdp.dll version 1.44.1.2286
2018-05-04 03:51:26.268 Component engine\veex.dll version 3.68.6.2286
2018-05-04 03:51:26.268 Component engine\savi.dll version 9.0.7.2286
2018-05-04 03:51:26.268 Component rkdisk.dll version 1.5.31.1
2018-05-04 03:51:26.268 Version info: Product version 2.6.1
2018-05-04 03:51:26.270 Version info: Detection engine 3.68.6
2018-05-04 03:51:26.270 Version info: Detection data 5.46
2018-05-04 03:51:26.270 Version info: Build date 11/28/2017
2018-05-04 03:51:26.270 Version info: Data files added 867
2018-05-04 03:51:26.270 Version info: Last successful update 5/3/2018 10:51:14 PM
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/GandCrab-B: RenameFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/GandCrab-B: DriverDeleteDriverKey "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/GandCrab-B: DeleteFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe.SHS"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/GandCrab-B: DeleteFile "\\?\C:\Program Files (x86)\CompanyExpertChange\ExpertChange\abama.exe"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: RenameFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DriverDeleteDriverKey "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll.SHS"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x64\steam_api.dll"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: RenameFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DriverDeleteDriverKey "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll.SHS"
2018-05-04 03:51:26.321 Cleanup on restart completed for Mal/VMProtBad-A: DeleteFile "\\?\C:\Users\Joel Siskin\Downloads\They.Are.Billions.v0.5.0.30\They Are Billions\x86\steam_api.dll"
2018-05-04 03:51:26.322 All cleanup on restart operations completed successfully.

Joel M Siskin · May 3, 2018

Broni, this looks like it has worked brilliantly!!! Thank you so much for your guidance and patience! I'll wait for your final clean bill of health, but it appears to be a success!

Broni · May 4, 2018

Great news!!

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

Broni · May 7, 2018

The issue seems to be resolved.

Solved Not sure what fixlist.txt file I need

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Attachments

Joel M Siskin

Posts: 22 +0

Joel M Siskin

Posts: 22 +0

Broni

Posts: 56,041 +516

Joel M Siskin

Posts: 22 +0

Joel M Siskin

Posts: 22 +0

Joel M Siskin

Posts: 22 +0

Joel M Siskin

Posts: 22 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts