Inactive-A Can't run Fabar tool properly

cableman · Jun 14, 2018

I downloaded new version and it wouldn't update but it could have already been the current version so I didn't think that much of it. It did run the scan and create the logs but when I clicked on fix a pop up said the fix file wasn't found. I created a new folder just for this program and the logs were there so I will post them, I may have to make 2 posts to include it all.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Cableman (administrator) on CABLEMAN-PC (14-06-2018 21:20:57)
Running from C:\Users\Cableman\Desktop\Fabar Tool
Loaded Profiles: Cableman (Available Profiles: Cableman)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Logitech Inc.) E:\program Files\LWS\Webcam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => E:\program Files\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-01-21] (Siber Systems)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [GoogleChromeAutoLaunch_120C8E25DCD7D41020BE63147FD61AA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1586008 2018-05-14] (Google Inc.)
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{556A0634-C59C-448B-8E03-E2392A335438}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{55D76FDF-660D-4311-80DF-7F798AE0F150}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> DefaultScope {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)

FireFox:
========
FF DefaultProfile: orqz79o3.default-1479538638542-1528069793611
FF DefaultProfile: cableman@bellsouth.net
FF ProfilePath: C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 [2018-06-14]
FF user.js: detected! => C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\user.js [2018-06-14]
FF NetworkProxy: Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 -> type", 0
FF Extension: (AdBlocker Ultimate) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\adblockultimate@adblockultimate.net.xpi [2018-06-14]
FF Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\rf-firefox@siber.com.xpi [2018-06-06]
FF Extension: (Ad-Blocker) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2018-06-06]
FF Extension: (Adblock Plus) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-06-14]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\features\{653fd210-8bf6-4d79-85a1-5bfabda0e2f4}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-23] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
StartMenuInternet: Firefox-C781389E15BFD1A7 - E:\program Files\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/webhp?source=search_app"
CHR NewTab: Default -> Active:"chrome-extension://ohdphinnjkbfgimbcpdjdigbbkmngcge/newtab.html"
CHR Profile: C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default [2018-06-14]
CHR Extension: (Slides) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-23]
CHR Extension: (Sheets) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-28]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-06-10]
CHR Extension: (filmsApp Search) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp [2017-09-27]
CHR Extension: (SearchLock) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn [2018-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (SearchLock Tab) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge [2017-09-27]
CHR Extension: (Gmail) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-13]
CHR Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-04-24]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]
CHR HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-07] (Bitdefender)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [239400 2018-06-07] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [239400 2018-06-07] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [239400 2018-06-07] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1283464 2018-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1723552 2018-05-13] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [152648 2018-05-13] (Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [246064 2018-05-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [189544 2018-05-13] (BitDefender LLC)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [607640 2018-05-13] (Bitdefender)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-10] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-10] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-10] ()
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 21:19 - 2018-06-14 21:20 - 000000000 ____D C:\Users\Cableman\Desktop\Fabar Tool
2018-06-14 21:02 - 2018-06-14 21:18 - 000040160 _____ C:\Users\Cableman\Desktop\Addition.txt
2018-06-14 21:01 - 2018-06-14 21:18 - 000024978 _____ C:\Users\Cableman\Desktop\FRST.txt
2018-06-14 20:38 - 2018-06-14 20:38 - 000007605 _____ C:\Users\Cableman\AppData\Local\Resmon.ResmonCfg
2018-06-11 09:53 - 2018-06-11 09:53 - 000000000 ____D C:\MFT 175238
2018-06-11 09:40 - 2018-06-11 09:40 - 000000000 ____D C:\MFT 486
2018-06-11 04:43 - 2018-06-11 04:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-06 19:45 - 2018-06-06 19:45 - 000000000 ____D C:\Program Files\Common Files\Avast Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 21:20 - 2018-01-13 18:54 - 000000000 ____D C:\FRST
2018-06-14 21:20 - 2017-02-16 15:49 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-06-14 21:00 - 2016-11-20 09:07 - 000000000 ____D C:\Users\Cableman\AppData\LocalLow\Mozilla
2018-06-14 04:39 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-14 04:39 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 21:38 - 2017-05-28 15:20 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-13 21:38 - 2017-05-28 15:20 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-13 02:03 - 2018-05-08 01:04 - 000000000 ____D C:\Users\Cableman\Desktop\Black Powder Facts & Tips
2018-06-13 02:00 - 2014-11-05 06:18 - 000000000 ____D C:\Users\Cableman\AppData\Local\Adobe
2018-06-11 14:27 - 2009-07-14 01:13 - 000796254 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-11 14:27 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-06-11 14:22 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-11 14:21 - 2017-05-28 15:19 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-11 14:21 - 2017-05-28 15:19 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-11 11:39 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-06-11 09:16 - 2014-11-04 18:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-11 04:43 - 2017-10-16 09:23 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-11 04:43 - 2017-10-16 09:23 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-11 04:43 - 2017-10-16 09:23 - 000000866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk~RF3d9b7be.TMP
2018-06-10 10:46 - 2018-04-06 01:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-06-10 10:46 - 2015-12-03 17:47 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-07 04:14 - 2017-06-23 11:02 - 001283464 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2018-06-06 22:32 - 2016-07-06 22:33 - 000000406 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2018-06-06 19:45 - 2015-12-03 17:47 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-06-05 18:12 - 2016-02-25 01:23 - 000000000 ____D C:\Users\Cableman\AppData\Local\Microsoft Games
2018-06-03 19:49 - 2014-12-03 04:34 - 000000000 ____D C:\Users\Cableman\Desktop\Old Firefox Data
2018-06-03 06:56 - 2014-12-09 23:03 - 000000000 ____D C:\Users\Cableman\AppData\Local\ElevatedDiagnostics
2018-05-26 02:42 - 2015-02-08 15:37 - 000007891 _____ C:\Windows\BRRBCOM.INI
2018-05-22 14:17 - 2017-11-04 14:28 - 000000000 ____D C:\Users\Cableman\Desktop\Soldiers Inc
2018-05-19 01:17 - 2015-07-17 08:36 - 000000000 ____D C:\Users\Cableman\AppData\Local\CrashDumps
2018-05-15 13:24 - 2017-10-16 08:54 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-15 13:24 - 2014-11-05 06:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-15 13:24 - 2014-11-05 06:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-15 13:24 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-15 13:24 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2018-06-14 20:38 - 2018-06-14 20:38 - 000007605 _____ () C:\Users\Cableman\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 06:00

==================== End of FRST.txt ============================

cableman · Jun 14, 2018

Here is the addition txt. My ram is at an all time high of use and I am not running anything to use that much, it has never been that high

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Cableman (14-06-2018 21:21:24)
Running from C:\Users\Cableman\Desktop\Fabar Tool
Windows 7 Ultimate Service Pack 1 (X64) (2014-11-04 22:03:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-472246324-4182351025-1742220698-500 - Administrator - Disabled)
ASPNET (S-1-5-21-472246324-4182351025-1742220698-1002 - Limited - Enabled)
Cableman (S-1-5-21-472246324-4182351025-1742220698-1000 - Administrator - Enabled) => C:\Users\Cableman
Guest (S-1-5-21-472246324-4182351025-1742220698-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.5.14 - Bitdefender)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3A8008D5-C834-1CA9-68CB-E9F49F0AB120}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{884596CF-79B1-13A0-7334-563BB3A75F45}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{223D250A-AABB-A9AA-7D07-7FA086D7BF62}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{58714532-951F-0C3A-8860-2ED7411C6D85}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D89886C-1BC7-978A-7790-BDF741552029}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C2E207A0-6375-140A-3170-50737EB32D29}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{FF8A9A91-1E72-EE4A-04DA-6E7F65CB626D}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{78B5E5BC-C2B2-3439-0750-C9FC7AAE173B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{28B38E4C-1FCC-0AB9-F2CE-7079DF8CF8A5}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{6CD61388-4F40-E91A-17A1-E821F0BB92E1}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{F38E5A65-9C76-3757-9D69-672FACA088D4}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{994B3C1F-F48C-B29E-D88A-06322D70B45C}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7C42C52E-DFF2-8BD6-5134-DCB5FBB8A5EE}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3372CE65-1178-B53F-C228-254C7F7F118F}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{80C20F9B-C28F-E3ED-726C-86BFC24EEE3B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{16FC5B97-5AC3-056E-1A1B-FF36B790575E}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D955A619-B0BA-FB07-0590-675FA7A127CF}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{686AF1D4-4D23-8115-9968-FE32775067C8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{168E9C24-F28F-D630-74BB-4F4D66CFC871}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{66F96B6D-33A7-938C-2910-CA9C76E00742}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{59546E97-8B2F-0F51-5191-BF19438164A8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Electrum-LTC (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Electrum-LTC) (Version: 2.6.4.2 - Electrum Technologies GmbH)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Quick JPEG Image Resize and Crop (HKLM-x32\...\{2FDB98BE-6E6D-4543-A5FD-C4ABB6214FC9}) (Version: 1.0.0 - zzornixnet)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
RoboForm 7-9-31-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-31-1 - Siber Systems)
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SWvape 1.10 (HKLM-x32\...\SWvape) (Version: 1.10 - SnowWolf)
TuneUp Utilities 2012 (HKLM-x32\...\{32364CEA-7855-4A3C-B674-53D8E9B97936}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2012.117 - TuneUp Software)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\WinDirStat) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [2011-10-12] (TuneUp Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {109A5B93-6535-4C9D-A4DA-88CDF83D241E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-06] (AVAST Software)
Task: {152B9F39-8139-40DD-A58D-D27AF5DACF33} - System32\Tasks\{322D0C4F-6480-4025-A220-F0062D278362} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u73-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {312BD938-A0D2-49C1-8F08-98BB9C922F0C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {3A2ADC24-413D-43FD-8E05-7E665859EADD} - System32\Tasks\{F795EA66-7CC9-4721-A632-F337E6C71C2E} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\Downloads\install_easyshare.exe -d C:\Users\Cableman\Downloads
Task: {42B3AA22-C1A9-4279-9003-7D1ED44DAFAF} - System32\Tasks\EasyShare Registration Task => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {44CD2235-AC3A-43DE-854F-99E8818FFE85} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMJLLMKMJLNMGMHMHMCNJMKMLMNMCNKLKLNMNLCNJMMLKMNLCNJMJLLMKLJLNMNLLMGMKLGMPMJNJICMIMCNGMCNMMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMKMIMIMJNHICMEKMICNJJCKJNBJCMFLAJMIKJPIHJPNKLNIGJMJPNMKCJGJLIHJJNKJC (the data entry has 70 more characters).
Task: {4B72D81B-F319-4BFC-9694-17730164B605} - System32\Tasks\{F8033A37-DF19-4014-B889-46CCB2539EE0} => C:\Windows\system32\pcalua.exe -a "E:\Downloads (E Disc)\install_easyshare(1).exe" -d "E:\Downloads (E Disc)"
Task: {5002D0C5-E624-4A6B-9D07-D7C150AA455C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {64954FCB-9E4D-4945-B25F-DB30E4695707} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {65EE791C-C81A-492F-A1E4-2AEE37009A3E} - System32\Tasks\{BD660FDA-AFB1-4B27-8172-4C24A4C63963} => C:\Windows\system32\pcalua.exe -a D:\CH340SER.EXE -d D:\
Task: {91C3AC90-3654-4096-ADA4-A26AE459A896} - System32\Tasks\AdobeAAMUpdater-1.0-Cableman-PC-Cableman => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {9F9EC7CA-5947-4698-AFB7-E39FDD15A238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {AE65B875-E28C-4E90-854F-75FF535C7284} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {B481C4E9-274C-4DEF-8EBB-0FDA8DD94524} - System32\Tasks\{533492E2-CD07-432B-A8E0-FACBCFBD7843} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B4B19044-AC51-404E-AF6B-9F97D9F36921} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C72DA0F5-4F9E-4E92-B14C-4C45F7F68884} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {CEF6C372-4F49-4753-B256-FC506596628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {FEA6FB26-2A04-401D-8421-8DDAA5802B80} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-01-21] (Siber Systems)
Task: {FF1B02A6-A51A-448D-83C3-E1DFD26D22FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EasyShare Registration Task.job => rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-16 15:50 - 2018-06-07 04:14 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-08 08:26 - 2018-05-08 08:26 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpbr.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpdsp.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpph.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttprbl.mdl
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
2018-05-15 16:31 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-15 16:31 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-06-06 17:51 - 2018-06-04 11:28 - 031282688 _____ () C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () E:\program Files\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () E:\program Files\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () E:\program Files\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () E:\program Files\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () E:\program Files\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\atieclxx.exe:BDU [1]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-11-01 03:28 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-472246324-4182351025-1742220698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: uTorrent => "C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C7382027-A9BF-4D07-AFA6-DDEFA1635802}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{C1DAFF23-EFB9-4852-9915-B90F6C08BA69}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{21D54765-7A5C-4E3E-932E-BCC9321E312E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B097CEAA-E65F-49B6-85C8-14D3E043372B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{26DD1240-1DCA-42FC-8793-C174A17D21E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E98B12FE-3D80-4A82-B470-8A820646A251}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D62B1FDB-4A70-4182-B4E8-B282DAB11F21}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6F0D7993-2FFE-4A3D-831D-53580720A851}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{65EEB2D1-6FEA-4F74-81C9-6C2158A7F532}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{30ED9D58-7207-41EB-80C3-FAFB0A273E93}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9C1323C5-36FC-45AE-AEE9-28A550A0A2CB}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{771A8BF9-EEE3-4159-A240-AE96F503E6C5}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{FA91D765-D533-49D5-AD9A-4C9A090E6771}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C78E8A1C-75DB-4D1D-AEE0-DBD404503420}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{48484C7B-449A-428F-B3FE-DB40F11FF40F}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [UDP Query User{CF038AFA-E209-468A-BA1A-4FD2608AEFA5}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [TCP Query User{598106F8-600A-4FC3-B4A3-13AAABAD17B0}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{02B76AC4-612A-48E2-828A-16F697FD180D}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{9869A8DB-C760-41F4-8E6E-E243F5AF85EA}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{76FB027D-7030-4E9B-9FBE-516C0699C0EE}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{4C1D1CDE-E28D-41C5-A754-5001BC608C45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8A237AD-3182-4ACE-8256-44C5B69CE780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF25AADD-7DCD-4AF8-9E7B-4FE25DF957EF}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{09037A23-2BEE-4BC0-A3D9-FD3DEAB69505}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{F48CEC36-D19D-446D-8FEF-8E188B99FAD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-06-2018 11:45:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2018 02:24:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].

Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].

Operation:
Obtain a callable interface for this provider
Check If Volume Is Supported by Provider

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: 0
Execution Context: Coordinator
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volume Name: \\?\Volume{c9a29848-648d-11e4-a990-806e6f6e6963}\

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
Obtain a callable interface for this provider
Check If Volume Is Supported by Provider

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: 0
Execution Context: Coordinator
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volume Name: \\?\Volume{c9a29848-648d-11e4-a990-806e6f6e6963}\

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].

Operation:
Obtain a callable interface for this provider
Check If Volume Is Supported by Provider

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: 0
Execution Context: Coordinator
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volume Name: \\?\Volume{691332b8-b9be-11e4-9f2a-0023ae846f78}\

Error: (06/11/2018 11:48:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
Obtain a callable interface for this provider
Check If Volume Is Supported by Provider

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: 0
Execution Context: Coordinator
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volume Name: \\?\Volume{691332b8-b9be-11e4-9f2a-0023ae846f78}\

Error: (06/11/2018 09:18:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (06/13/2018 08:15:18 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/13/2018 08:15:15 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/13/2018 08:15:13 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/13/2018 08:15:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/11/2018 02:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atc
UimBus
Uim_DEVIM
Uim_IM

Error: (06/11/2018 02:22:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847 = The requested address is not valid in its context.

Error: (06/11/2018 09:16:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atc
UimBus
Uim_DEVIM
Uim_IM

Error: (06/11/2018 09:16:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847 = The requested address is not valid in its context.

Windows Defender:
===================================
Date: 2016-05-05 03:12:44.749
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.219.648.0
Engine version:1.1.12706.0

Date: 2016-04-30 02:43:47.991
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-03-30 06:08:38.359
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.217.23.0
Engine version:1.1.12603.0

CodeIntegrity:
===================================

Date: 2016-11-01 03:28:26.924
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.846
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.706
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.628
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.894
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.792
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.695
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 32765.66 MB
Available physical RAM: 21942.02 MB
Total Virtual: 65529.5 MB
Available Virtual: 53532.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:24.85 GB) NTFS
Drive d: (Blue Crush) (CDROM) (Total:1.97 GB) (Free:0 GB) UDF
Drive e: (New Volume) (Fixed) (Total:232.83 GB) (Free:207.56 GB) NTFS

\\?\Volume{c9a29847-648d-11e4-a990-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2C0BAB62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 23982539)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Jun 14, 2018

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

First of all to run a fix you need to create a script. Assuming you're not familiar with how FRST works such script can only be created by me.

Secondly, you're not saying what's wrong with your computer.

cableman · Jun 15, 2018

I have a gauge on my desktop that monitors cpu usage and memory usage. The last couple of days the memory usage has gone up to over half and it never goes over 12%. Also in my defense, I was following the instructions on your website on what to run before posting.

Broni · Jun 15, 2018

Those instructions ask only for running scan not any fixes...

In any case...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

cableman · Jun 17, 2018

I have finished running the Rogue Killer program and here is the resulting log. The other logs will follow.

RogueKiller V12.12.21.0 (x64) [Jun 11 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cableman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/17/2018 18:52:57 (Duration : 00:46:27)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\Cableman\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Cableman\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Cableman\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: DREVO X1 SSD ATA Device +++++
--- User ---
[MBR] b94acabeb7afa9f7f746c1aeb661aef4
[BSP] fee4b8c015ddb781f619a422882acf0f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114370 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 46a82c0c693a56b88ea2ffa8ed812859
[BSP] ef24a8f7d405a17b654ef10fe0e82727 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238416 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

cableman · Jun 17, 2018

After running the malwarebytes program it wouldn't just let me delete the infected files, I had to quarantine them and then I was allowed to delete them from quarantine. Here is the log :

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/17/18
Scan Time: 9:14 PM
Log File: eaf21968-7294-11e8-b8b9-0023cdb0c4c0.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5522
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cableman-PC\Cableman

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277300
Threats Detected: 133
Threats Quarantined: 133
Time Elapsed: 1 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 35
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\pt_BR, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\de, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\en, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\es, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\fr, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_metadata, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\html, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\css, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\img, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KFDPGMEOACDOADGANNNOAJMNBODCFMBN, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\fonts, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\inject, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\_metadata, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\bg, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OHDPHINNJKBFGIMBCPDJDIGBBKMNGCGE, Quarantined, [311], [437656],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\official, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\_metadata, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\vertical, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\images, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPECGIPLLFOEBEMNLOKPLDFICKNLFBCP, Quarantined, [14310], [450917],1.0.5522

File: 98
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\css\popup.css, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\css\protect.css, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\html\popup.html, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons\icon128.png, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons\icon16.png, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons\icon19.png, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons\icon38.png, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\icons\icon48.png, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\img\logo.svg, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js\background.js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js\manifest.js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js\popup.js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js\protect.js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\js\vendor.js, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\de\messages.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\en\messages.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\es\messages.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\fr\messages.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_locales\pt_BR\messages.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\_metadata\verified_contents.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn\1.0.5_0\manifest.json, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\000003.log, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\CURRENT, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\LOCK, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\LOG, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\LOG.old, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kfdpgmeoacdoadgannnoajmnbodcfmbn\MANIFEST-000001, Quarantined, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [311], [437654],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons\icon128.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons\icon16.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons\icon19.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons\icon32.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\icons\icon48.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\fonts\glyphicons-halflings-regular.ttf, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\fonts\glyphicons-halflings-regular.woff, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\bootstrap.min.css, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\bootstrap.min.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\document.svg, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\gnotif.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\ico_search.svg, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\jquery-3.2.1.min.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\logo_hp.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\search.css, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\searchicon.png, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\settings.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\suggestions.index.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\typeahead.bundle.min.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab_assets\typeahead.css, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\bg\background.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\inject\attribution.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\inject\searchlock.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\src\js\feedback.js, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\_metadata\verified_contents.json, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\browser_action.html, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\feedback.html, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\manifest.json, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdphinnjkbfgimbcpdjdigbbkmngcge\1.0.1_0\newtab.html, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\000003.log, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\CURRENT, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\LOCK, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\LOG, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\LOG.old, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ohdphinnjkbfgimbcpdjdigbbkmngcge\MANIFEST-000001, Quarantined, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [311], [437656],1.0.5522
PUP.Optional.SearchLock, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [311], [437656],1.0.5522
PUP.Optional.GoMovix.Generic, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\USERS\CABLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPECGIPLLFOEBEMNLOKPLDFICKNLFBCP\1.0.0_0\MANIFEST.JSON, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\material-icons.css, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\css\style.css, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\images\icon128.png, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\images\icon16.png, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\images\icon38.png, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\official\bootstrap.min.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\official\jquery.min.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\official\material.min.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\base.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\init.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\js\main.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\vertical\440x280.jpg, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\vertical\init.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\vertical\pop.js, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\_metadata\verified_contents.json, Quarantined, [14310], [450917],1.0.5522
PUP.Optional.GoMovix.Generic, C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpecgipllfoebemnlokpldficknlfbcp\1.0.0_0\popup.html, Quarantined, [14310], [450917],1.0.5522

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

cableman · Jun 17, 2018

And finally the log from adwcleaner, it seems to be in two parts so I included them both :

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-15.3
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-17-2018
# Duration: 00:00:01
# OS: Windows 7 Ultimate
# Cleaned: 4
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-15.3
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-17-2018
# Duration: 00:00:21
# OS: Windows 7 Ultimate
# Scanned: 41236
# Detected: 4

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1505 octets] - [17/06/2018 21:36:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Broni · Jun 17, 2018

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Broni · Jun 22, 2018

Still with me?

Broni · Jun 27, 2018

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Can't run Fabar tool properly

cableman

Posts: 274 +0

cableman

Posts: 274 +0

Broni

Posts: 56,041 +516

cableman

Posts: 274 +0

Broni

Posts: 56,041 +516

cableman

Posts: 274 +0

cableman

Posts: 274 +0

cableman

Posts: 274 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts