Jump to content


Photo

not a valid win32 application

win32

  • You cannot start a new topic
  • Please log in to reply
19 replies to this topic

#1 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 07 August 2017 - 08:13 PM

Hello !

not a techie at all but have been trying to fix this error /trojan/virus for over 6 months with No luck at all

have ran a number of malware and cleaners and still not fixed 

have attached my FRST log - hope someone can help me -

 

not able to open / or upload any program/file/folder  

not able to run anything at all

 

have other open user accounts - working fine - ready to delete this user 

 

pretty sure its a corrupted file/folder not able to find 

 

 

 



#2 Broni

Broni

    Malware Annihilator

  • Moderators
  • 698 posts
  • LocationDaly City, CA

Posted 07 August 2017 - 11:12 PM

Welcome aboard p22002758.gif

 

You say that you can't run any program but apparently you ran FRST, though I don't see any log pasted.


My Website

 

p22003266.jpg   p4279089.jpg

 


#3 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 09 August 2017 - 02:09 PM

sorry thought I had posted a log - I ran the FRST on other user account 



#4 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 09 August 2017 - 02:17 PM

i have attached my log but not sure where it is ???



#5 Broni

Broni

    Malware Annihilator

  • Moderators
  • 698 posts
  • LocationDaly City, CA

Posted 10 August 2017 - 12:48 AM

All logs have to be pasted not attached.


My Website

 

p22003266.jpg   p4279089.jpg

 


#6 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 13 August 2017 - 07:20 PM

sorry  did not know - here is my  FRST  Log  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-07-2017
Ran by Others (administrator) on W71107133-PC (30-07-2017 00:23:23)
Running from C:\Users\Others\Desktop\Downloads
Loaded Profiles: Others (Available Profiles: w71107133 & Stephanie & Others & nic & user & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Config.Msi\69cdac.rbf
(Secunia) C:\Program Files\Secunia\PSI\psi.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WORDVIEW.EXE
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [488984 2007-02-08] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-04-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3018547421-3047776815-2594294699-1001\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7AC6B8D6-74D6-4CF4-94DE-F3E1A80E2B23}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131438852721975661&GUID=CA805324-9780-4F75-80D4-3BEF268748B2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002 -> {75302CBB-1743-4554-A550-9AA798113BC2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002 -> {92526BAC-7C81-444A-AAC6-829EB462905E} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002 -> {BAEA10F4-6C82-4289-A069-3B9C09288E79} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002 -> {ED26A8C3-0870-46D1-BFC9-5780084BC48D} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-29] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-29] (Oracle Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
 
FireFox:
========
FF DefaultProfile: 7w91byg6.default
FF ProfilePath: C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default [2017-07-09]
FF Homepage: Mozilla\Firefox\Profiles\7w91byg6.default -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\7w91byg6.default -> type", 0
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-04-02]
FF Extension: (Facebook™ Messenger) - C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default\Extensions\jid1-jw3qAaBXs3HSov@jetpack.xpi [2017-04-03]
FF Extension: (Privacy Badger) - C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-04-02]
FF Extension: (Video DownloadHelper) - C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-04-02]
FF Extension: (Site Deployment Checker) - C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\7w91byg6.default\features\{6a9d1dc6-3809-46f5-ad7d-899b74c4c5f7}\deployment-checker@mozilla.org.xpi [2017-04-02]
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-29] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-15] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://myaccount.google.com/phone?rapt=AEjHL4NwFPOqmqH5oK2n7mJULZCqEwjRfip2jpnPuMwhoqnLjBoE2NfIKzjcRQc4m7vZ6VESQkEGvRli67dHXuWeZcbq39Q3DQ","hxxps://myaccount.google.com/signinoptions/rescuephone?rapt=AEjHL4PrUM3zH_3RJZ4T1ozMk1V2XOfXvkW8JEfbpXvUS4Nx4UhjJRaf9e1Cs5RBMGfzaBFemrhMkild5AlMtGKKCssd-FljjQ","hxxps://myaccount.google.com/phone?rapt=AEjHL4Pdp3WDMv05RYLtYB_2E8Ovgx2cFBBijuboHiseU-YHwqWRvbNjYfNhGOwFb9Jv71zmbcWsjlxrWv4mh_iI3f-E0hQsCg","hxxps://support.google.com/accounts/answer/7028918?authuser=1","hxxps://myactivity.google.com/myactivity?restrict=waa&hl=en&utm_source=udc&utm_medium=r&utm_campaign=","hxxps://support.google.com/accounts/answer/465?visit_id=1-636326114613617681-181370423&p=my_activity_confirm_delete&rd=1#deleted_activity","hxxps://support.google.com/accounts/answer/41078","hxxps://www.youtube.com/view_all_playlists"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default [2017-07-29]
CHR Extension: (Google Slides) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-20]
CHR Extension: (YouTube) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-07-17]
CHR Extension: (YouTube) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-17]
CHR Extension: (chrome home - Google Search) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehglolbmjiabeoooikhjmejfgggmnoj [2017-07-17]
CHR Extension: ((4) Facebook) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb [2017-07-17]
CHR Extension: (Google Sheets) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-19]
CHR Extension: (Google Photos) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-07-17]
CHR Extension: (Album & Photo Manager For Facebook) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2017-07-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-07-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-23]
CHR Extension: (Google) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkolgldfknecfjnhhglfopimelbaceh [2017-07-17]
CHR Extension: (Gmail) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
CHR Profile: C:\Users\Others\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-23]
CHR HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome Canary.ZUJILXR4AQJ657WRM3H6V3HYPM - C:\Users\Others\AppData\Local\Google\Chrome SxS\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-03-26] (Lexmark International, Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-10-17] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-29] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKsl60da2918; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AD319AF-7A39-45CC-ABFA-4F74B4061966}\MpKsl60da2918.sys [39168 2017-07-29] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
R3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [100352 2012-07-14] (Point Grey Research)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2016-11-24] ()
R3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-07] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-06-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-06-26] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-29 23:29 - 2017-07-29 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-29 23:29 - 2017-07-29 23:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-07-29 23:25 - 2017-07-29 23:25 - 00000000 ___DC C:\Program Files\Java
2017-07-29 23:25 - 2017-07-29 23:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2017-07-29 23:25 - 2017-07-29 23:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2017-07-29 22:05 - 2017-07-29 22:05 - 00000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2017-07-29 22:04 - 2017-07-29 22:04 - 00000382 _____ C:\Windows\Tasks\SLIMDRIVERS STARTUP.JOB
2017-07-29 22:04 - 2017-07-29 22:04 - 00000000 ___DC C:\Program Files\SLIMSERVICE
2017-07-29 22:04 - 2017-07-29 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2017-07-29 22:02 - 2017-07-29 22:11 - 00002517 _____ C:\Users\Public\Desktop\SLIMCLEANER PLUS.LNK
2017-07-29 21:52 - 2017-07-29 21:53 - 00000000 ___DC C:\Program Files\SlimDrivers
2017-07-29 21:51 - 2017-07-29 22:05 - 00000000 ___DC C:\Program Files\SlimCleaner Plus
2017-07-29 19:54 - 2017-07-29 21:30 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-29 19:52 - 2017-07-29 19:58 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-29 19:52 - 2017-07-29 19:52 - 00002034 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-29 19:52 - 2017-07-29 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-29 11:47 - 2017-07-30 00:00 - 00002671 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2017-07-29 10:52 - 2017-07-29 11:46 - 00000000 ___DC C:\Program Files\MSECache
2017-07-29 09:51 - 2017-07-29 09:51 - 00000000 ____D C:\ProgramData\SlimWare Utilities Inc
2017-07-29 00:57 - 2017-07-29 00:57 - 00000000 ____D C:\Users\Others\AppData\Roaming\VSRevoGroup
2017-07-29 00:45 - 2017-07-29 00:45 - 00001236 _____ C:\Users\Others\Desktop\Revo Uninstaller.lnk
2017-07-29 00:45 - 2017-07-29 00:45 - 00000000 ___DC C:\Program Files\VS Revo Group
2017-07-29 00:45 - 2017-07-29 00:45 - 00000000 ____D C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-07-28 18:58 - 2017-07-28 18:58 - 00279388 _____ C:\Users\Stephanie\AppData\LocalLow\wbk3B0E.tmp
2017-07-27 21:11 - 2017-07-27 21:11 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - nic).job
2017-07-27 17:03 - 2017-07-27 17:03 - 00000000 ____D C:\Users\Others\AppData\Local\ESET
2017-07-27 14:46 - 2017-07-29 22:00 - 00000000 ____D C:\Users\Others\AppData\Local\SlimWare Utilities Inc
2017-07-27 14:10 - 2017-07-27 14:10 - 00000000 ____D C:\Users\Others\AppData\Local\Downloaded Installers
2017-07-26 20:25 - 2017-07-26 20:25 - 00000434 _____ C:\Windows\Tasks\TechUtilities.job
2017-07-26 13:21 - 2017-07-26 13:21 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2017-07-26 13:21 - 2017-07-26 13:21 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2017-07-25 23:57 - 2017-07-25 23:57 - 00000000 ____D C:\Users\nic\AppData\Roaming\Sun
2017-07-25 23:57 - 2017-07-25 23:57 - 00000000 ____D C:\Users\nic\AppData\LocalLow\Sun
2017-07-25 23:55 - 2017-07-29 21:54 - 00000000 ____D C:\Users\nic\AppData\Local\SlimWare Utilities Inc
2017-07-24 22:48 - 2017-03-21 11:13 - 05312512 _____ C:\Users\Others\log.evtx
2017-07-22 17:12 - 2017-07-22 17:12 - 00014558 _____ C:\Windows\system32\results.xml
2017-07-21 04:58 - 2017-07-21 05:11 - 00000000 ____D C:\ProgramData\Intel
2017-07-20 06:26 - 2017-07-20 06:26 - 00000000 ____D C:\Users\w71107133\AppData\Roaming\Sun
2017-07-20 06:26 - 2017-07-20 06:26 - 00000000 ____D C:\Users\w71107133\AppData\LocalLow\Sun
2017-07-20 06:05 - 2017-07-20 06:05 - 00000000 ____D C:\Users\w71107133\AppData\Roaming\SUPERAntiSpyware.com
2017-07-20 06:03 - 2017-07-20 06:03 - 00000000 ____D C:\Users\w71107133\AppData\Local\Zemana
2017-07-20 05:55 - 2017-07-20 05:55 - 00001560 _____ C:\Users\user\Desktop\nicole posin 767 - Shortcut.lnk
2017-07-20 05:54 - 2017-07-20 05:54 - 00001564 _____ C:\Users\user\Desktop\nicole posin 832 - Shortcut.lnk
2017-07-20 05:54 - 2017-07-20 05:54 - 00001564 _____ C:\Users\user\Desktop\nicole posin 771 - Shortcut.lnk
2017-07-20 05:54 - 2017-07-20 05:54 - 00001560 _____ C:\Users\user\Desktop\nicole posin 820 - Shortcut.lnk
2017-07-19 23:24 - 2017-07-19 23:24 - 00000000 ____D C:\Users\nic\AppData\Roaming\Skype
2017-07-19 23:24 - 2017-07-19 23:24 - 00000000 ____D C:\Users\nic\AppData\Local\Skype
2017-07-19 23:23 - 2017-07-20 22:11 - 00000000 ____D C:\ProgramData\Skype
2017-07-19 21:42 - 2017-07-29 15:34 - 00000000 ____D C:\Users\Others\AppData\Local\CrashDumps
2017-07-19 17:13 - 2017-07-19 17:19 - 00033280 ___SH C:\Users\Others\AppData\Roaming\Thumbs.db
2017-07-17 13:48 - 2017-07-26 14:41 - 00002151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-15 23:53 - 2017-07-15 23:53 - 00000000 ____D C:\ProgramData\UniqueId
2017-07-15 18:55 - 2017-07-15 18:55 - 00000000 ____D C:\Users\Others\AppData\Roaming\Soft4Boost
2017-07-15 18:53 - 2016-02-17 15:13 - 00038504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2017-07-14 23:56 - 2017-07-30 00:23 - 00000000 ____D C:\FRST
2017-07-14 15:44 - 2017-07-15 10:11 - 00000028 _____ C:\Windows\ODBC.INI
2017-07-14 15:44 - 2017-07-15 10:11 - 00000023 _____ C:\Windows\ODBCINST.INI
2017-07-14 15:44 - 2016-08-05 07:33 - 00792576 _____ (Christian Werner Software & Consulting) C:\Windows\system32\sqlite3odbc.dll
2017-07-14 15:42 - 2017-07-14 15:42 - 00000000 ___DC C:\Program Files\ClearApps
2017-07-14 04:08 - 2010-06-23 03:22 - 00016474 ____R C:\Users\Others\AppData\Local\ComponentList.xml
2017-07-14 04:06 - 2010-06-23 03:22 - 00016474 ____R C:\Users\Others\ComponentList.xml
2017-07-13 18:48 - 2017-07-13 18:48 - 00000000 ____D C:\ProgramData\dbg
2017-07-13 16:01 - 2017-07-13 16:01 - 00000000 ____D C:\Users\Others\AppData\Roaming\Yahoo
2017-07-13 15:59 - 2017-07-13 15:59 - 00000000 ____D C:\Users\Others\AppData\LocalLow\Sun
2017-07-13 15:57 - 2017-07-13 15:57 - 00000000 ____D C:\Users\Others\AppData\Roaming\Sun
2017-07-13 15:54 - 2017-07-13 15:54 - 00014156 _____ C:\Users\New folder\ffjcext.zip
2017-07-13 15:46 - 2017-07-13 15:46 - 00000000 ____D C:\Users\Others\AppData\LocalLow\Oracle
2017-07-12 12:52 - 2017-07-12 19:53 - 01297694 _____ C:\Users\New folder\CbsPersist_20170713012711.cab
2017-07-12 09:47 - 2017-06-29 23:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 09:47 - 2017-06-29 22:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 09:47 - 2017-06-29 22:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 09:47 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 09:47 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 09:47 - 2017-06-29 01:08 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 09:47 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 09:47 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 09:47 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 09:47 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 09:47 - 2017-06-22 10:50 - 02402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 09:47 - 2017-06-15 16:18 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 09:47 - 2017-06-12 18:32 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 09:47 - 2017-06-12 18:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 09:47 - 2017-06-12 18:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 09:47 - 2017-06-12 18:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 09:47 - 2017-06-12 18:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 09:47 - 2017-06-12 18:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 09:47 - 2017-06-10 11:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 09:47 - 2017-06-09 11:17 - 01213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 09:47 - 2017-06-06 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 09:47 - 2017-05-30 00:39 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 09:46 - 2017-06-29 22:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 09:46 - 2017-06-29 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 09:46 - 2017-06-29 22:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 09:46 - 2017-06-29 22:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 09:46 - 2017-06-29 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 09:46 - 2017-06-29 22:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 09:46 - 2017-06-29 01:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 09:46 - 2017-06-29 01:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 09:46 - 2017-06-29 01:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 09:46 - 2017-06-29 01:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 09:46 - 2017-06-29 01:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 09:46 - 2017-06-29 01:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 09:46 - 2017-06-29 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 09:46 - 2017-06-29 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 09:46 - 2017-06-29 01:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 09:46 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 09:46 - 2017-06-29 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 09:46 - 2017-06-29 01:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 09:46 - 2017-06-29 01:13 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 09:46 - 2017-06-29 01:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 09:46 - 2017-06-29 01:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 09:46 - 2017-06-29 01:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 09:46 - 2017-06-29 01:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 09:46 - 2017-06-29 00:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 09:46 - 2017-06-29 00:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 09:46 - 2017-06-29 00:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 09:46 - 2017-06-29 00:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 09:46 - 2017-06-29 00:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 09:46 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 09:46 - 2017-06-29 00:47 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 09:46 - 2017-06-29 00:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 09:46 - 2017-06-29 00:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 09:46 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 09:46 - 2017-06-12 18:32 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 09:46 - 2017-06-12 18:32 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 09:46 - 2017-06-12 18:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 09:46 - 2017-06-12 18:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 09:46 - 2017-06-12 18:29 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 09:46 - 2017-06-12 18:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 09:46 - 2017-06-12 18:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 09:46 - 2017-06-12 18:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 09:46 - 2017-06-12 18:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 09:46 - 2017-06-12 18:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 09:46 - 2017-06-12 18:05 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 09:46 - 2017-06-12 18:05 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 09:46 - 2017-06-12 18:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 09:46 - 2017-06-12 18:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 09:46 - 2017-06-12 18:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 09:46 - 2017-05-30 00:39 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 09:46 - 2017-05-30 00:39 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 09:45 - 2017-06-29 01:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 09:45 - 2017-06-12 18:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 09:45 - 2017-06-12 18:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 09:45 - 2017-06-12 18:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 09:45 - 2017-06-12 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 09:35 - 2017-07-08 04:30 - 04239063 _____ C:\Users\New folder\Windows6.1-KB4025341-x86-EXPRESS.cab
2017-07-12 09:10 - 2017-07-12 09:10 - 00008464 _____ C:\Users\New folder\latest.cab
2017-07-12 09:07 - 2017-07-06 15:40 - 08615670 _____ C:\Users\New folder\mso-x-none.cab
2017-07-12 09:07 - 2017-06-27 13:20 - 20943382 _____ C:\Users\New folder\excel-x-none.cab
2017-07-11 00:55 - 2017-07-11 14:58 - 01840130 _____ C:\Users\New folder\CbsPersist_20170711200716.cab
2017-07-11 00:04 - 2017-07-11 00:50 - 00000000 ___DC C:\Program Files\CleanMyPC
2017-07-10 22:49 - 2017-07-23 09:28 - 00002745 _____ C:\Users\Others\Desktop\JRT.txt
2017-07-10 19:19 - 2017-07-20 01:41 - 01228184 _____ C:\Windows\ntbtlog.txt
2017-07-10 13:06 - 2017-07-10 13:08 - 00008943 _____ C:\Users\New folder\latest_40.cab
2017-07-10 13:06 - 2017-07-10 13:08 - 00008943 _____ C:\Users\New folder\latest_20.cab
2017-07-10 13:05 - 2017-07-27 23:38 - 00000000 ____D C:\MATS
2017-07-10 11:38 - 2017-07-10 11:38 - 00000000 _____ C:\Windows\system32\log
2017-07-10 11:33 - 2017-07-10 11:33 - 00000000 _____ C:\Windows\system32\F
2017-07-10 08:46 - 2017-07-10 08:46 - 00079698 _____ C:\Users\Others\Desktop\stef folder\Documents\reliability chart chrome.xml
2017-07-09 11:16 - 2017-07-09 11:16 - 00000594 _____ C:\Windows\system32\reset
2017-07-09 11:15 - 2017-07-09 11:15 - 00000594 _____ C:\Windows\system32\show
2017-07-09 08:04 - 2017-07-09 08:04 - 00002354 _____ C:\Users\Others\Desktop\stef folder\Documents\play andready txt.txt
2017-07-09 08:01 - 2017-07-09 08:01 - 00001654 _____ C:\Users\Others\Desktop\stef folder\Documents\cc_20170709_080134.reg
2017-07-09 08:00 - 2017-07-09 08:01 - 00021482 _____ C:\Users\Others\Desktop\stef folder\Documents\cc_20170709_080003.reg
2017-07-09 06:30 - 2017-07-09 07:37 - 01203419 _____ C:\Users\New folder\CbsPersist_20170709114036.cab
2017-07-09 06:30 - 2017-07-09 06:39 - 01071454 _____ C:\Users\New folder\CbsPersist_20170709110735.cab
2017-07-09 05:23 - 2011-11-22 14:59 - 00060955 _____ C:\Users\New folder\windows6.1-kb2631813-x86-express.cab
2017-07-09 04:56 - 2017-07-09 04:56 - 00002412 _____ C:\Windows\system32\msxml.txt
2017-07-09 04:55 - 2017-07-09 04:55 - 00002412 _____ C:\Windows\system32\playready.txt
2017-07-09 04:50 - 2017-07-09 04:51 - 00020052 _____ C:\Windows\system32\cc_20170709_045014.reg
2017-07-08 22:11 - 2017-07-08 22:11 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-08 22:10 - 2017-07-08 22:10 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-07-08 22:06 - 2017-07-08 22:06 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2017-07-08 22:06 - 2017-07-08 22:06 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2017-07-08 19:27 - 2017-07-08 19:27 - 00001405 _____ C:\Users\Stephanie\Desktop\Microsoft - Shortcut.lnk
2017-07-08 18:26 - 2017-07-08 18:27 - 09540248 _____ C:\Users\New folder\x86.zip
2017-07-08 18:23 - 2017-07-08 18:23 - 00023763 _____ C:\Users\New folder\GDIPFONTCACHEV1.zip
2017-07-08 18:20 - 2017-07-28 19:04 - 00089600 ___SH C:\Users\Stephanie\Desktop\Thumbs.db
2017-07-08 18:20 - 2017-07-25 22:50 - 00000719 _____ C:\Users\Stephanie\Desktop\New folder - Shortcut.lnk
2017-07-07 20:46 - 2017-07-12 16:37 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-07 09:21 - 2017-07-29 21:30 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-07-07 08:55 - 2017-07-29 01:02 - 00000000 ____D C:\ComboFix
2017-07-07 06:38 - 2017-07-19 23:23 - 00095744 ___SH C:\Users\nic\Downloads\Thumbs.db
2017-07-07 05:27 - 2017-07-07 05:27 - 00000000 ____D C:\Users\nic\AppData\Local\Innovative solutions
2017-07-07 04:34 - 2017-07-07 04:46 - 05069710 _____ C:\TDSSKiller.3.1.0.15_07.07.2017_04.34.03_log.txt
2017-07-07 04:04 - 2017-07-07 04:04 - 37892136 _____ (Malwarebytes ) C:\Users\user\Downloads\MBARW_Setup.exe
2017-07-07 03:42 - 2017-07-07 03:45 - 00203712 _____ C:\TDSSKiller.3.1.0.15_07.07.2017_03.42.38_log.txt
2017-07-07 03:34 - 2017-07-07 03:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2017-07-07 03:14 - 2017-07-07 07:29 - 00001052 _____ C:\Users\nic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-07 03:14 - 2017-07-07 07:29 - 00001052 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-07 02:08 - 2017-07-07 02:08 - 00000000 ____D C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
2017-07-07 02:06 - 2017-07-07 07:29 - 00001052 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-07 02:06 - 2017-07-07 02:06 - 00000000 ____D C:\Users\user\AppData\Local\Zemana
2017-07-07 01:56 - 2017-07-07 01:56 - 00004392 _____ C:\Users\Stephanie\proc exp 1.TXT
2017-07-06 16:53 - 2017-07-07 06:53 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-06 16:52 - 2017-07-06 18:01 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-05 18:16 - 2017-07-05 18:16 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Google
2017-07-05 17:24 - 2012-05-30 13:30 - 00471360 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2017-07-05 13:54 - 2017-06-22 22:21 - 160154534 _____ C:\Users\New folder\chrome.7z
2017-07-05 13:33 - 2017-07-07 07:29 - 00001052 _____ C:\Users\Others\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-04 22:42 - 2017-07-04 22:43 - 00000000 _____ C:\Users\Stephanie\run
2017-07-04 18:19 - 2017-07-04 18:44 - 00578814 _____ C:\TDSSKiller.3.1.0.15_04.07.2017_18.19.21_log.txt
2017-07-04 18:13 - 2017-07-04 18:16 - 00204242 _____ C:\TDSSKiller.3.1.0.15_04.07.2017_18.13.55_log.txt
2017-07-04 18:00 - 2017-07-04 18:00 - 00002009 _____ C:\Users\New folder\NetworkConfiguration_1.cab
2017-07-04 17:40 - 2017-07-04 17:40 - 00000000 _____ C:\Users\Stephanie\path
2017-07-04 17:24 - 2017-07-04 17:23 - 00002010 _____ C:\Users\New folder\NetworkConfiguration.cab
2017-07-04 03:41 - 2017-07-04 03:41 - 00002006 _____ C:\Users\New folder\NetworkConfiguration_10.cab
2017-07-04 01:12 - 2017-07-04 18:00 - 00023530 _____ C:\Users\New folder\latest_16.cab
2017-07-04 01:12 - 2017-07-04 01:11 - 00002052 _____ C:\Users\New folder\NetworkConfiguration_11.cab
2017-07-03 23:02 - 2012-07-14 14:27 - 00100352 _____ (Point Grey Research) C:\Windows\system32\Drivers\PGR1394.sys
2017-07-03 22:53 - 2017-07-03 22:53 - 00000000 ____D C:\Users\Others\My Drivers
2017-07-03 22:50 - 2017-07-03 22:50 - 00000000 ___DC C:\Program Files\Innovative Solutions
2017-07-03 22:50 - 2017-07-03 22:50 - 00000000 ____D C:\Users\Others\AppData\Roaming\Innovative Solutions
2017-07-03 22:50 - 2017-07-03 22:50 - 00000000 ____D C:\Users\Others\AppData\Local\Innovative Solutions
2017-07-03 19:19 - 2017-07-03 19:19 - 00000044 _____ C:\Windows\Model.txt
2017-07-03 15:04 - 2017-07-09 08:03 - 00000000 ___DC C:\Program Files\CleanUp!
2017-07-03 01:59 - 2017-07-03 02:00 - 00189750 _____ (noahdfear ) C:\Users\Stephanie\Downloads\FindAWF.exe
2017-07-02 22:58 - 2017-07-02 22:59 - 09598376 _____ (Piriform Ltd) C:\Users\Stephanie\Downloads\ccsetup531.exe
2017-07-02 22:56 - 2017-07-02 22:57 - 09598376 _____ (Piriform Ltd) C:\Users\Stephanie\Downloads\SUPERAntiSpyware.exe
2017-07-02 21:39 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-02 21:39 - 2017-05-16 11:16 - 00730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-02 21:39 - 2017-05-16 11:16 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-02 21:39 - 2017-05-16 11:12 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-02 15:23 - 2017-07-03 03:03 - 00000000 ____D C:\Users\nic\AppData\Roaming\Device Doctor
2017-07-02 14:25 - 2017-07-02 14:26 - 00017401 _____ C:\Users\New folder\latest_38.cab
2017-07-02 14:25 - 2017-07-02 14:26 - 00017401 _____ C:\Users\New folder\latest_18.cab
2017-07-02 01:58 - 2017-07-08 13:11 - 00009601 _____ C:\Users\New folder\latest_10.cab
2017-07-02 01:58 - 2017-07-02 01:58 - 00010111 _____ C:\Users\New folder\latest_35.cab
2017-07-02 01:58 - 2017-07-02 01:58 - 00010111 _____ C:\Users\New folder\latest_14.cab
2017-07-02 01:52 - 2017-07-07 02:02 - 00008451 _____ C:\Users\New folder\latest_34.cab
2017-07-02 01:52 - 2017-07-07 02:02 - 00008451 _____ C:\Users\New folder\latest_13.cab
2017-07-01 11:17 - 2017-06-30 04:00 - 00037727 _____ C:\Users\Others\Desktop\stef folder\Documents\Addition.txt
2017-07-01 09:15 - 2017-07-08 22:43 - 02372729 _____ C:\Users\New folder\CbsPersist_20170709071535.cab
2017-07-01 05:23 - 2017-06-23 12:56 - 00023454 _____ C:\Users\New folder\wuredir_1.cab
2017-07-01 01:53 - 2017-07-01 01:53 - 00012514 _____ C:\Users\nic\Desktop\startup.txt
2017-07-01 01:50 - 2017-07-01 01:50 - 00002702 _____ C:\Users\nic\Desktop\txt ms.txt
2017-07-01 01:33 - 2017-07-01 01:34 - 00030112 _____ C:\Users\nic\Desktop\cc_20170701_013255.reg
2017-07-01 01:06 - 2017-06-14 15:07 - 00002060 _____ C:\Users\New folder\default_theme.zip
2017-07-01 01:04 - 2017-07-01 01:04 - 00000000 ____D C:\Users\nic\AppData\Local\Opera Software
2017-07-01 00:57 - 2017-07-01 00:57 - 00000000 ____D C:\Users\nic\AppData\Roaming\Opera Software
2017-07-01 00:12 - 2017-07-01 00:12 - 00000000 ____D C:\Users\nic\AppData\Roaming\SUPERAntiSpyware.com
2017-07-01 00:07 - 2017-07-20 06:03 - 00000000 ____D C:\TEMP
2017-07-01 00:07 - 2017-07-01 00:07 - 00000000 ____D C:\Users\nic\AppData\Local\Zemana
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-30 00:24 - 2017-06-26 06:39 - 00102713 _____ C:\Windows\ZAM.krnl.trace
2017-07-30 00:24 - 2017-06-26 06:39 - 00080920 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-30 00:18 - 2017-06-04 03:09 - 00000000 ____D C:\Users\Others\Desktop\stef folder\Documents\iphone pics from apr to june 1
2017-07-30 00:04 - 2017-03-16 13:00 - 00000000 ____D C:\Users\Others\AppData\Local\ElevatedDiagnostics
2017-07-30 00:02 - 2017-02-07 09:40 - 00000000 ____D C:\Users\Others\Desktop\stef folder
2017-07-29 23:58 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-29 22:21 - 2017-06-08 05:42 - 00000000 ____D C:\Users\Others\Desktop\stef folder\Documents\New folder
2017-07-29 21:59 - 2013-11-30 11:14 - 00109344 _____ C:\Users\Others\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-29 21:41 - 2009-07-14 00:34 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-29 21:41 - 2009-07-14 00:34 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-29 21:29 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-29 21:29 - 2009-07-14 00:33 - 00410776 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-29 19:51 - 2017-03-24 12:47 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-07-29 19:51 - 2017-03-24 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-29 15:28 - 2017-02-07 07:09 - 00000000 ____D C:\Users\New folder
2017-07-29 11:47 - 2013-11-07 16:10 - 00000000 ____D C:\Program Files\Microsoft Office
2017-07-29 05:56 - 2013-11-25 12:11 - 00000000 ____D C:\Users\Stephanie
2017-07-28 19:30 - 2010-11-20 17:01 - 00851460 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-28 19:30 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-07-28 18:57 - 2017-02-03 03:49 - 00000000 ___RD C:\Users\Stephanie\New Briefcase
2017-07-28 17:47 - 2017-02-07 09:34 - 00000000 ____D C:\New folder (5)
2017-07-28 01:29 - 2017-04-04 18:49 - 00000000 ____D C:\Windows\pss
2017-07-28 00:59 - 2013-11-30 11:13 - 00000000 ____D C:\Users\Others
2017-07-28 00:01 - 2014-05-26 17:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-28 00:01 - 2011-04-12 02:41 - 00000000 ____D C:\Windows\ShellNew
2017-07-28 00:01 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\MSBuild
2017-07-27 16:08 - 2013-11-27 14:26 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2017-07-26 18:12 - 2013-11-28 07:29 - 00000000 ____D C:\Windows\system32\MRT
2017-07-26 17:56 - 2013-11-07 14:49 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-25 22:23 - 2017-03-11 00:29 - 00004592 __RSH C:\Users\Stephanie\ntuser.pol
2017-07-23 22:01 - 2017-02-07 11:15 - 00000000 ____D C:\Users\Others\Desktop\dogs -baby animals
2017-07-23 19:41 - 2015-01-26 11:31 - 00015220 _____ C:\Users\Others\microsoft  license.txt
2017-07-23 00:56 - 2013-11-30 11:13 - 00000000 ____D C:\Users\Others\AppData\Local\VirtualStore
2017-07-21 05:30 - 2017-02-15 07:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-20 22:19 - 2017-06-03 09:19 - 00000000 ___DC C:\Program Files\Opera
2017-07-20 22:15 - 2013-11-30 11:15 - 00000000 ____D C:\Users\Others\AppData\Local\Google
2017-07-20 06:38 - 2016-12-11 00:23 - 00109736 _____ C:\Users\nic\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-20 06:28 - 2017-06-21 22:43 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2017-07-20 06:07 - 2013-11-07 15:13 - 00000000 ____D C:\Users\w71107133
2017-07-20 06:03 - 2013-11-07 15:14 - 00109736 _____ C:\Users\w71107133\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-20 05:59 - 2017-03-13 23:56 - 00000000 ___RD C:\bentley baby pics
2017-07-20 03:17 - 2017-03-15 09:18 - 00109736 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-19 20:09 - 2014-01-25 17:59 - 00000000 ____D C:\ProgramData\McAfee
2017-07-19 19:46 - 2017-04-02 00:57 - 00000000 ____D C:\Users\Others\CustomCodeValidationTool
2017-07-19 17:10 - 2017-02-03 05:45 - 00000000 ____D C:\Users\Stephanie\New folder (2)
2017-07-17 18:19 - 2013-11-25 12:13 - 00109736 _____ C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-17 16:34 - 2017-02-19 08:54 - 00000000 ____D C:\Users\DefaultAppPool
2017-07-17 16:34 - 2016-12-11 00:22 - 00000000 ____D C:\Users\nic
2017-07-17 16:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\Msdtc
2017-07-17 16:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration
2017-07-17 16:33 - 2013-11-07 16:26 - 00000000 ____D C:\Program Files\Google
2017-07-17 13:47 - 2016-12-02 00:58 - 00000000 ____D C:\Users\Others\AppData\Local\Deployment
2017-07-15 19:16 - 2017-06-15 21:30 - 00000000 ____D C:\ProgramData\Apple
2017-07-15 19:12 - 2016-03-01 17:16 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2017-07-15 12:16 - 2017-03-24 14:45 - 00007597 _____ C:\Users\Others\AppData\Local\resmon.resmoncfg
2017-07-13 22:22 - 2017-06-04 03:32 - 00000000 ____D C:\Users\Others\Desktop\stef folder\Documents\AmazonDriveDownload
2017-07-13 22:09 - 2017-03-11 08:13 - 00000000 ____D C:\AdwCleaner
2017-07-13 15:52 - 2017-04-11 15:10 - 00000000 ____D C:\ProgramData\Oracle
2017-07-13 14:19 - 2017-02-07 11:13 - 00000000 ____D C:\New folder (9)
2017-07-13 04:02 - 2013-11-07 17:14 - 00000000 ____D C:\Windows\rescache
2017-07-13 03:28 - 2016-08-01 16:26 - 02354138 _____ C:\Users\New folder\Appraiser_AlternateData.cab
2017-07-12 21:14 - 2017-06-28 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-07-12 12:48 - 2017-06-16 13:24 - 00000000 ____D C:\Qoobox
2017-07-12 12:48 - 2017-06-02 23:57 - 00000000 ____D C:\Windows\Minidump
2017-07-12 12:48 - 2013-10-17 23:59 - 00000000 ____D C:\Windows\Panther
2017-07-12 05:08 - 2017-02-23 01:37 - 00000553 _____ C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Genuine Microsoft Software.website
2017-07-11 16:49 - 2013-11-07 15:04 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-11 16:49 - 2013-11-07 15:04 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-11 16:48 - 2013-11-07 15:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 13:42 - 2016-12-02 00:58 - 00000000 ____D C:\Users\Others\AppData\Local\Apps\2.0
2017-07-10 13:05 - 2017-02-25 17:51 - 00000000 ___DC C:\Program Files\Microsoft Deployment Toolkit
2017-07-10 09:57 - 2013-12-11 19:50 - 00000000 ____D C:\Users\Others\AppData\Local\Adobe
2017-07-09 06:48 - 2017-03-30 01:46 - 00000000 ____D C:\Users\Others\Desktop\Program
2017-07-09 06:11 - 2017-04-09 01:40 - 00000000 ___RD C:\Users\nic\Google Drive
2017-07-08 22:06 - 2011-04-12 02:40 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-07-08 22:06 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-07-08 22:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\inetsrv
2017-07-08 22:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-08 19:24 - 2017-02-15 07:38 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Performix LLC
2017-07-08 19:24 - 2015-08-01 20:55 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Nero
2017-07-08 19:23 - 2017-02-05 04:19 - 00000000 ____D C:\Users\Stephanie\New folder (18)
2017-07-08 19:22 - 2017-02-07 15:37 - 00000000 ____D C:\Users\Stephanie\New folder (28)
2017-07-08 19:20 - 2017-02-18 13:47 - 00000000 ____D C:\Users\Stephanie\New folder (32)
2017-07-08 19:20 - 2013-12-03 22:20 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\W Photo Studio Viewer
2017-07-08 19:05 - 2017-02-03 05:45 - 00000000 ____D C:\Users\Stephanie\New folder (3)
2017-07-08 19:04 - 2017-02-02 16:48 - 00000000 ____D C:\Users\Stephanie\New folder
2017-07-08 17:21 - 2009-07-14 00:53 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-08 13:41 - 2017-06-18 22:35 - 00000043 _____ C:\Windows\system32\c
2017-07-08 08:19 - 2017-02-03 06:17 - 00000000 ___RD C:\Users\Stephanie\Desktop\Downloads - Shortcut (6)
2017-07-08 07:55 - 2017-06-21 23:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-07 09:14 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2017-07-07 07:29 - 2017-04-02 07:50 - 00001052 _____ C:\Users\w71107133\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-07 07:29 - 2017-02-13 23:43 - 00001052 _____ C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-06 19:45 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\addins
2017-07-05 18:13 - 2013-11-26 21:30 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Google
2017-07-04 20:07 - 2017-06-28 22:01 - 00000000 ____D C:\found.001
2017-07-04 19:45 - 2017-06-11 00:02 - 00009679 _____ C:\Users\New folder\latest_3.cab
2017-07-04 19:45 - 2017-06-11 00:02 - 00009679 _____ C:\Users\New folder\latest_27.cab
2017-07-04 18:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2017-07-03 01:37 - 2017-02-25 14:18 - 00000000 ____D C:\Users\Stephanie\Desktop\Program
2017-07-02 19:38 - 2015-05-02 10:22 - 00000000 ____D C:\AVAST Software
2017-07-01 20:21 - 2013-11-07 16:23 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-01 01:08 - 2017-03-11 08:52 - 00000000 ___DC C:\Users\nic\AppData\Local\MigWiz
2017-07-01 00:14 - 2017-06-16 08:54 - 00000000 ____D C:\Users\nic\Downloads\Photos
2017-06-30 16:41 - 2017-02-01 16:11 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Apps\2.0
 
==================== Files in the root of some directories =======
 
2017-07-19 17:13 - 2017-07-19 17:19 - 0033280 ___SH () C:\Users\Others\AppData\Roaming\Thumbs.db
2017-03-13 01:08 - 2017-03-22 04:31 - 0027115 _____ () C:\Users\Others\AppData\Roaming\UserTile.png
2017-06-04 00:52 - 2017-06-04 00:52 - 0000047 _____ () C:\Users\Others\AppData\Roaming\WB.CFG
2017-07-14 04:08 - 2010-06-23 03:22 - 0016474 ____R () C:\Users\Others\AppData\Local\ComponentList.xml
2017-03-24 14:45 - 2017-07-15 12:16 - 0007597 _____ () C:\Users\Others\AppData\Local\resmon.resmoncfg
2016-06-26 07:31 - 2016-06-26 07:31 - 0000000 _____ () C:\Users\Others\AppData\Local\{94AAB2CE-00EA-4A70-9292-D6EE5EE52518}
2017-02-15 07:39 - 2017-02-15 07:39 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
2017-06-24 12:10 - 2017-06-24 12:10 - 0000882 _____ () C:\ProgramData\SMRResults501.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\SMRResults501.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-23 06:49
 
==================== End of FRST.txt ============================


#7 Broni

Broni

    Malware Annihilator

  • Moderators
  • 698 posts
  • LocationDaly City, CA

Posted 13 August 2017 - 08:44 PM

I still need second log.


My Website

 

p22003266.jpg   p4279089.jpg

 


#8 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 14 August 2017 - 03:20 AM

ok  here  is  a  malwarebyte logMalwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2017.07.06.07
  rootkit: v2017.05.27.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18697
Others :: W71107133-PC [administrator]
 
7/6/2017 7:02:32 PM
mbar-log-2017-07-06 (19-02-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 429758
Time elapsed: 36 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Others\Desktop\stef folder\Documents\FRST.exe (Trojan.PasswordStealer.AI) -> Delete on reboot. [d03fd2917d2c0e284d2cd43839c928d8]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
REGT /a APISvc "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" 
 
SWREG SAVE "HKLM\software\microsoft\windows\currentversion\run" temp00.hiv   && 
 
dumphive v 07-31-2004-d7: dumpt einen win9x/nt-registry-hive in eine textdatei
  ©2000-2004 Markus Stephany, merkes_at_mirkes.de
C:\ComboFix\N_\28266
The process cannot access the file because it is being used by another process.
 
SWREG SAVE "hkcu\software\microsoft\windows\currentversion\run" temp00.hiv   && 
 
dumphive v 07-31-2004-d7: dumpt einen win9x/nt-registry-hive in eine textdatei
  ©2000-2004 Markus Stephany, merkes_at_mirkes.de
C:\ComboFix\N_\28266
The process cannot access the file because it is being used by another process.
 
DEL /A/F RegLock.dat 
Could Not Find C:\ComboFix\RegLock.dat
 
SED -r ":a; $!N;s/\n\x22(Users\\0000)/ \x22HIV\\\1/I;ta;P;D" HIV\ERDNT.INF  1>RegLock01 
 
SED -r "/ /!d;" RegLock01  1>RegLock02 
 
SED -r "s/USERS /HIV\\/; s/(.*) (.*)/@move \/y \2 \1/" RegLock02  1>RegLock01.bat 
 
Call RegLock01.bat 
        1 file(s) moved.
        1 file(s) moved.
        1 file(s) moved.
        1 file(s) moved.
 
MOVE /Y HIV\default HIV\.Default 
        1 file(s) moved.
 
FOR %G IN ("HIV\System" "HIV\Software") DO @(
Dumphive -e "%~G" "%~NXG.dump00"  
 SED -r "s/^\[(CsiTool|CMI)-CreateHive[^\\\x5D]*/[/I; s/^\[/[HKEY_LOCAL_MACHINE\\%~NXG/" "%~NXG.dump00"  1>"%~NXG.dump" 
 
dumphive v 07-31-2004-d7: dumpt einen win9x/nt-registry-hive in eine textdatei
  ©2000-2004 Markus Stephany, merkes_at_mirkes.de
 
dumphive v 07-31-2004-d7: dumpt einen win9x/nt-registry-hive in eine textdatei
  ©2000-2004 Markus Stephany, merkes_at_mirkes.de
 
FOR %G IN ("HIV\.Default" "HIV\S-1*") DO @(
Dumphive -e "%G" "%~NXG.dump00"  
 SED -r "s/^\[(CMI-CreateHive|S-1-)[^\\\x5D]*/[/I; s/^\[/[HKEY_USERS\\%~NXG/" "%~NXG.dump00"  1>"%~NXG.dump" 
 
dumphive v 07-31-2004-d7: dumpt einen win9x/nt-registry-hive in eine textdatei
  ©2000-2004 Markus Stephany, merkes_at_mirkeAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 29-07-2017
Ran by Others (30-07-2017 00:26:44)
Running from C:\Users\Others\Desktop\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2013-11-07 19:45:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3018547421-3047776815-2594294699-500 - Administrator - Disabled)
Guest (S-1-5-21-3018547421-3047776815-2594294699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3018547421-3047776815-2594294699-1009 - Limited - Enabled)
nic (S-1-5-21-3018547421-3047776815-2594294699-1005 - Administrator - Enabled) => C:\Users\nic
Others (S-1-5-21-3018547421-3047776815-2594294699-1002 - Administrator - Enabled) => C:\Users\Others
Stephanie (S-1-5-21-3018547421-3047776815-2594294699-1001 - Limited - Enabled) => C:\Users\Stephanie
user (S-1-5-21-3018547421-3047776815-2594294699-1010 - Limited - Enabled) => C:\Users\user
w71107133 (S-1-5-21-3018547421-3047776815-2594294699-1000 - Limited - Enabled) => C:\Users\w71107133
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Logitech QuickCam (HKLM\...\{7D2370AC-D8E6-4996-986A-19824F8A167C}) (Version: 10.51.2029 - Logitech Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-26] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> [CC]{6ABB1C11-E261-4CEA-BBB5-3836225689DD} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08527314-721C-4980-8ADB-2374500A77BB} - System32\Tasks\{57F1ECFF-48A7-46C4-8FA8-AB54CD03DBBB} => C:\Users\Others\Desktop\Downloads\gpautobackup_setup.exe
Task: {236DBC3B-BD51-46ED-80D1-4837EE7C2DC2} - System32\Tasks\SidebarExecute => \W71107133-PC\Program Files\Windows Sidebar\sidebar.exe
Task: {2681ECC9-9E22-4817-BEEB-50DC2EDBBCBF} - \PCM_Others_PCMedic_LogonTask -> No File <==== ATTENTION
Task: {2A2667B8-1B12-4FC4-9C81-633E715CC312} - System32\Tasks\{F2F92A02-3514-43CF-AC4E-DE9871785FE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Others\Desktop\Downloads\winsdk_web standalone.exe" -d C:\Users\Others\Desktop\Downloads
Task: {385575A4-184A-4B9E-8559-429D2FBEB3F0} - System32\Tasks\{A0930AEB-0545-4BB6-B85A-ECD6664418A2} => C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14] (Microsoft Corporation)
Task: {39EC43D2-5673-4179-9EEF-C5CB2DE0286F} - System32\Tasks\{E8FD6053-AEE9-4137-99DD-C2C7B5E2D9CD} => \\W71107133-PC\Program Files\Internet Explorer\iexplore.exe 
Task: {3B9EC533-C64B-4B7E-9F1F-1CCF8370D0F2} - System32\Tasks\{F93ABD39-7FD6-4A42-8A3F-D4F1DEAC2B6D} => C:\Windows\system32\pcalua.exe -a C:\Users\Others\Desktop\Downloads\CleanUp452.exe -d C:\Users\Others\Desktop\Downloads
Task: {3D7D5A19-FB16-4F02-9D5E-75F818F45E31} - System32\Tasks\{5ED66CB6-A902-414E-91DA-13244D06354B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\DriverUpdate\UninstallStub.exe" -c --log {67c812dd-e8e6-4b80-acf9-d453aa996e23}
Task: {3E171D4A-15B5-4787-9FF4-C3FF02ED6FCB} - System32\Tasks\{00D47168-1659-4097-B3D4-DDEEEDCC1590} => C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
Task: {3ECA408A-0508-4BD6-A657-DC1B6CC46B2A} - System32\Tasks\{EFD3152F-F78C-46FB-9047-BCFFF2276CA0} => C:\Windows\system32\pcalua.exe -a "c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe"
Task: {4426D4F9-F9DE-4E5E-A3E9-792815690CCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {4AEA6276-E11F-4691-87EA-9241FAB37C31} - System32\Tasks\Event Viewer Tasks\Microsoft-Windows-Diagnostics-Performance_Operational_Microsoft-Windows-Diagnostics-Performance_300 => C:\Windows\System32\Programs\Program files
Task: {57B09643-1E96-44E2-8EA8-858E66A0E6CF} - System32\Tasks\{ADC4111B-DF2F-4309-9785-0AC5895A22D6} => C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14] (Microsoft Corporation)
Task: {5A579F98-CAB8-432E-872E-D4B82F1523C7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3018547421-3047776815-2594294699-1005
Task: {6CD5B7D0-354A-4FCA-97CC-72FE38645516} - System32\Tasks\run troubleshooter => open [Argument = windows]
Task: {719FD2A7-059E-4ABA-8A5E-F0B3669BF468} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3018547421-3047776815-2594294699-1002Core => C:\Users\Others\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {760F93F6-4856-40EA-BA3E-670A6242F903} - System32\Tasks\{841ED8A7-9700-4EC2-AFAC-7D0C40CE99B1} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {7787DB71-A8F8-430D-B67F-3EDB4847B322} - System32\Tasks\{B0DE35BA-0B65-4405-926E-9323453B9049} => C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08] ()
Task: {78D7AC45-6008-43FF-AB4B-79567DFA9245} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3018547421-3047776815-2594294699-1001UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {7FD95889-D7A1-4856-9371-32A1EC001ACC} - System32\Tasks\{AA355906-9993-4A92-99EB-D2225FD94962} => C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {82BAA898-123A-4C13-9355-AE5F968F078E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3018547421-3047776815-2594294699-1002UA => C:\Users\Others\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8B4F3F7F-DA88-4237-9B4C-EFAB381A35DC} - System32\Tasks\{54566BA9-23FD-4B4F-A7A7-7B5CFB3D9C9D} => C:\Program Files\PC Malware Cleaner\PCMalwareCleaner.exe
Task: {93364D82-7D69-4B9E-9A01-86A5F5EC9C49} - System32\Tasks\{9F7B4C18-AD0C-4313-9EB7-86F0E4E852B0} => C:\Windows\system32\pcalua.exe -a C:\Users\Others\Desktop\Downloads\ASIO4ALL_2_14_English.exe -d C:\Users\Others\Desktop\Downloads
Task: {98EA53E8-4C03-4367-B5BB-EC323B8A4075} - System32\Tasks\{2A922E4F-0E10-444C-9A48-ADB1987C9436} => C:\Windows\twain_32\escndv\escndv.exe
Task: {A0E9D386-A3C6-4D27-9226-3559FE1249AF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A3CED4DA-5BD2-4D9D-9BDD-C89BBF76FA34} - System32\Tasks\{4097A791-3C2E-4E3A-89E0-1B7B71ABAB59} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFCA.EXE -c /R /APD /P:"EPSON NX410 Series"
Task: {A4FF7282-B8F2-4A95-B74F-C8428821D393} - \PCM_Others_PCMedic_RS_WeeklyTask -> No File <==== ATTENTION
Task: {B3D466DF-64A0-4805-A8AD-FED2FAAF8ADF} - System32\Tasks\{EA05CB4A-669C-4E4A-9FD7-BA8CB7EA3A0E} => C:\Users\Others\AppData\Local\Programs\Google\Google Photos Backup\uninstall.exe
Task: {B414C494-817D-4135-8CAA-EE13D647249B} - System32\Tasks\computer
Task: {B5E1BDCF-52C5-4D22-94E6-F352EA5F3B4A} - System32\Tasks\{A3319C44-3BD7-40AE-BC05-EC6E0DECD9EE} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00B42A24F236614C66281B2294F6D1940400000000002C4F8F.exe" -d "C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads"
Task: {C623562C-0280-4F0B-B940-AD1C915D251A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-15] (Google Inc.)
Task: {C83485A0-5B02-4FE3-A18B-BA81EBC94DED} - System32\Tasks\{C8EA013C-C013-4EE8-B734-FEEFDA3A76D2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\DriverUpdate\UninstallStub.exe" -c --log {53c9ebd2-f3f7-49bb-bdb4-147d3a4d5e6d}
Task: {D3DC9D5D-E55B-43CA-90C9-5FCCF85BC08E} - System32\Tasks\{A6904FE0-02D3-4424-A621-84D37548B5A6} => C:\Windows\system32\pcalua.exe -a C:\Users\Others\Favorites\Links\Pictures\vcredist_x86.exe -d "C:\New folder (5)"
Task: {DD225F1A-2EC8-43D0-9608-85D1FF536BAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-15] (Google Inc.)
Task: {E1AC87E3-4489-4EA6-94A6-001F21A1031A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3018547421-3047776815-2594294699-1001Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E79FAF68-1591-44E6-BE75-F6C6FB482264} - System32\Tasks\{1EAC4114-6F0B-40CF-9036-686B49C3F875} => C:\Windows\twain_32\escndv\escndv.exe
Task: {F109BEAF-8395-4D3A-B959-EFE00AE2198A} - System32\Tasks\{2FA46E0E-1E46-432A-98A3-99FF1C00D09A} => C:\Program Files\AVAST Software\Avast\avastui.exe
Task: {F32B5226-F3EA-4D69-BC3E-14AC47DD4065} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3018547421-3047776815-2594294699-1002
Task: {F658C27A-075B-4D3D-8FF3-8006D497DA9E} - System32\Tasks\{E85349FC-0463-412C-9743-3821CE816F94} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Task: {F78EC99D-B3CE-4660-9C38-7F1ED47F2E89} - System32\Tasks\{686E7EE8-9E36-40AD-AD74-6A3718399D06} => C:\Windows\system32\pcalua.exe -a D:\WalgreensPhotoShowExpressCD.exe -d D:\
Task: {FF1CA7D3-6085-4747-B2E9-0EB0B9A76992} - System32\Tasks\{1901B710-1E03-4E08-8CE2-10E374C341FC} => C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - nic).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SLIMDRIVERS STARTUP.JOB => C:\Program Files\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t C:\Program Files\TechUtilities\TechUtilities.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Others\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\Others\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\946dec44e1bde1bd\Save to Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmbmikajjgmnabiglmofipeabaddhgne
ShortcutWithArgument: C:\Users\Others\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\steph - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Others\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5deb03d6a682bc44\(4) Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb
ShortcutWithArgument: C:\Users\Others\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\nic - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-11 21:36 - 2003-03-13 07:36 - 00078336 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\LXBLPP5C.dll
2017-06-26 06:39 - 2017-06-26 06:39 - 00131952 ____C () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59028835.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59028835.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7937 more sites.
 
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\...\123simsen.com -> www.123simsen.com
 
There are 7935 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2017-07-07 09:14 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Others\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Adguard Service => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{F67D7A9A-AD95-40FD-A042-65F9C2F13BA6}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8C02A961-AE09-4C4E-A678-4DD197633950}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{94C606B9-E4F3-43FF-BED4-D0A621B00291}] => (Allow) C:\Users\Others\AppData\Local\Google\Chrome SxS\Application\chrome.exe
FirewallRules: [{2C5BD103-42DA-43C1-BA84-F79B2BC8FE52}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
26-07-2017 17:42:34 Windows Update
26-07-2017 19:48:30 Removed Microsoft Silverlight
27-07-2017 03:00:14 Windows Update
27-07-2017 14:47:02 Removed DriverUpdate
27-07-2017 14:55:37 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
29-07-2017 00:49:11 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB973688)
29-07-2017 10:52:49 Installed Microsoft Access database engine 2010 (English)
29-07-2017 11:37:43 Installed Compatibility Pack for the 2007 Office system
29-07-2017 11:46:37 Installed Microsoft Office Word Viewer 2003
29-07-2017 14:02:56 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
29-07-2017 14:04:08 Restore Point before Corrupt Patch Registry keys
29-07-2017 23:27:16 Windows Update
29-07-2017 23:41:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2017 09:30:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/29/2017 08:08:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean.exe" on line 2.
The manifest file root element must be assembly.
 
Error: (07/29/2017 03:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SlimCleanerPlus.exe, version: 2.5.10.0, time stamp: 0x580fbd88
Faulting module name: SlimCleanerPlus.exe, version: 2.5.10.0, time stamp: 0x580fbd88
Exception code: 0xc0000005
Fault offset: 0x0055cd27
Faulting process id: 0x7ec
Faulting application start time: 0x01d3089ec510218e
Faulting application path: C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Faulting module path: C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Report Id: fd7e1d5c-7494-11e7-a2ca-00e0b8ec0f73
 
Error: (07/29/2017 02:59:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/29/2017 10:15:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e64
 
Start Time: 01d30873a7229e44
 
Termination Time: 14
 
Application Path: C:\Windows\system32\NOTEPAD.EXE
 
Report Id: 2cd8d415-7467-11e7-a2bd-00e0b8ec0f73
 
Error: (07/29/2017 10:06:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e70
 
Start Time: 01d30873d9e570ea
 
Termination Time: 38
 
Application Path: C:\Windows\system32\NOTEPAD.EXE
 
Report Id: 23f2ddba-7467-11e7-a2bd-00e0b8ec0f73
 
Error: (07/29/2017 10:00:11 AM) (Source: MsiInstaller) (EventID: 1023) (User: w71107133-PC)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 - Update 'KB2565063' could not be installed. Error code 1603. Additional information is available in the log file C:\Users\Others\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20170729_095956672-MSI_vc_red.msi.txt.
 
Error: (07/29/2017 10:00:11 AM) (Source: MsiInstaller) (EventID: 10997) (User: w71107133-PC)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 -- Error 997.Overlapped I/O operation is in progress.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/29/2017 06:23:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/29/2017 05:02:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/29/2017 11:30:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.
 
Error: (07/29/2017 11:30:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB3213624) 32-Bit Edition.
 
Error: (07/29/2017 09:30:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/29/2017 09:29:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
 
Error: (07/29/2017 02:57:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/29/2017 02:57:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
 
Error: (07/29/2017 06:22:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/29/2017 06:21:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
 
Error: (07/29/2017 06:17:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SlimWare Utility Service Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/29/2017 05:01:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
CodeIntegrity:
===================================
  Date: 2017-07-12 13:07:41.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 10:50:51.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 10:33:52.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 10:14:38.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 09:55:34.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 09:19:57.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 05:54:19.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 05:25:42.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 05:17:20.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-12 05:09:24.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® M CPU 520 @ 1.60GHz
Percentage of memory in use: 84%
Total physical RAM: 1014.18 MB
Available physical RAM: 152.44 MB
Total Virtual: 3014.18 MB
Available Virtual: 1649.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:165.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CEC7B488)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 


#9 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 14 August 2017 - 03:30 AM

hope that helps you - probably sent to many - the more the merrier ?!  Look forward to your reply--- thanks-- fourshay (Steph)



#10 Broni

Broni

    Malware Annihilator

  • Moderators
  • 698 posts
  • LocationDaly City, CA

Posted 15 August 2017 - 12:13 AM

p22002970.gif Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


My Website

 

p22003266.jpg   p4279089.jpg

 


#11 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 16 August 2017 - 03:49 AM

Sorry it has  taken me so long but I have lots of trouble trying to locate the RKreport.txt  Not anywhere - I have searched every file/folder - Ran program twice - only detection I saw was my Slimware - which I do like - here are the others logs - which I already had ran before I requested your help -o hoping this helps - if not I plan on just deleting the user account - just really wanted to figure it out before I did - and btw not able to run any malware on the not-a-win32-user account - ran on other not infected user 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.07.08.01
  rootkit: v2017.05.27.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18697
Others :: W71107133-PC [administrator]
 
7/8/2017 2:03:43 AM
mbar-log-2017-07-08 (02-03-43).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 430423
Time elapsed: 58 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
# AdwCleaner v6.047 - Logfile created 13/07/2017 at 22:09:01
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-13.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Others - W71107133-PC
# Running from : C:\Users\Others\Favorites\Links\Pictures\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  swdumon
Service Found:  SlimService
Service Found:  slimservice
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Others\AppData\Local\slimware utilities inc
Folder Found:  C:\Users\Others\AppData\Local\YSearchUtil
Folder Found:  C:\Users\Others\AppData\Local\Downloaded Installers
Folder Found:  C:\Users\Others\AppData\Local\SlimWare Utilities Inc
Folder Found:  C:\ProgramData\SlimWare Utilities, Inc
Folder Found:  C:\ProgramData\Application Data\SlimWare Utilities, Inc
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Folder Found:  C:\Users\Public\Documents\Downloaded Installers
Folder Found:  C:\Program Files\slimcleaner plus
Folder Found:  C:\Program Files\slimservice
Folder Found:  C:\Program Files\Yahoo!\yset
Folder Found:  C:\Program Files\SlimCleaner Plus 
Folder Found:  C:\Program Files\SlimService
Folder Found:  C:\Program Files\SlimDrivers
Folder Found:  C:\Program Files\CleanMyPC
Folder Found:  C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
File Found:  C:\Windows\system32\drivers\swdumon.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  SlimCleaner Plus (Scheduled Scan - Others)
Task Found:  SlimDrivers Startup
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Key Found:  HKU\.DEFAULT\Software\CleanMyPC
Key Found:  HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\SlimWare Utilities Inc
Key Found:  HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\CleanMyPC
Key Found:  HKU\S-1-5-18\Software\CleanMyPC
Key Found:  HKCU\Software\SlimWare Utilities Inc
Key Found:  HKCU\Software\CleanMyPC
Key Found:  HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\CleanMyPC
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
Value Found:  HKU\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.goog...r/3097271?hl=en[!]
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3857 Bytes] - [21/04/2017 20:13:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [2484 Bytes] - [02/06/2017 08:30:21]
C:\AdwCleaner\AdwCleaner[C3].txt - [3817 Bytes] - [05/06/2017 23:36:10]
C:\AdwCleaner\AdwCleaner[C4].txt - [1965 Bytes] - [15/06/2017 09:55:27]
C:\AdwCleaner\AdwCleaner[C5].txt - [2283 Bytes] - [06/07/2017 18:45:24]
C:\AdwCleaner\AdwCleaner[C6].txt - [2016 Bytes] - [08/07/2017 16:45:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [3780 Bytes] - [21/04/2017 20:10:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [2639 Bytes] - [02/06/2017 07:13:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [3891 Bytes] - [05/06/2017 23:35:27]
C:\AdwCleaner\AdwCleaner[S3].txt - [2232 Bytes] - [15/06/2017 09:54:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [2575 Bytes] - [06/07/2017 18:44:51]
C:\AdwCleaner\AdwCleaner[S5].txt - [2301 Bytes] - [08/07/2017 16:43:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [4819 Bytes] - [13/07/2017 22:09:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4892 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x86 
Ran by Others (Administrator) on Sun 07/23/2017 at  9:17:22.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Others\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\ysearchutil (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Others).job (Task) 
Successfully deleted: C:\Windows\Tasks\SlimDrivers Startup.job (Task) 
Successfully deleted: C:\Program Files\slimcleaner plus (Folder) 
Successfully deleted: C:\Program Files\slimservice (Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OYGQJZJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZU8HOSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPX3H5UE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Others\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZA32IK2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OYGQJZJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZU8HOSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPX3H5UE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZA32IK2 (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/23/2017 at  9:28:28.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sending you a gmer rootkit rootkit and combo report
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-07-24 22:16:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0006 232.89GB
Running: gmer rootkit.exe; Driver: C:\Users\Others\AppData\Local\Temp\fwdoyuog.sys
 
 
---- System - GMER 2.2 ----
 
SSDT   \??\C:\Windows\System32\drivers\zamguard32.sys                                                                              ZwOpenProcess [0x87D9D104]
SSDT   \??\C:\Windows\System32\drivers\zamguard32.sys                                                                              ZwTerminateProcess [0x87D9D252]
 
---- Kernel code sections - GMER 2.2 ----
 
.text  ntkrnlpa.exe!ZwRenameKey + 1579                                                                                             83241F55 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      8327C312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 139F                                                                                         832839B4 4 Bytes  [04, D1, D9, 87]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                                         83283C84 4 Bytes  [52, D2, D9, 87]
?      c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36825A79-21B5-4AD5-9CAD-DF9EDE9AA8A5}\MpKslb3d40b47.sys  The system cannot find the path specified. !
 
---- User code sections - GMER 2.2 ----
 
.text  C:\Program Files\Zemana AntiMalware\ZAM.exe[944] kernel32.dll!CreateThread + 1C                                             759DDEFE 4 Bytes  CALL 0082B609 C:\Program Files\Zemana AntiMalware\ZAM.exe
.text  C:\Program Files\Zemana AntiMalware\ZAM.exe[2236] kernel32.dll!CreateThread + 1C                                            759DDEFE 4 Bytes  CALL 0082B609 C:\Program Files\Zemana AntiMalware\ZAM.exe
 
---- Registry - GMER 2.2 ----
 
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                          
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@A2369B09                                 762
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@7092AB09                                 768
Reg    HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@                                           %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
 
---- EOF - GMER 2.2 ----
 
 
 
ComboFix 17-05-16.14 - Others 06/19/2017  21:19:34.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1014.218 [GMT -4:00]
Running from: c:\users\Others\Desktop\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\Downloads.url
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\Google+.url
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\Photos - Google Photos.url
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\SlimBrowser Homepage.url
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\Terms of Use - ToolsLib.url
c:\users\Others\AppData\Roaming\Microsoft\Windows\Recent\Troubleshoot Installer - Chrome Help.url
.
.
(((((((((((((((((((((((((   Files Created from 2017-05-20 to 2017-06-20  )))))))))))))))))))))))))))))))
.
.
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- C:\$AV_ASW
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\Others\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\w71107133\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\user\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\Stephanie\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\nic\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2017-06-20 01:44 . 2017-06-20 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-20 01:11 . 2017-06-20 01:11 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85A7EBD1-3D72-436C-980B-8281CF4F4B16}\MpKsl51f6bebf.sys
2017-06-19 21:03 . 2017-06-19 21:03 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85A7EBD1-3D72-436C-980B-8281CF4F4B16}\offreg.828.dll
2017-06-19 18:07 . 2017-06-19 18:07 -------- dc----w- c:\program files\iPod
2017-06-19 18:04 . 2017-06-19 18:11 -------- dc----w- c:\program files\iTunes
2017-06-19 18:01 . 2017-06-19 18:01 -------- dc----w- c:\program files\Bonjour
2017-06-19 17:50 . 2017-06-19 17:50 -------- dc----w- c:\program files\Apple Software Update
2017-06-19 17:47 . 2017-06-19 17:59 -------- d-----w- c:\program files\Common Files\Apple
2017-06-19 13:00 . 2017-05-23 17:59 10555024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85A7EBD1-3D72-436C-980B-8281CF4F4B16}\mpengine.dll
2017-06-19 01:42 . 2017-06-19 01:42 -------- d-----w- c:\users\nic\AppData\Roaming\AVAST Software
2017-06-18 07:42 . 2017-05-23 17:59 10555024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-06-17 09:43 . 2017-06-17 09:43 -------- d-----w- c:\programdata\SWCUTemp
2017-06-17 05:51 . 2017-06-17 05:49 31064 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-06-17 02:38 . 2017-06-17 00:57 330768 ----a-w- c:\windows\system32\aswBoot.exe
2017-06-17 02:16 . 2017-06-17 02:16 -------- d-----w- c:\users\Others\AppData\Roaming\AVAST Software
2017-06-17 01:06 . 2017-06-17 02:46 115152 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-06-17 01:06 . 2017-06-17 01:04 279800 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-06-17 01:06 . 2017-06-17 01:04 482608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-06-17 01:06 . 2017-06-17 01:04 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-06-17 01:06 . 2017-06-17 01:04 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-06-17 01:06 . 2017-06-17 01:04 107928 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-06-17 01:06 . 2017-06-17 01:04 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-06-17 01:06 . 2017-06-17 00:54 764576 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-06-17 01:06 . 2017-06-17 00:53 41664 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-06-17 01:06 . 2017-06-17 00:53 268016 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-06-17 01:06 . 2017-06-17 00:53 148696 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-06-17 01:06 . 2017-06-17 00:53 258288 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-06-17 00:50 . 2017-06-17 05:48 -------- dc----w- c:\program files\AVAST Software
2017-06-16 01:44 . 2017-06-19 18:14 -------- d-----w- c:\users\Others\AppData\Local\Apple Computer
2017-06-16 01:44 . 2017-06-19 18:14 -------- d-----w- c:\users\Others\AppData\Roaming\Apple Computer
2017-06-16 01:32 . 2017-06-19 18:04 -------- d-----w- c:\programdata\Apple Computer
2017-06-16 01:30 . 2017-06-16 01:30 -------- d-----w- c:\users\Others\AppData\Local\Apple
2017-06-16 01:30 . 2017-06-19 18:00 -------- d-----w- c:\programdata\Apple
2017-06-14 02:48 . 2017-06-14 02:48 -------- d-----w- C:\SymCache
2017-06-14 00:23 . 2017-06-14 00:23 -------- d-----w- c:\windows\PCHEALTH
2017-06-13 20:16 . 2017-05-14 18:54 579584 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll
2017-06-11 04:20 . 2017-06-20 00:40 220576 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-11 04:19 . 2017-05-25 15:58 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-06-10 07:01 . 2017-06-07 07:31 916160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94352032-0AA1-463E-80C7-B690266DF055}\gapaengine.dll
2017-06-08 01:09 . 2017-06-10 04:54 -------- d-----w- c:\users\Others\New folder
2017-06-06 20:22 . 2017-06-06 20:22 -------- d-----w- c:\program files\Common Files\AV
2017-06-06 18:52 . 2015-06-16 21:19 18688 ----a-w- c:\windows\system32\sdnclean.exe
2017-06-05 19:59 . 2017-06-05 19:59 18412800 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2017-06-03 13:36 . 2017-06-03 13:36 -------- d-----w- c:\users\Others\AppData\Local\Opera Software
2017-06-03 13:32 . 2017-06-03 13:32 -------- d-----w- c:\users\Others\AppData\Roaming\Opera Software
2017-06-03 13:19 . 2017-06-14 19:11 -------- dc----w- c:\program files\Opera
2017-06-03 13:01 . 2017-06-03 15:26 -------- d-----w- c:\program files\Common Files\COMODO
2017-06-03 12:48 . 2017-06-03 13:01 -------- d-----w- c:\programdata\COMODO
2017-06-03 06:29 . 2017-06-03 06:29 -------- d-----w- c:\users\Others\AppData\Local\Avg
2017-06-03 03:25 . 2017-06-03 03:25 -------- d-----w- c:\users\Others\AppData\Roaming\U3
2017-06-02 16:42 . 2017-06-02 16:43 -------- d-----w- c:\users\Others\AppData\Local\tkdata
2017-06-02 10:48 . 2017-06-02 12:29 -------- d-----w- C:\d273ef2cba1839e9d7587b
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-20 00:39 . 2017-03-24 18:12 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2017-06-20 00:39 . 2013-11-08 15:56 28160 ----a-w- c:\windows\system32\drivers\oem-drv86.sys
2017-06-17 17:48 . 2013-11-07 19:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-17 17:48 . 2013-11-07 19:04 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-06-07 07:31 . 2013-12-06 23:42 916160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2017-05-30 20:45 . 2013-11-07 18:51 456360 ------w- c:\windows\system32\MpSigStub.exe
2017-04-21 15:15 . 2017-05-11 19:32 805376 ----a-w- c:\windows\system32\cdosys.dll
2017-04-17 15:12 . 2017-05-11 19:32 171008 ----a-w- c:\windows\system32\winsrv.dll
2017-04-17 15:12 . 2017-05-11 19:33 377344 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:12 . 2017-05-11 19:33 581632 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:12 . 2017-05-11 19:33 1417728 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:12 . 2017-05-11 19:32 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:12 . 2017-05-11 19:32 294400 ----a-w- c:\windows\system32\KernelBase.dll
2017-04-17 15:12 . 2017-05-11 19:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-17 15:12 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-17 14:54 . 2017-05-11 19:32 7168 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 14:51 . 2017-05-11 19:32 271360 ----a-w- c:\windows\system32\conhost.exe
2017-04-17 14:48 . 2017-05-11 19:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-17 14:48 . 2017-05-11 19:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-17 14:48 . 2017-05-11 19:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-17 14:48 . 2017-05-11 19:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 15:26 . 2017-05-11 19:32 179200 ----a-w- c:\windows\system32\wintrust.dll
2017-04-12 15:25 . 2017-05-11 19:33 1176064 ----a-w- c:\windows\system32\crypt32.dll
2017-04-12 15:25 . 2017-05-11 19:32 145920 ----a-w- c:\windows\system32\cryptsvc.dll
2017-04-12 15:25 . 2017-05-11 19:32 106496 ----a-w- c:\windows\system32\cryptnet.dll
2017-04-09 02:59 . 2017-04-09 03:01 921280 ----a-w- c:\windows\ucrtbase.dll
2017-04-07 15:26 . 2017-05-11 19:33 730344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-04-07 15:26 . 2017-05-11 19:33 218856 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-04-07 15:20 . 2017-05-11 19:32 107520 ----a-w- c:\windows\system32\cdd.dll
2017-04-05 15:00 . 2017-05-11 19:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2017-04-05 15:00 . 2017-05-11 19:33 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-04-05 15:00 . 2017-05-11 19:32 116224 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-04-04 15:25 . 2017-05-11 19:33 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-04-04 15:25 . 2017-05-11 19:33 240872 ----a-w- c:\windows\system32\drivers\netio.sys
2017-04-04 15:25 . 2017-05-11 19:33 187624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2017-04-04 14:52 . 2017-05-11 19:33 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2017-03-27 00:33 . 2017-03-27 00:33 28344 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-27 00:33 . 2017-03-27 00:33 19104 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-27 00:33 . 2017-03-27 00:33 19104 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-27 00:33 . 2017-03-27 00:33 19104 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-23 14:04 . 2017-04-07 04:00 3209216 ----a-w- c:\windows\system32\pwNative.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-06-17 00:56 1192144 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-06-17 213824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2017-05-09 267064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2017-06-17 31064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-06-17 764576]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-11-08 110920]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-11-08 333128]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-06-17 34136]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BCMH43XX;Dynex Wireless N USB Adapter Driver;c:\windows\system32\DRIVERS\DX432386.sys [x]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-05-14 104960]
R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\drivers\iusb3hub.sys [2012-12-21 359560]
R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-21 792712]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-11-15 280864]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2016-02-02 16024]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2016-11-24 13064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-17 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2016-02-02 1570520]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-10-17 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-17 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-07 1343400]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-06-20 220576]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2017-06-20 28160]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2015-03-05 17160]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-06-17 258288]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-06-17 482608]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 MpKsl51f6bebf;MpKsl51f6bebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85A7EBD1-3D72-436C-980B-8281CF4F4B16}\MpKsl51f6bebf.sys [2017-06-20 39168]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-06-17 107928]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-06-17 115152]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2013-10-17 21504]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2016-02-02 837848]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-06-17 5732136]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 379904]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2012-03-27 319264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWBIDSDRIVER
*NewlyCreated* - ASWBIDSH
*NewlyCreated* - ASWBLOG
*NewlyCreated* - ASWBUNIV
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSTM
*NewlyCreated* - MPKSL51F6BEBF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ    DiagTrack
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-06-15 18:55 1394008 ----a-w- c:\program files\Google\Chrome\Application\59.0.3071.104\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
mStart Page = 
uInternet Settings,ProxyServer = localhost:8080
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-06-19  21:50:00
ComboFix-quarantined-files.txt  2017-06-20 01:49
ComboFix2.txt  2017-06-16 18:21
.
Pre-Run: 179,516,338,176 bytes free
Post-Run: 179,443,343,360 bytes free
.
- - End Of File - - 9995E34D6A9F5C70BE87FF5FA021691C
A36C5E4F47E84449FF07ED3517B43A31
 

 



#12 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 16 August 2017 - 03:50 PM

well  it  has  taken me a while but the version of RogueKiller had a bad behavior Win32 trojan attached somehow and I wasn't  getting a report because it would shut down 3/4 threw scan - but did do one and finally found it log -  hope to hear from you soon- thank You

 

RogueKiller V12.11.5.0 [Jul  3 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Others [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 07/06/2017 16:53:39 (Duration : 00:52:18)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Deleted
[PUP.Gen1] HKEY_USERS\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\SlimWare Utilities Inc -> Deleted
[PUM.Proxy] HKEY_USERS\S-1-5-21-3018547421-3047776815-2594294699-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.ini -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Others\AppData\Local\SlimWare Utilities Inc -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433164140000783.log -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433173514076950.log -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433175143340138.log -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433188461931918.log -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433191465733726.log -> Deleted
[PUP.Gen1][File] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers\US-131433195409799313.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Others\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][Firefox:Config] 7w91byg6.default : user_pref("network.proxy.type", 2); -> Replaced (0)
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://myaccount.go..._all_playlists]-> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9250315ASG +++++
--- User ---
[MBR] a7b37a91d4661ddcf98f14e34cf1add1
[BSP] e6cc903cc3b1a491906d5acbfc6fe520 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#13 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 16 August 2017 - 10:20 PM

hey  just wanted to let you know I am almost always up late and will be checking here often -- thanks !



#14 Broni

Broni

    Malware Annihilator

  • Moderators
  • 698 posts
  • LocationDaly City, CA

Posted 17 August 2017 - 12:47 AM

Please always follow my instructions.
Do Not run tools I'm not asking for.

 

I still need a log from Malwarebytes (not Anti-Rootkit). See my previous instructions.


My Website

 

p22003266.jpg   p4279089.jpg

 


#15 fourshay

fourshay

    Member

  • Members
  • Pip
  • 13 posts

Posted 18 August 2017 - 03:11 AM

good evening - here is your Malware Scan - and I didn't run any new programs - those were ones I had already done 

 

I was curious - pretty sure this has to be a corrupted file from a download in Feb 2017 ( when this started) find some old notes and 

could this be anything (found in Microsoft-Windows-Diagnostic-Performance file)?? 

Viewer Config-Diagnostic-results config-columns-Levels- type>"system string">path "Event/System/Level" Processor ID type >system.uint32 >path -event ??

 

I only remember during Feb 2017 had Microsoft/Windows guys on phone helping get the Windows Powershell Modules set-up

I did find another file with Optional MDT Tool - like 8 or 10 files with directions - however- were not able to be viewed error in Microsoft Word - also 3 files were for Windows 8 and the others were for Windows 7 - I realize that documents can't change a path but if I was downloaded aWindow 8 update would mess things up ??  Correct ??  

 

Thank You4CA4E101DA4319892964CD6BF3A368FC9613ABC1985082C9D962BA0C69654AAD

{
   "applicationVersion" : "3.1.2.1733",
   "clientID" : "MbamUI",
   "clientType" : "fullUIScan",
   "componentsUpdatePackageVersion" : "1.0.160",
   "cpu" : "x86",
   "dbSDKUpdatePackageVersion" : "1.0.2602",
   "detectionDateTime" : "2017-08-16T18:32:16Z",
   "fileSystem" : "NTFS",
   "id" : "3adb7da4-82b1-11e7-9085-00e0b8ec0f73",
   "isUserAdmin" : true,
   "licenseState" : "free",
   "linkagePhaseComplete" : true,
   "loggedOnUserName" : "w71107133-PC\\nic",
   "machineID" : "",
   "os" : "Windows 7 Service Pack 1",
   "schemaVersion" : 3,
   "sourceDetails" : {
      "objectsScanned" : 418217,
      "scanEndTime" : "2017-08-16T19:07:43Z",
      "scanOptions" : {
         "pumHandling" : "detect",
         "pupHandling" : "detect",
         "scanArchives" : true,
         "scanFileSystem" : true,
         "scanMemoryObjects" : true,
         "scanPUMs" : true,
         "scanPUPs" : true,
         "scanRookits" : false,
         "scanStartupAndRegistry" : true,
         "scanType" : "threat",
         "useHeuristics" : true
      },
      "scanResult" : "completed",
      "scanStartTime" : "2017-08-16T18:32:16Z",
      "scanState" : "completed",
      "type" : "scan"
   },
   "threats" : [
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:29Z",
            "generatedByPostCleanupAction" : false,
            "id" : "f7947ef0-82b1-11e7-96b2-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "HKLM\\SOFTWARE\\CLASSES\\APPID\\{1BD47D21-01F4-4538-9290-39FD569A0F24}",
            "objectSha256" : "",
            "objectType" : "regKey",
            "suggestedAction" : {
               "fileDelete" : false,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : true,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 335822,
         "rulesVersion" : "1.0.2602",
         "threatID" : 946,
         "threatName" : "PUP.Optional.DriverUpdate"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:29Z",
            "generatedByPostCleanupAction" : false,
            "id" : "a323f066-82b2-11e7-b3ea-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "HKLM\\SOFTWARE\\CLASSES\\APPID\\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}",
            "objectSha256" : "",
            "objectType" : "regKey",
            "suggestedAction" : {
               "fileDelete" : false,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : true,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 335820,
         "rulesVersion" : "1.0.2602",
         "threatID" : 946,
         "threatName" : "PUP.Optional.DriverUpdate"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "ignore",
            "cleanContext" : {
            },
            "cleanResult" : "ignored",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:26Z",
            "generatedByPostCleanupAction" : false,
            "id" : "5ba6a578-82b5-11e7-a673-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "93F9A21A33FA27F8C6B38E320CB2EDEB",
            "objectPath" : "C:\\WINDOWS\\TASKS\\SLIMCLEANER PLUS (SCHEDULED SCAN - OTHERS).JOB",
            "objectSha256" : "1B09116FD70400DF768BA62E497F0971F0B7B733062B252C85682431F640BBBC",
            "objectType" : "file",
            "suggestedAction" : {
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 331621,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "ignore",
            "cleanContext" : {
            },
            "cleanResult" : "ignored",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:26Z",
            "generatedByPostCleanupAction" : false,
            "id" : "70cced54-82b5-11e7-a743-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "515429F79E4D832F3870976A646D542B",
            "objectPath" : "C:\\WINDOWS\\TASKS\\SlimCleaner Plus (Scheduled Scan - nic).job",
            "objectSha256" : "C214FBDF217CCAE64D06E8A15EFB8FA06AED131168F59018353A6CBCE5DAF4D8",
            "objectType" : "file",
            "suggestedAction" : {
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 331621,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "duplicate",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:02:25Z",
            "generatedByPostCleanupAction" : false,
            "id" : "70fbed48-82b5-11e7-9667-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "93F9A21A33FA27F8C6B38E320CB2EDEB",
            "objectPath" : "C:\\WINDOWS\\TASKS\\SlimCleaner Plus (Scheduled Scan - Others).job",
            "objectSha256" : "1B09116FD70400DF768BA62E497F0971F0B7B733062B252C85682431F640BBBC",
            "objectType" : "file",
            "suggestedAction" : {
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 331621,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
               "regValueDeleteData" : {
                  "valueData" : "SlimCleaner Plus",
                  "valueType" : 1
               }
            },
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:30Z",
            "generatedByPostCleanupAction" : false,
            "id" : "9fbb9f34-82b5-11e7-a858-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}|DISPLAYNAME",
            "objectSha256" : "",
            "objectType" : "regValue",
            "suggestedAction" : {
               "fileDelete" : false,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : true,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 335437,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:09:30Z",
            "generatedByPostCleanupAction" : false,
            "id" : "9fbb9f35-82b5-11e7-9d39-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}",
            "objectSha256" : "",
            "objectType" : "regKey",
            "suggestedAction" : {
               "fileDelete" : false,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : true,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 335437,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      },
      {
         "linkedTraces" : [
 
         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "duplicate",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-08-16T19:05:36Z",
            "generatedByPostCleanupAction" : false,
            "id" : "e29443b0-82b5-11e7-8837-00e0b8ec0f73",
            "linkType" : "none",
            "objectMD5" : "515429F79E4D832F3870976A646D542B",
            "objectPath" : "C:\\WINDOWS\\TASKS\\SLIMCLEANER PLUS (SCHEDULED SCAN - NIC).JOB",
            "objectSha256" : "C214FBDF217CCAE64D06E8A15EFB8FA06AED131168F59018353A6CBCE5DAF4D8",
            "objectType" : "file",
            "suggestedAction" : {
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : false,
               "useDDA" : false
            }
         },
         "ruleID" : 331621,
         "rulesVersion" : "1.0.2602",
         "threatID" : 780,
         "threatName" : "PUP.Optional.SlimCleanerPlus"
      }
   ],
   "threatsDetected" : 8
}