Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help please with "The requested resource is in use" virus

Started by Tristen2285 , Apr 08 2017 08:00 AM

  • This topic is locked This topic is locked

#1
Tristen2285
Posted 08 April 2017 - 08:00 AM

Tristen2285

    Member

  • Member
  • PipPip
  • 15 posts

Hello my name is Tristen and I need help ridding my computer of the requested resource in use virus. I have tried everything and i cannot run any kind of antvirus or Malware remover. I am at a loss. Can u Please help? I tried to follow the instructions you left in another thread but i could not open the apps needed. I got the same error message.

Thank you

 

 
LastRegBack: 2015-07-18 18:37
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Tristen (08-04-2017 09:48:01)
Running from C:\Users\Tristen\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-04-07 17:56:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1336182512-3399560752-349346916-500 - Administrator - Disabled)
Guest (S-1-5-21-1336182512-3399560752-349346916-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1336182512-3399560752-349346916-1002 - Limited - Enabled)
Tristen (S-1-5-21-1336182512-3399560752-349346916-1000 - Administrator - Enabled) => C:\Users\Tristen
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
BitTorrent (HKU\S-1-5-21-1336182512-3399560752-349346916-1000\...\BitTorrent) (Version: 7.10.0.43581 - BitTorrent Inc.)
DragonBoost (HKU\S-1-5-21-1336182512-3399560752-349346916-1000\...\DragonBoost) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {5C845B23-CA74-4CBB-A34B-5CD8FE5188D1} - System32\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe 
Task: {6599B4DE-2EAF-4664-831C-239C2F3F7B2E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-07] (AVAST Software)
Task: {CAE4C472-ACD9-4B6B-9FAD-815EDBD89201} - System32\Tasks\SafeZone scheduled Autoupdate 1491590369 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {D007D36E-596F-42C6-9EEA-FE543D25586F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-07] (AVAST Software)
Task: {DFAB22F1-0DAF-493D-A84B-9477F25FC44B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
Task: {FFF02F7F-4D7E-4A50-9030-CDEB4E0DFE67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2017-01-13 20:09 - 2017-01-13 20:09 - 00896512 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-01-20 20:18 - 2017-01-20 20:18 - 01087488 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1336182512-3399560752-349346916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F2982C82-869C-46CC-9FD6-501D898061B8}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{0A7A773F-930E-4A0A-A55E-74FFFF4568F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F1485D9-5E89-4BB5-9C02-EAC25B34BA78}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [TCP Query User{BB06EA5A-55F2-4038-B656-484130CBD771}C:\users\tristen\downloads\bittorrent.exe] => (Allow) C:\users\tristen\downloads\bittorrent.exe
FirewallRules: [UDP Query User{BAA466E0-2753-40B2-A32D-0A24D0F48D00}C:\users\tristen\downloads\bittorrent.exe] => (Allow) C:\users\tristen\downloads\bittorrent.exe
FirewallRules: [TCP Query User{2B3B8088-1D59-467A-A4F8-CCC21372B091}C:\users\tristen\downloads\bittorrent (1).exe] => (Allow) C:\users\tristen\downloads\bittorrent (1).exe
FirewallRules: [UDP Query User{975871EB-AF26-4FAA-9F09-1A40619861C0}C:\users\tristen\downloads\bittorrent (1).exe] => (Allow) C:\users\tristen\downloads\bittorrent (1).exe
FirewallRules: [{8C70164A-7CC9-43A2-8270-8DA0A28244DB}] => (Allow) C:\Users\Tristen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D7B1D7A1-97C9-47B1-8EE9-F4C17C16B70E}] => (Allow) C:\Users\Tristen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1676521B-7899-46A0-9EB5-8CB3F48BE864}] => (Allow) C:\Windows\system32\rundll32.exe
 
==================== Restore Points =========================
 
07-04-2017 14:35:21 Removed DriverUpdate
07-04-2017 14:45:20 Windows Update
07-04-2017 15:26:01 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
07-04-2017 15:27:00 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
07-04-2017 18:37:05 Installed WeatherBuddy
07-04-2017 18:54:24 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-04-2017 02:53:21 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/08/2017 09:11:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2017 09:07:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2017 09:04:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2017 07:51:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2017 04:42:51 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: System.AddIn.Contract, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
 
Error: (04/08/2017 04:42:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: PresentationFramework.Aero, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
 
Error: (04/08/2017 03:24:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SisterLocation.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13f8
 
Start Time: 01d2b037afe34df6
 
Termination Time: 665
 
Application Path: C:\Users\Tristen\Desktop\SisterLocation.exe
 
Report Id: 6886077e-1c2c-11e7-987e-00188b01b4d4
 
Error: (04/08/2017 02:47:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/08/2017 02:34:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BlueStacks.exe version 2.6.108.8112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1044
 
Start Time: 01d2b02bc1bf02c5
 
Termination Time: 2616
 
Application Path: C:\Program Files (x86)\BlueStacks\BlueStacks.exe
 
Report Id: 5bfcf501-1c25-11e7-bdc6-00188b01b4d4
 
Error: (04/08/2017 02:26:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...A77BB70D54.crt>with error: This operation returned because the timeout period expired.
.
 
 
System errors:
=============
Error: (04/08/2017 09:09:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error: 
The requested resource is in use.
 
Error: (04/08/2017 09:08:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
 
Error: (04/08/2017 09:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/08/2017 09:06:28 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 2550.14 MB
Available physical RAM: 819.41 MB
Total Virtual: 5098.49 MB
Available Virtual: 3016.6 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.79 GB) (Free:73.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: E8000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

  • 0

Advertisements

#2
zep516
Posted 08 April 2017 - 08:07 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please re- post the FRST.TXT log, it's missing and I'll get back to you

Please refrain from trying to remove this yourself or downloading additional software to do it.
  • 0

#3
Tristen2285
Posted 08 April 2017 - 01:27 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you so much for the help
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Tristen (administrator) on TRISTEN-PC (08-04-2017 09:46:53)
Running from C:\Users\Tristen\Desktop
Loaded Profiles: Tristen (Available Profiles: Tristen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Users\Tristen\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Windows\System32\tprdpw32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Tristen\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(BitTorrent Inc.) C:\Users\Tristen\AppData\Roaming\BitTorrent\updates\7.10.0_43581\bittorrentie.exe
(BitTorrent Inc.) C:\Users\Tristen\AppData\Roaming\BitTorrent\updates\7.10.0_43581\bittorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(winscr) C:\Users\Tristen\AppData\Local\ntuserlitelist\winscr\winscr.exe
() C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-07] (AVAST Software)
HKLM-x32\...\Run: [cpx] => "C:\Users\Tristen\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Tristen\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1336182512-3399560752-349346916-1000\...\Run: [BitTorrent] => C:\Users\Tristen\AppData\Roaming\BitTorrent\BitTorrent.exe [2411720 2017-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-1336182512-3399560752-349346916-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-07] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{340C988A-007F-4E16-AEC3-E43E7A3097A7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1336182512-3399560752-349346916-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-07] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-07] (AVAST Software)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-07] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyB0D0C0Czz0D0E0FzyzytN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DzytD0B0EyEzytGtCzzzz0CtGtAyEzz0DtGzzyCzztCtGtB0EtAyD0CzztAtD0C0FzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyBtA0C0D0C0FtGyC0B0C0CtGyByByB0CtG0AyCyEtBtGtBtC0BtCzz0EyDyC0BzytBtD2Q&cr=2043173850&ir=","hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyB0D0C0Czz0D0E0FzyzytN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0E0ByB0BzytGtCyC0E0AtG0A0FyDyDtGtD0C0CyCtGtC0A0F0D0DzyyCyB0E0Czy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyBtA0C0D0C0FtGyC0B0C0CtGyByByB0CtG0AyCyEtBtGtBtC0BtCzz0EyDyC0BzytBtD2Q&cr=1365799729&ir=","hxxp://mysearch.avg.com?cid={2818E73F-ADE5-42DF-A1B3-827AF747B3EC}&mid=e08b3506f3de47d29351d16c2299257e-78a379097ad577a71bf8e1f2dcab1db0135f63c1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-09 22:26:06&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://google.com/
hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ch&cd={2818E73F-ADE5-42DF-A1B3-827AF747B3EC}&cr=2043173850&ir=
hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyB0D0C0Czz0D0E0FzyzytN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0E0ByB0BzytGtCyC0E0AtG0A0FyDyDtGtD0C0CyCtGtC0A0F0D0DzyyCyB0E0Czy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyBtA0C0D0C0FtGyC0B0C0CtGyByByB0CtG0AyCyEtBtGtBtC0BtCzz0EyDyC0BzytBtD2Q&cr=1365799729&ir=
hxxp://mysearch.avg.com?cid={2818E73F-ADE5-42DF-A1B3-827AF747B3EC}&mid=e08b3506f3de47d29351d16c2299257e-78a379097ad577a71bf8e1f2dcab1db0135f63c1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-09 22:26:06&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://www.key-find.com/?type=hppp&ts=1397332281&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1397772170&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1397798400&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398132572&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398198487&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398201089&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398201244&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398228127&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398294833&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398310760&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398325201&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398375186&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398379692&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398393935&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398400889&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398429744&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398630998&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398633066&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398661174&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398732642&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://www.key-find.com/?type=hppp&ts=1398802445&from=tugs&uid=TOSHIBAXMK2555GSX_791GTGPZTXX791GTGPZT","hxxp://mysearch.avg.com?cid={2818E73F-ADE5-42DF-A1B3-827AF747B3EC}&mid=e08b3506f3de47d29351d16c2299257e-78a379097ad577a71bf8e1f2dcab1db0135f63c1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-09 22:26:06&v=18.1.5.512&pid=safeguard&sg=&sap=hp","hxxp://searchy.easylifeapp.com/","chrome://newtab/"
CHR NewTab: Default ->  Not-active:"chrome-extension://algadicmefalojnlclaalabdcjnnmclc/stubby.html"
CHR Profile: C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Google Slides) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-07]
CHR Extension: (RadioRage) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\algadicmefalojnlclaalabdcjnnmclc [2017-04-07]
CHR Extension: (From Dust) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-07]
CHR Extension: (Google Drive) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-07]
CHR Extension: (MEGA) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-04-08]
CHR Extension: (YouTube) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-07]
CHR Extension: (Google Sheets) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-07]
CHR Extension: (AdBlock) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-07]
CHR Extension: (Avast Online Security) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-08]
CHR Extension: (Don't Tap The White Tile - Piano Tiles) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbffnddkpojlhaikfemlpfglhmkckjeg [2017-04-07]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2017-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-07]
CHR Extension: (Adblock Pro) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-04-07]
CHR Extension: (Gmail) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-07] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-07] (AVAST Software)
R2 Dataup; C:\Users\Tristen\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-07] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-07] (AVAST Software)
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 smwdm; C:\Windows\System32\drivers\smwdm.sys [348032 2005-11-29] (Analog Devices, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-08 09:34 - 2017-04-08 09:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tristen\Desktop\eXplorer.exe
2017-04-08 09:32 - 2017-04-08 09:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tristen\Desktop\iExplore (1).exe
2017-04-08 09:30 - 2017-04-08 09:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tristen\Desktop\iExplore.exe
2017-04-08 09:24 - 2017-04-08 09:24 - 03139200 _____ (ESET) C:\Users\Tristen\Desktop\eset_nod32_antivirus_live_installer.exe
2017-04-08 09:24 - 2017-04-08 09:24 - 03139200 _____ (ESET) C:\Users\Tristen\Desktop\eset_nod32_antivirus_live_installer (1).exe
2017-04-08 09:04 - 2017-04-08 09:04 - 00000000 ____D C:\Windows\pss
2017-04-08 08:36 - 2017-04-08 08:36 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Tristen\Desktop\SpyHunter-Installer.exe
2017-04-08 08:25 - 2017-04-08 08:28 - 59272008 _____ (Malwarebytes ) C:\Users\Tristen\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-08 08:18 - 2017-04-08 08:18 - 03212664 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tristen\Desktop\AVG_Antivirus_Free_1435.exe
2017-04-08 08:15 - 2017-04-08 08:15 - 04089296 _____ C:\Users\Tristen\Desktop\AdwCleaner.exe
2017-04-08 08:05 - 2017-04-08 09:46 - 00000000 ____D C:\FRST
2017-04-08 08:05 - 2017-04-08 08:05 - 02424832 _____ (Farbar) C:\Users\Tristen\Desktop\FRST64.exe
2017-04-08 04:14 - 2017-04-08 04:21 - 2523604943 _____ C:\Users\Tristen\Downloads\Garry's Mod 14.zip
2017-04-08 03:00 - 2017-04-08 07:55 - 00000000 ____D C:\Users\Tristen\AppData\Local\llssoft
2017-04-08 02:51 - 2017-04-08 04:52 - 00000000 ____D C:\Users\Tristen\AppData\Local\ntuserlitelist
2017-04-08 01:54 - 2017-04-08 01:54 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\Mozilla
2017-04-08 01:49 - 2017-04-08 01:49 - 00000552 _____ C:\Users\Tristen\AppData\Local\TroubleshooterConfig.json
2017-04-08 01:45 - 2017-04-08 01:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-04-08 01:37 - 2017-04-08 08:15 - 00000000 ____D C:\Users\Tristen\AppData\Local\Bluestacks
2017-04-08 01:04 - 2017-04-08 01:15 - 328392944 _____ (BlueStack Systems Inc.) C:\Users\Tristen\Downloads\BlueStacks2_native_e75b3c8d3fae1ed12e72346d74fdbc3c.exe
2017-04-08 00:57 - 2016-12-06 19:22 - 950556728 _____ C:\Users\Tristen\Desktop\SisterLocation.exe
2017-04-08 00:56 - 2017-04-08 00:56 - 00001855 _____ C:\Users\Tristen\Desktop\Five Nights at Freddy's 3 v1.01.lnk
2017-04-08 00:37 - 2017-04-08 00:37 - 02179856 _____ C:\Users\Tristen\Downloads\winrar-x64-540.exe
2017-04-08 00:37 - 2017-04-08 00:37 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-08 00:37 - 2017-04-08 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-08 00:37 - 2017-04-08 00:37 - 00000000 ____D C:\Program Files\WinRAR
2017-04-08 00:35 - 2017-04-08 00:35 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\WinRAR
2017-04-08 00:34 - 2017-04-08 02:45 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-04-08 00:34 - 2017-04-08 00:34 - 01769680 _____ C:\Users\Tristen\Downloads\wrar501.exe
2017-04-08 00:23 - 2017-04-08 00:27 - 119417473 ____R C:\Users\Tristen\Downloads\Five_Nights_at_Freddys_3_v1.01_setup.exe
2017-04-07 23:12 - 2016-12-06 19:44 - 00000000 ____D C:\Users\Tristen\Downloads\Five.Nights.at.Freddys.Sister.Location.v1.121
2017-04-07 22:03 - 2017-04-08 00:08 - 00000000 ____D C:\Users\Tristen\Downloads\Garry's Mod
2017-04-07 21:43 - 2017-04-07 22:55 - 958755054 ____R C:\Users\Tristen\Downloads\Five.Nights.at.Freddys.Sister.Location.v1.121.rar
2017-04-07 20:57 - 2017-04-07 20:57 - 00000000 ____D C:\Users\Tristen\AppData\Local\Nox
2017-04-07 20:56 - 2017-04-07 20:56 - 00000000 ____D C:\Users\Tristen\Downloads\Clash-Royale
2017-04-07 20:55 - 2017-04-07 21:14 - 221572232 ____R ( ) C:\Users\Tristen\Downloads\GMT-MAX.ORG_Five Nights at Freddy's 2 v1.0 setup.exe
2017-04-07 20:53 - 2016-12-03 17:26 - 90888515 _____ C:\Users\Tristen\Downloads\clashroyale-113.apk
2017-04-07 20:53 - 2016-12-03 15:35 - 00000139 _____ C:\Users\Tristen\Downloads\How_to_install.txt
2017-04-07 20:53 - 2016-12-02 10:29 - 310779272 _____ (Duodian Technology Co. Ltd.) C:\Users\Tristen\Downloads\nox_setup_v3.7.5.1_full_En.exe
2017-04-07 20:23 - 2017-04-07 20:23 - 00000000 ____D C:\Windows.old
2017-04-07 19:47 - 2017-04-08 01:04 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\MMFApplications
2017-04-07 19:46 - 2017-04-07 19:46 - 00001841 _____ C:\Users\Tristen\Desktop\Five nights at freddys.lnk
2017-04-07 19:43 - 2017-04-07 21:44 - 00000000 ____D C:\Users\Tristen\Downloads\Five.Nights.at.Freddys.Sister.Location-HI2U
2017-04-07 19:40 - 2017-04-07 19:40 - 00000000 ____D C:\Windows\CSC
2017-04-07 18:41 - 2017-04-07 18:41 - 355802252 _____ C:\Windows\MEMORY.DMP
2017-04-07 18:41 - 2017-04-07 18:41 - 00277328 _____ C:\Windows\Minidump\040717-55427-01.dmp
2017-04-07 18:41 - 2017-04-07 18:41 - 00000000 ____D C:\Windows\Minidump
2017-04-07 18:38 - 2017-04-07 18:44 - 00000000 ____D C:\Users\Tristen\AppData\Local\ejzebdnv
2017-04-07 18:38 - 2017-04-07 18:38 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\c
2017-04-07 18:38 - 2017-04-07 18:38 - 00000000 ____D C:\Users\Tristen\AppData\Local\msuuvabypu
2017-04-07 18:38 - 2017-04-07 18:38 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-07 18:36 - 2017-04-07 18:36 - 00002048 _____ C:\Users\Tristen\AppData\Local\uninstallro.exe
2017-04-07 18:35 - 2017-04-07 18:52 - 234727110 ____R C:\Users\Tristen\Downloads\Five_Nights_at_Freddys_v1.131_setup.exe
2017-04-07 15:32 - 2017-04-07 18:38 - 00000000 ____D C:\Users\Tristen\Downloads\FIVE NIGHTS AT FREDDYS SISTER LOCATION-HI2U
2017-04-07 15:31 - 2017-04-08 09:09 - 00000000 ____D C:\Users\Tristen\AppData\LocalLow\BitTorrent
2017-04-07 15:30 - 2017-04-07 15:30 - 00002691 _____ C:\Users\Tristen\Desktop\BitTorrent.lnk
2017-04-07 15:30 - 2017-04-07 15:30 - 00002691 _____ C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-04-07 15:28 - 2017-04-07 15:29 - 02411720 _____ (BitTorrent Inc.) C:\Users\Tristen\Downloads\BitTorrent.exe
2017-04-07 15:25 - 2017-04-07 15:25 - 00000000 ____D C:\Users\Tristen\Documents\BitLord
2017-04-07 15:19 - 2017-04-07 15:19 - 01376240 _____ ( ) C:\Users\Tristen\Downloads\BitlordSetup_4112541569.exe
2017-04-07 15:08 - 2017-04-07 15:08 - 01381582 _____ (Igor Pavlov) C:\Users\Tristen\Downloads\7z1604-x64.exe
2017-04-07 15:08 - 2017-04-07 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-07 15:08 - 2017-04-07 15:08 - 00000000 ____D C:\Program Files\7-Zip
2017-04-07 15:06 - 2017-04-07 15:06 - 00000000 ____D C:\Users\Tristen\Downloads\updates
2017-04-07 15:04 - 2017-04-07 15:04 - 00000000 ___HD C:\$AV_ASW
2017-04-07 15:01 - 2017-04-08 09:45 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\BitTorrent
2017-04-07 14:48 - 2017-04-07 14:48 - 00000000 ____D C:\Windows\SysWOW64\x64
2017-04-07 14:48 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2017-04-07 14:43 - 2017-04-07 14:43 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\Easeware
2017-04-07 14:42 - 2017-04-07 14:43 - 03966992 _____ (Easeware ) C:\Users\Tristen\Downloads\DriverEasy_Setup.exe
2017-04-07 14:39 - 2017-04-07 14:39 - 00003906 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1491590369
2017-04-07 14:35 - 2017-04-07 14:35 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-07 14:28 - 2017-04-07 14:28 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\AVAST Software
2017-04-07 14:28 - 2017-04-07 14:28 - 00000000 ____D C:\Users\Tristen\AppData\Local\CEF
2017-04-07 14:25 - 2017-04-07 14:25 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-07 14:25 - 2017-04-07 14:25 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-07 14:25 - 2017-04-07 14:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-07 14:25 - 2017-04-07 14:24 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-07 14:25 - 2017-04-07 14:24 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-07 14:25 - 2017-04-07 14:21 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-07 14:25 - 2017-04-07 14:21 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-07 14:25 - 2017-04-07 14:21 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-07 14:25 - 2017-04-07 14:21 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-07 14:25 - 2017-04-07 14:21 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-07 14:24 - 2017-04-07 14:24 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-07 14:24 - 2017-04-07 14:22 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-07 14:24 - 2017-04-07 14:22 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-07 14:23 - 2017-04-07 14:34 - 00000000 ____D C:\Users\Tristen\AppData\Local\SlimWare Utilities Inc
2017-04-07 14:23 - 2017-04-07 14:24 - 00003624 _____ C:\Windows\System32\Tasks\DriverUpdate Startup.job
2017-04-07 14:23 - 2017-04-07 14:23 - 00000000 ____D C:\Users\Tristen\AppData\Local\CrashRpt
2017-04-07 14:22 - 2017-04-07 14:22 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-04-07 14:21 - 2017-04-07 14:22 - 00991208 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Tristen\Downloads\DriverUpdate-setup.exe
2017-04-07 14:17 - 2017-04-07 14:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-07 14:14 - 2017-04-07 19:05 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-07 14:11 - 2017-04-07 14:13 - 06654960 _____ (AVAST Software) C:\Users\Tristen\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-04-07 14:07 - 2017-04-07 14:07 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-07 14:07 - 2017-04-07 14:07 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-07 14:04 - 2017-04-07 14:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-07 14:04 - 2017-04-07 14:04 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-07 14:04 - 2017-04-07 14:04 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-07 14:03 - 2017-04-07 14:14 - 00000000 ____D C:\Users\Tristen\AppData\Local\Google
2017-04-07 14:03 - 2017-04-07 14:03 - 00000000 ____D C:\Users\Tristen\AppData\Local\ElevatedDiagnostics
2017-04-07 14:02 - 2017-04-07 14:03 - 00000000 ____D C:\Users\Tristen\AppData\Local\Deployment
2017-04-07 14:02 - 2017-04-07 14:02 - 00000000 ____D C:\Users\Tristen\AppData\Local\Apps\2.0
2017-04-07 13:58 - 2017-04-07 13:58 - 00001413 _____ C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-07 13:58 - 2017-04-07 13:58 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\Adobe
2017-04-07 13:57 - 2017-04-07 13:58 - 00000000 ____D C:\Users\Tristen
2017-04-07 13:57 - 2017-04-07 13:57 - 00058016 _____ C:\Users\Tristen\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-07 13:57 - 2017-04-07 13:57 - 00000020 ___SH C:\Users\Tristen\ntuser.ini
2017-04-07 13:57 - 2017-04-07 13:57 - 00000000 _SHDL C:\Users\Tristen\My Documents
2017-04-07 13:57 - 2017-04-07 13:57 - 00000000 _SHDL C:\Users\Tristen\Documents\My Videos
2017-04-07 13:57 - 2017-04-07 13:57 - 00000000 _SHDL C:\Users\Tristen\Documents\My Pictures
2017-04-07 13:57 - 2017-04-07 13:57 - 00000000 _SHDL C:\Users\Tristen\Documents\My Music
2017-04-07 13:57 - 2017-04-07 13:57 - 00000000 ____D C:\Users\Tristen\AppData\Local\VirtualStore
2017-04-07 13:57 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Tristen\AppData\Roaming\Media Center Programs
2017-04-05 00:09 - 2017-04-07 20:39 - 00008192 __RSH C:\BOOTSECT.BAK
2017-04-05 00:09 - 2010-11-20 23:23 - 00383786 __RSH C:\bootmgr
2017-04-04 23:17 - 2017-04-05 00:01 - 00000000 ____D C:\Games
2017-04-04 20:20 - 2017-04-04 20:20 - 00405398 __RSH C:\GAIVQ
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-08 09:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 09:04 - 2009-07-14 00:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-08 09:04 - 2009-07-14 00:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-08 08:17 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-08 03:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-08 02:53 - 2009-07-14 01:13 - 00781386 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-07 20:39 - 2009-07-14 01:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template
2017-04-07 18:53 - 2015-07-18 09:39 - 00772550 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-07 16:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-07 16:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2017-04-07 13:56 - 2015-07-18 19:36 - 00000000 ____D C:\Windows\Panther
 
==================== Files in the root of some directories =======
 
2017-04-08 01:49 - 2017-04-08 01:49 - 0000552 _____ () C:\Users\Tristen\AppData\Local\TroubleshooterConfig.json
2017-04-07 18:36 - 2017-04-07 18:36 - 0002048 _____ () C:\Users\Tristen\AppData\Local\uninstallro.exe
 
Some files in TEMP:
====================
2017-04-08 08:14 - 2017-04-04 09:25 - 0782872 _____ (BlueStack Systems, Inc.) C:\Users\Tristen\AppData\Local\Temp\HD-Common.dll
2017-04-08 08:14 - 2017-04-04 09:25 - 0464920 _____ (BlueStack Systems, Inc.) C:\Users\Tristen\AppData\Local\Temp\HD-InstallerUtils.dll
2017-04-08 08:14 - 2017-04-04 09:22 - 0187416 _____ (BlueStack Systems) C:\Users\Tristen\AppData\Local\Temp\HD-LibraryHandler.dll
2017-04-08 08:14 - 2017-04-04 09:21 - 0246808 _____ (BlueStack Systems) C:\Users\Tristen\AppData\Local\Temp\HD-Logger-Native.dll
2017-04-08 08:14 - 2017-04-04 09:25 - 0385048 _____ (BlueStack Systems, Inc.) C:\Users\Tristen\AppData\Local\Temp\HD-Uninstaller.exe
2017-04-07 14:43 - 2017-04-07 14:43 - 19185656 _____ () C:\Users\Tristen\AppData\Local\Temp\setup.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

  • 0

#4
zep516
Posted 08 April 2017 - 01:30 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Have you tried this to remove the virus,
  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.
Need to step out for a bit back a bit later.
  • 0

#5
Tristen2285
Posted 08 April 2017 - 02:17 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

its still scanning but its already found 21 malware


  • 0

#6
zep516
Posted 08 April 2017 - 02:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
It's a rootkit infection Malwarebytes anti rootkit should remove it. Please post the logs when finished.

Please stick around too because there will be a few more scans to run, even though the computer seems to be working
  • 0

#7
zep516
Posted 08 April 2017 - 04:07 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Is Malwarebytes running or has it locked up ? If it's locked up or not responding reboot the computer, then check for log reports in Malwarebytes. If you need to try running it again, if it stops responding again try it in the safe mode.
  • 0

#8
Tristen2285
Posted 08 April 2017 - 04:22 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It's rebooting now it wasn't responding but it was up to over 2500 malware files found but it has 72 updates for Windows that's what's taking so long thank you for for your help and concern I'm gonna run it again asa it reboots and I'll send you those logs
  • 0

#9
Tristen2285
Posted 08 April 2017 - 07:11 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry out took so long my computer had to revert all 72 updates it installed so i started again finally
  • 0

#10
zep516
Posted 08 April 2017 - 07:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Take your time. I'm here till late. Glad the up-date process was successful.
  • 0

Advertisements

#11
Tristen2285
Posted 08 April 2017 - 08:44 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It keeps not responding and I'll wait like 20 to 30 mins. Should i try it in safe mode? Is there a specific reason why it stops responding?
  • 0

#12
Tristen2285
Posted 08 April 2017 - 08:44 PM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It keeps not responding and I'll wait like 20 to 30 mins. Should i try it in safe mode? Is there a specific reason why it stops responding?
  • 0

#13
zep516
Posted 08 April 2017 - 08:54 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
I have never seen it not respond. Malwarebytes has been very successful on this infection so far. We could have a new variant of this particular malware.

At this point I would delete Malwarebytes Anti Rootkit and re-download it from my instructions in post # 4, then try scanning again. I also think waiting 10 mins is enough.

If that does not work then try it in the safemode.
  • 0

#14
Tristen2285
Posted 09 April 2017 - 08:44 AM

Tristen2285

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I'm so frustrated i dont know what to do u tried redownloading it running it in safe mode which i can't even get it to open in safe mode
  • 0

#15
zep516
Posted 09 April 2017 - 08:53 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
We may have a new variant of this infection, I need to contact malwarebytes and they may need to up date Malwarebytes to deal with it.

I'll contact them now, so please be patient.

I also need to go to work, but Ill be back later.

Can you do this

Click start> search and type cmd, right click on the returned cmd.exe and select "run as administrator" at the prompt>>> type or (copy paste) the text in the code box below into the command prompt window
echo > 0 & tasklist /v >> 0 & net start >> 0 & notepad 0
press enter on your keyboard.
A log file in note pad will be created on the desktop.
Post all of the notepad outcome in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP