Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HI got a big virus in system viles.. need help going over computers

Started by steveairway , Mar 18 2020 06:17 PM

Please log in to reply

#1
steveairway

Posted 18 March 2020 - 06:17 PM

Member

Member
54 posts

somebody please guide me

i got 3 computers and think they all got a system file root virus and i cant get rid of it

thanks

also this webpage says not secure up above... def hacked bigtime right ?

Edited by steveairway, 18 March 2020 - 06:18 PM.

#2
RKinner

Posted 18 March 2020 - 06:59 PM

Malware Expert

Expert
24,624 posts

We haven't been hacked. Just the forum software is so old that it can't do https.

We need to see your FRST logs in order to help you. Just for one computer for now:

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
steveairway

Posted 18 March 2020 - 09:26 PM

Member

Topic Starter
Member
54 posts

IN OPPOSITE ORDER BUT OK THANK U

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020

Ran by Nathan (18-03-2020 23:20:27)

Running from C:\Users\Nathan\Downloads

Windows 7 Ultimate N Service Pack 1 (X64) (2018-10-25 16:04:51)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1270021460-4183227028-2917954802-500 - Administrator - Disabled)

Guest (S-1-5-21-1270021460-4183227028-2917954802-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1270021460-4183227028-2917954802-1002 - Limited - Enabled)

Nathan (S-1-5-21-1270021460-4183227028-2917954802-1000 - Administrator - Enabled) => C:\Users\Nathan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 80.1.5.112 - Brave Software Inc)

CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)

Discord (HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden

Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)

HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.8.24.33 - HP Inc.)

HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.14.49.15 - HP Inc.)

Ignition Casino Poker (HKLM-x32\...\{B63C2764-2878-40D2-A50E-B3BE6D5F122F}_is1) (Version: 4.0 - )

Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)

TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.3.8497 - TeamViewer)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

XSplit Gamecaster (HKLM-x32\...\{7F0DC866-BE32-4AE8-8242-A1F5753176B8}) (Version: 3.4.1812.0304 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2018-10-21 17:47 - 2011-08-09 18:46 - 000443040 _____ (Atheros Communications Inc. -> Atheros) [File not signed] C:\Windows\system32\athihvs.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2019-01-06 08:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.254.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8D9928F9-C321-4824-AB48-FCB0551865A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File

FirewallRules: [{88EC0A08-4605-4907-97FD-3796912CAFC3}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)

FirewallRules: [{DADCBC27-FC13-43AF-A692-8B90C8411931}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)

FirewallRules: [{92B41091-B82B-4971-AB55-E73D00CF9A9A}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)

FirewallRules: [{21925DB8-B724-4F3B-A002-82E09BA0D476}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)

FirewallRules: [{DC47CD10-8468-43BF-9466-C6A4E04E2EDC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{6C292E25-9923-4B2D-B85A-A70957C6E699}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{F90F108D-A7E4-4467-B420-60E72B530BE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{87344F7F-5DDF-4482-9CA0-A80FF621818D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{B3447847-D77A-4FCC-B361-520F08796E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{C6A88D84-F206-4CFD-9E33-02E530D86A42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{96F8785E-DFD6-4EFF-8C0D-C57829220266}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

10-03-2020 23:47:28 Device Driver Package Install: TAP-NordVPN Windows Provider V9 Network adapters

11-03-2020 01:01:13 AdwCleaner_BeforeCleaning_11/03/2020_01:01:12

11-03-2020 01:10:41 AdwCleaner_BeforeCleaning_11/03/2020_01:10:31

11-03-2020 01:36:53 Windows Update

11-03-2020 01:57:58 JRT Pre-Junkware Removal

11-03-2020 02:29:19 Checkpoint by HitmanPro

11-03-2020 02:45:16 Windows Update

11-03-2020 03:10:49 Checkpoint by HitmanPro

11-03-2020 14:34:50 Windows Update

11-03-2020 22:41:47 Windows Update

13-03-2020 03:26:33 Removed XSplit Gamecaster

16-03-2020 23:56:10 Installed Windows 7 USB/DVD Download Tool

17-03-2020 02:14:11 Revo Uninstaller's restore point - Google Chrome

18-03-2020 04:57:16 Windows Update

18-03-2020 08:33:36 Removed Windows 7 USB/DVD Download Tool

18-03-2020 09:05:21 Removed HP Support Assistant.

18-03-2020 09:05:54 Removed HP Support Solutions Framework

18-03-2020 09:19:53 Restore Operation

18-03-2020 15:01:08 Removed XSplit Gamecaster

18-03-2020 17:48:07 Windows Update

18-03-2020 17:52:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123

18-03-2020 19:09:42 Restore Operation

==================== Faulty Device Manager Devices ============

Name: PCI Device

Description: PCI Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (03/18/2020 11:09:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 724

Start Time: 01d5fd9b9678cbd2

Termination Time: 20

Application Path: C:\Windows\Explorer.EXE

Report Id: 065f06f2-698f-11ea-a854-74de2b1b95ef

Error: (03/18/2020 11:09:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2020 08:33:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/18/2020 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/18/2020 06:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (03/18/2020 06:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a28

Start Time: 01d5fd6d99d94b6f

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/18/2020 05:42:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Error: (03/18/2020 05:42:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

System errors:

=============

Error: (03/18/2020 11:07:44 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (03/18/2020 11:07:41 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:08:24 PM on ‎3/‎18/‎2020 was unexpected.

Error: (03/18/2020 11:07:22 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (03/18/2020 11:07:22 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (03/18/2020 09:07:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

Error: (03/18/2020 09:07:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

Error: (03/18/2020 08:58:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/18/2020 08:31:40 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Windows Defender:

===================================

Date: 2020-03-18 20:29:00.397

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted:Current

Error Code:0x80070002

Error description:The system cannot find the file specified.

Signature version:0.0.0.0

Engine version:0.0.0.0

Date: 2020-03-18 10:54:53.385

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted:Current

Error Code:0x80070002

Error description:The system cannot find the file specified.

Signature version:0.0.0.0

Engine version:0.0.0.0

Date: 2020-03-18 06:21:32.305

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.16800.2

Previous Engine Version:1.1.6402.0

Update Source:User

Error Code:0x8050800c

Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:

===================================

Date: 2020-03-18 18:19:49.104

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-18 18:19:48.979

Description:

Date: 2020-03-18 18:14:46.171

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2020-03-18 18:14:45.999

Description:

Date: 2020-03-18 18:14:45.827

Description:

Date: 2020-03-18 18:14:45.640

Description:

Date: 2020-03-18 18:09:52.514

Description:

Date: 2020-03-18 18:09:52.265

Description:

==================== Memory info ===========================

BIOS: Hewlett-Packard F.45 01/17/2012

Motherboard: Hewlett-Packard 3568

Processor: AMD A6-3420M APU with Radeon™ HD Graphics

Percentage of memory in use: 87%

Total physical RAM: 3561.41 MB

Available physical RAM: 446.31 MB

Total Virtual: 7120.95 MB

Available Virtual: 3271.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.79 GB) (Free:341.62 GB) NTFS

Drive d: (Recovery) (Fixed) (Total:19.91 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32

Drive f: (GSP1RMCNULXFRER_EN_DVD) (CDROM) (Total:2.77 GB) (Free:0 GB) UDF

\\?\Volume{bb21917a-d887-11e8-afaf-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DC9CC033)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt =======================

NEXT FILE NEXT FILE .. NEXT FILE

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020

Ran by Nathan (administrator) on NATHANWIN7 (Hewlett-Packard HP Pavilion g7 Notebook PC) (18-03-2020 23:17:35)

Running from C:\Users\Nathan\Downloads

Loaded Profiles: Nathan (Available Profiles: Nathan)

Platform: Windows 7 Ultimate N Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe

(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)

HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)

HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [Discord] => C:\Users\Nathan\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\80.1.5.112\Installer\chrmstp.exe [2020-03-18] (Brave Software, Inc.) [File not signed]

BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk *

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0719FF8D-0A89-4578-8658-61AE239C4AB8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {0E7373C6-4F35-4549-9E6A-927C29626523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

Task: {36BB0B6E-1697-452B-9A3D-1F7403E29D7B} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [1624120 2018-05-02] (Piriform Ltd -> Piriform Ltd)

Task: {3E0F3850-DFF6-44E5-A867-6D9170091CD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {48125E50-69C3-45BD-843B-49B59A42135E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

Task: {59B1E654-44AB-4647-B60C-3557AA506B57} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {6985298E-7D8C-44EF-8A45-DC23C29302CE} - System32\Tasks\HPCeeScheduleForNathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)

Task: {6E29A70D-8034-4C0D-90D3-91C1434EF52E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)

Task: {6FDF364C-0157-4C38-8514-81DE24236994} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)

Task: {7B3322F9-5CFC-45BB-9E4D-3AB6A87B54FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)

Task: {966AE572-BDDA-42A1-86C9-873AA86C33D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [62840 2019-11-28] (HP Inc. -> HP Inc.)

Task: {AD91CC59-D672-4FEF-A0A6-887274D4E345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [308088 2020-02-12] (HP Inc. -> HP Inc.)

Task: {B463FBA4-68FD-4542-9940-92B3577FEFE6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-05-04] (HP Inc. -> HP Inc.)

Task: {C17982E4-54A5-40CE-A61A-D0363C25B18D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-09-26] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {F7606D2D-496F-4763-B889-7923CE745878} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe

Task: C:\Windows\Tasks\HPCeeScheduleForNathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

Tcpip\..\Interfaces\{733F7B85-7134-4C5A-A282-4AD8D3640DC2}: [DhcpNameServer] 192.168.254.254

Tcpip\..\Interfaces\{C6AE969C-B2FB-4128-AF00-1686FBD85C2C}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)

FireFox:

========

FF DefaultProfile: 4yhwfcfo.default-1569477086153

FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\4yhwfcfo.default-1569477086153 [2020-03-18]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

Chrome:

=======

CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default [2020-03-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13206544 2020-03-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2768384 2011-08-03] (Atheros Communications, Inc.) [File not signed]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-18 23:14 - 2020-03-18 23:14 - 002279936 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe

2020-03-18 21:04 - 2020-03-18 20:49 - 000368056 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2020-03-18 20:57 - 2020-03-18 21:05 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2020-03-18 20:57 - 2020-03-18 21:05 - 000001963 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk

2020-03-18 20:57 - 2020-03-18 20:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software

2020-03-18 20:57 - 2020-03-18 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2020-03-18 20:50 - 2020-03-18 20:50 - 000458584 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1bac43505ba7fd85.tmp

2020-03-18 20:50 - 2020-03-18 20:50 - 000000000 ____D C:\Program Files\Common Files\AVAST Software

2020-03-18 20:50 - 2020-03-18 20:49 - 000848672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw90fca36ac84b4c92.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000316256 _____ (AVAST Software) C:\Windows\system32\Drivers\asw837b09b43a0fc9d2.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000279360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8a8392e12cd5d2bf.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000271120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw81e789a3a91d1461.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000235184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc7f3aa94bddb26ea.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000206608 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3e84a11f540b00b7.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000205576 _____ (AVAST Software) C:\Windows\system32\Drivers\asw42ad984a01e969f9.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000175400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc8e84b0b1d92a552.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000110560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe41b76c404c38f04.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000084056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe2d0e0d32a927203.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000064272 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b4639d26b25bfa2.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000042976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2abe895d3d88bc1.tmp

2020-03-18 20:50 - 2020-03-18 20:49 - 000037864 _____ (AVAST Software) C:\Windows\system32\Drivers\asw18127936e9306c78.tmp

2020-03-18 20:47 - 2020-03-18 20:47 - 000002171 _____ C:\Users\Nathan\Desktop\Discord.lnk

2020-03-18 20:46 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Local\Discord

2020-03-18 20:45 - 2020-03-18 20:45 - 000000000 ____D C:\Program Files\AVAST Software

2020-03-18 20:42 - 2020-03-18 20:45 - 062620472 _____ (Discord Inc.) C:\Users\Nathan\Downloads\DiscordSetup.exe

2020-03-18 20:29 - 2020-03-18 20:29 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_premium_security_setup_online.exe

2020-03-18 19:53 - 2020-03-18 19:57 - 000000000 _____ C:\Windows\system32\last.dump

2020-03-18 18:09 - 2020-03-18 18:09 - 000000000 ____D C:\ProgramData\Driver Support

2020-03-18 17:52 - 2020-03-18 17:52 - 000000000 ____D C:\ProgramData\Package Cache

2020-03-18 17:43 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files (x86)\Driver Support One

2020-03-18 17:22 - 2020-03-18 17:22 - 000000000 ____D C:\$WINDOWS.~LS

2020-03-18 17:16 - 2020-03-18 17:16 - 000000000 ____D C:\$UPGRADE.~OS

2020-03-18 17:15 - 2020-03-18 17:15 - 000000000 ____D C:\$WINDOWS.~BT

2020-03-18 15:20 - 2020-03-18 17:22 - 000000002 _____ C:\$UpgDrv$

2020-03-18 15:17 - 2020-03-18 17:11 - 000002602 _____ C:\Users\Nathan\Desktop\Windows Compatibility Report.htm

2020-03-18 15:07 - 2020-03-18 15:07 - 000000000 ____H C:\Users\Guest\Documents\Default.rdp

2020-03-18 15:04 - 2020-03-18 15:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Adobe

2020-03-18 15:04 - 2020-03-18 15:04 - 000000000 ____D C:\Users\Guest\AppData\Local\Google

2020-03-18 15:03 - 2020-03-18 19:37 - 000000000 ____D C:\Users\Guest

2020-03-18 15:03 - 2020-03-18 15:03 - 000000000 ____D C:\Users\Guest\AppData\Local\VirtualStore

2020-03-18 07:13 - 2020-03-18 07:13 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Gyazo

2020-03-18 07:12 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files (x86)\Gyazo

2020-03-18 05:53 - 2020-03-18 05:55 - 000043259 _____ C:\Users\Nathan\Downloads\MTB.txt

2020-03-17 02:28 - 2020-03-17 02:29 - 076223216 _____ (Lenovo Group Limited ) C:\Users\Nathan\Downloads\8awt16ww.exe

2020-03-17 02:28 - 2020-03-17 02:28 - 000000000 ____D C:\Users\Nathan\AppData\Local\Microsoft Games

2020-03-17 02:11 - 2020-03-17 02:11 - 000000000 ____D C:\Users\Nathan\AppData\Local\HP

2020-03-17 02:09 - 2020-03-17 02:09 - 013274912 _____ (Lenovo Group Limited ) C:\Users\Nathan\Downloads\83wo14ww.exe

2020-03-17 00:06 - 2020-03-17 00:06 - 007432520 _____ (VS Revo Group ) C:\Users\Nathan\Downloads\revosetup (1).exe

2020-03-16 23:59 - 2020-03-18 14:54 - 000000004 _____ C:\Users\Nathan\Documents\CCleanerFoundItems.txt

2020-03-16 23:57 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2020-03-16 23:57 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2020-03-16 23:57 - 2020-03-16 23:57 - 000002529 _____ C:\Users\Nathan\Desktop\Windows 7 USB DVD Download Tool.lnk

2020-03-16 23:55 - 2020-03-18 20:00 - 000001908 _____ C:\Windows\diagwrn.xml

2020-03-16 23:55 - 2020-03-18 20:00 - 000001908 _____ C:\Windows\diagerr.xml

2020-03-16 23:54 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Greenshot

2020-03-16 23:54 - 2020-03-16 23:54 - 002721168 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe

2020-03-16 23:54 - 2020-03-16 23:54 - 000000000 ____D C:\Users\Nathan\AppData\Local\Greenshot

2020-03-16 23:31 - 2020-03-18 19:50 - 000000000 ____D C:\Program Files\Greenshot

2020-03-16 23:31 - 2020-03-18 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

2020-03-16 23:30 - 2020-03-16 23:30 - 001783200 _____ (Greenshot ) C:\Users\Nathan\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE (1).exe

2020-03-16 23:26 - 2020-03-16 23:30 - 001783200 _____ (Greenshot ) C:\Users\Nathan\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

2020-03-16 22:53 - 2020-03-18 20:03 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2020-03-16 22:53 - 2020-03-18 20:03 - 000002300 _____ C:\Users\Public\Desktop\Brave.lnk

2020-03-16 22:53 - 2020-03-18 20:03 - 000002300 _____ C:\ProgramData\Desktop\Brave.lnk

2020-03-16 22:53 - 2020-03-18 19:19 - 000000000 ____D C:\Users\Nathan\AppData\Local\BraveSoftware

2020-03-16 22:51 - 2020-03-18 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2020-03-16 22:51 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files\VS Revo Group

2020-03-16 22:51 - 2020-03-16 22:51 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk

2020-03-16 22:51 - 2020-03-16 22:51 - 000000994 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk

2020-03-16 22:47 - 2020-03-16 22:47 - 007432520 _____ (VS Revo Group ) C:\Users\Nathan\Downloads\revosetup.exe

2020-03-16 22:47 - 2020-03-16 22:47 - 000003336 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA

2020-03-16 22:47 - 2020-03-16 22:47 - 000003208 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore

2020-03-16 22:46 - 2020-03-18 19:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware

2020-03-16 22:44 - 2020-03-16 22:44 - 001298328 _____ (BraveSoftware Inc.) C:\Users\Nathan\Downloads\BraveBrowserSetup.exe

2020-03-16 22:33 - 2020-03-16 22:37 - 000000000 ____D C:\Users\Nathan\AppData\Local\TeamViewer

2020-03-16 22:27 - 2020-03-16 22:27 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\TeamViewer

2020-03-16 22:26 - 2020-03-16 22:26 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk

2020-03-16 22:26 - 2020-03-16 22:26 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer.lnk

2020-03-16 22:26 - 2020-03-16 22:26 - 000001035 _____ C:\ProgramData\Desktop\TeamViewer.lnk

2020-03-16 22:24 - 2020-03-18 23:08 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2020-03-16 22:18 - 2020-03-16 22:19 - 026985448 _____ (TeamViewer Germany GmbH) C:\Users\Nathan\Downloads\TeamViewer_Setup.exe

2020-03-16 22:18 - 2020-03-16 22:18 - 000230080 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe

2020-03-15 23:53 - 2020-03-15 23:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Poker Mavens 6

2020-03-15 23:16 - 2020-03-15 23:16 - 000000000 ____D C:\Users\Nathan\AppData\Local\cache

2020-03-15 18:00 - 2020-03-15 18:00 - 000000000 ____D C:\Users\Nathan\AppData\Local\mbam

2020-03-15 16:34 - 2020-03-15 16:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\mbamtray

2020-03-15 04:01 - 2020-03-17 21:16 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\slobs-client

2020-03-15 03:37 - 2020-03-15 03:37 - 000000000 ____D C:\ProgramData\Sophos

2020-03-15 03:27 - 2020-03-15 03:27 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2020-03-15 03:25 - 2020-03-15 03:25 - 000000000 ____D C:\Program Files\Malwarebytes

2020-03-13 20:03 - 2020-03-18 23:10 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\discord

2020-03-13 20:03 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2020-03-13 20:02 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Local\SquirrelTemp

2020-03-13 03:01 - 2020-03-13 03:01 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\Unconfirmed 346898.crdownload

2020-03-13 02:53 - 2020-03-13 02:53 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\Unconfirmed 522862.crdownload

2020-03-12 20:24 - 2020-03-12 20:24 - 000000000 ____D C:\RegBackup

2020-03-12 18:28 - 2020-03-18 09:41 - 000000000 ____D C:\Windows\SysWOW64\tron

2020-03-12 18:28 - 2020-03-18 09:41 - 000000000 ____D C:\Windows\SysWOW64\integrity_verification

2020-03-12 18:24 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Downloads\tron

2020-03-12 18:24 - 2020-02-05 12:27 - 000000000 ____D C:\Users\Nathan\Downloads\integrity_verification

2020-03-12 17:48 - 2020-03-12 17:48 - 424800866 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 396016.crdownload

2020-03-12 17:05 - 2020-03-12 17:23 - 626332736 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 108130.crdownload

2020-03-12 04:49 - 2020-03-12 05:04 - 325188194 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 707891.crdownload

2020-03-12 04:47 - 2020-03-12 04:47 - 000000000 ____D C:\Program Files (x86)\Tweaking.com

2020-03-12 04:27 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Downloads\ComputerRepairFree

2020-03-12 04:26 - 2020-03-12 04:26 - 000997714 _____ C:\Users\Nathan\Downloads\ComputerRepairFree.zip

2020-03-12 04:02 - 2020-03-16 02:26 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte

2020-03-12 04:01 - 2020-03-16 02:26 - 000000000 ____D C:\ProgramData\Outbyte

2020-03-12 04:00 - 2020-03-16 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte

2020-03-12 04:00 - 2020-03-16 02:26 - 000000000 ____D C:\Program Files (x86)\Outbyte

2020-03-12 03:35 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Desktop\Tor Browser

2020-03-12 03:22 - 2020-03-12 05:04 - 3973250207 _____ C:\Users\Nathan\Downloads\Qubes-R4.0.3-x86_64.iso.crdownload

2020-03-12 02:47 - 2020-03-12 03:29 - 1665965568 _____ C:\Users\Nathan\Downloads\Whonix-XFCE-15.0.0.8.9.ova

2020-03-12 01:26 - 2020-03-12 01:26 - 000370309 _____ C:\Users\Nathan\Downloads\wnetwatcher (1).zip

2020-03-12 01:23 - 2020-03-12 01:23 - 000370309 _____ C:\Users\Nathan\Downloads\wnetwatcher.zip

2020-03-11 22:57 - 2020-03-18 01:15 - 000000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics

2020-03-11 14:27 - 2020-03-11 14:27 - 000007614 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg

2020-03-11 05:00 - 2020-03-13 03:28 - 000000000 ____D C:\Windows\system32\appmgmt

2020-03-11 02:48 - 2020-03-11 02:54 - 000000000 ____D C:\Windows\system32\MRT

2020-03-11 02:35 - 2020-03-13 03:13 - 000000000 ____D C:\Program Files (x86)\Zemana

2020-03-11 02:35 - 2020-03-11 02:35 - 000000000 ____D C:\Users\Nathan\AppData\Local\Zemana

2020-03-11 02:34 - 2020-03-13 03:13 - 000000000 ____D C:\Users\Nathan\AppData\Local\AMSDK

2020-03-11 02:13 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files\HitmanPro

2020-03-11 02:12 - 2020-03-11 02:21 - 000000000 ____D C:\ProgramData\HitmanPro

2020-03-11 02:02 - 2020-03-11 02:02 - 000004575 _____ C:\Users\Nathan\Desktop\JRT.txt

2020-03-11 02:00 - 2020-03-11 02:00 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Nathan\Downloads\c6e90dea-1893-4abe-8e1d-6b2049caadb6.tmp

2020-03-11 01:34 - 2020-03-11 01:34 - 000000000 ____H C:\Users\Nathan\Documents\Default.rdp

2020-03-11 00:58 - 2020-03-11 01:02 - 000008216 _____ C:\Users\Nathan\Downloads\Addition.txt

2020-03-11 00:56 - 2020-03-18 23:19 - 000012397 _____ C:\Users\Nathan\Downloads\FRST.txt

2020-03-11 00:56 - 2020-03-18 23:18 - 000000000 ____D C:\FRST

2020-03-11 00:56 - 2020-03-11 01:02 - 000000000 ____D C:\AdwCleaner

2020-03-11 00:11 - 2020-03-18 04:33 - 000000000 ____D C:\ProgramData\Malwarebytes

2020-03-11 00:10 - 2020-03-11 02:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2020-03-10 23:59 - 2020-03-15 01:13 - 000002128 _____ C:\Users\Nathan\Desktop\Rkill.txt

2020-03-10 23:51 - 2020-03-10 23:51 - 000000000 ____D C:\ProgramData\Caphyon

2020-03-10 23:50 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files (x86)\NordVPN

2020-03-10 23:50 - 2020-03-10 23:51 - 000000000 ____D C:\Users\Nathan\AppData\Local\NordVPN

2020-03-10 23:50 - 2020-03-10 23:50 - 000000000 ____D C:\ProgramData\NordVPN

2020-03-10 23:47 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP

2020-03-10 23:27 - 2020-03-18 19:20 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\NordVPN

2020-03-10 23:25 - 2020-03-10 23:26 - 014075160 _____ (NordVPN) C:\Users\Nathan\Downloads\NordVPNSetup.exe

2020-03-10 23:02 - 2020-03-10 23:43 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForNathan.job

2020-03-10 23:02 - 2020-03-10 23:02 - 000003192 _____ C:\Windows\system32\Tasks\HPCeeScheduleForNathan

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-18 23:18 - 2009-07-14 00:50 - 000025184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2020-03-18 23:18 - 2009-07-14 00:50 - 000025184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2020-03-18 23:07 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2020-03-18 20:45 - 2018-10-25 23:02 - 000000000 ____D C:\ProgramData\AVAST Software

2020-03-18 19:50 - 2018-10-25 23:02 - 000058688 _____ C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT

2020-03-18 19:48 - 2018-10-25 12:04 - 000000000 ____D C:\Users\Nathan

2020-03-18 19:37 - 2019-11-21 06:55 - 000000000 ____D C:\Program Files (x86)\Ignition Casino Poker

2020-03-18 19:35 - 2018-10-21 17:47 - 000000000 ____D C:\Windows\system32\nn-NO

2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ____D C:\Program Files\Windows Sidebar

2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 __RSD C:\Windows\Media

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\servicing

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions

2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf

2020-03-18 19:34 - 2019-01-07 13:44 - 000000000 ____D C:\Users\Nathan\AppData\Local\HP_Inc

2020-03-18 19:34 - 2019-01-07 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2020-03-18 19:34 - 2019-01-07 12:56 - 000000000 ____D C:\Program Files\CCleaner

2020-03-18 19:34 - 2019-01-07 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit

2020-03-18 19:34 - 2019-01-07 12:47 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs

2020-03-18 19:34 - 2019-01-02 13:12 - 000000000 ____D C:\Program Files (x86)\GUM9F6.tmp

2020-03-18 19:34 - 2018-10-25 23:10 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard

2020-03-18 19:34 - 2018-10-25 22:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2020-03-18 19:34 - 2018-10-25 22:56 - 000000000 ____D C:\sp55040

2020-03-18 19:34 - 2018-10-21 17:46 - 000000000 ____D C:\Program Files (x86)\Cisco

2020-03-18 19:34 - 2018-10-21 17:46 - 000000000 ____D C:\Program Files (x86)\Atheros

2020-03-18 19:34 - 2018-10-21 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2020-03-18 19:34 - 2018-10-21 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

2020-03-18 19:34 - 2018-10-21 17:26 - 000000000 ____D C:\Program Files\Defraggler

2020-03-18 19:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\AppCompat

2020-03-18 19:32 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration

2020-03-18 19:20 - 2019-01-07 12:44 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\SplitmediaLabs

2020-03-18 19:19 - 2018-10-25 23:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard

2020-03-18 19:13 - 2019-01-02 11:50 - 000000000 ____D C:\Program Files (x86)\Google

2020-03-18 14:59 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF

2020-03-18 10:52 - 2018-10-25 23:12 - 000000000 ____D C:\Users\Nathan\AppData\Local\Hewlett-Packard

2020-03-18 10:52 - 2018-10-21 17:41 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Hewlett-Packard

2020-03-18 09:29 - 2019-01-02 12:07 - 000000000 ____D C:\Users\Nathan\AppData\Local\Google

2020-03-18 06:08 - 2018-10-25 23:10 - 000000000 ____D C:\Users\Nathan\AppData\Local\AVAST Software

2020-03-17 02:19 - 2018-10-25 22:40 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0B5BC9E5-B145-413C-B7A7-F624C56450E1}

2020-03-17 01:48 - 2009-07-14 00:50 - 000271328 _____ C:\Windows\system32\FNTCACHE.DAT

2020-03-16 22:11 - 2018-10-21 17:27 - 000000410 _____ C:\Windows\Tasks\Defraggler Volume C Task.job

2020-03-11 22:41 - 2019-11-21 06:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\poker-client-electron-common

2020-03-11 22:03 - 2019-11-21 06:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\ignitioncasino-eu-poker

2020-03-11 02:12 - 2018-10-25 15:56 - 000000000 ____D C:\Windows\Panther

2020-03-10 23:35 - 2018-10-21 17:29 - 000774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2020-03-10 23:35 - 2009-07-14 01:12 - 000774004 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories ========

2020-03-11 14:27 - 2020-03-11 14:27 - 000007614 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-03-18 15:43

==================== End of FRST.txt ========================

Edited by steveairway, 18 March 2020 - 09:26 PM.

#4
RKinner

Posted 18 March 2020 - 10:13 PM

Malware Expert

Expert
24,624 posts

Why do you think it has a virus?

I assume you installed TeamViewer?

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Try running MBAR and see if it finds anything

https://www.malwareb...om/antirootkit/

#5
steveairway

Posted 18 March 2020 - 11:08 PM

Member

Topic Starter
Member
54 posts

why have virus i think... 1.. I"ve seen zeman do a a scan and say trojan win 32 system wow al 2180 virus.
Also tons of stuff in registry when i run cc cleaner.. missing dll files..
plus i think i'm being web filtered
also avast , never run and find anything.. pretty sure got virus

TASK MANAGER FILE COPY AND PASTE

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
audiodg.exe 15,716 K 15,520 K 5320 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
brave.exe 2,188 K 5,500 K 1104 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 26,908 K 37,028 K 2564 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 21,352 K 22,828 K 5672 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 6,956 K 12,684 K 4328 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 31,404 K 69,664 K 4072 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 24,740 K 32,880 K 2240 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 6,988 K 11,960 K 6080 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
conhost.exe 1,096 K 772 K 1156 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 2,096 K 980 K 2496 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,676 K 1,608 K 2476 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1,792 K 1,624 K 1768 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
HPSupportSolutionsFrameworkService.exe 28,712 K 5,932 K 2724 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
lsass.exe 6,096 K 8,508 K 560 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,696 K 2,100 K 568 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mscorsvw.exe 3,564 K 2,384 K 3944 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Dynamic Code Publisher
procexp.exe 4,052 K 7,524 K 5360 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 5,716 K 5,836 K 544 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 588 K 600 K 344 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,796 K 3,884 K 1224 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,336 K 4,700 K 4988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,120 K 9,992 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,992 K 5,120 K 824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 186,084 K 53,268 K 3716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3,708 K 2,120 K 5332 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,948 K 544 K 488 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,384 K 2,336 K 624 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 2,516 K 3,120 K 1144 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2,108 K 1,924 K 4604 Windows Update Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,264 K 5,936 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
brave.exe < 0.01 36,004 K 48,840 K 2892 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
CCleaner64.exe < 0.01 11,780 K 24,648 K 2912 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
WmiPrvSE.exe < 0.01 19,760 K 24,636 K 3080 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,456 K 2,208 K 460 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
StikyNot.exe < 0.01 5,164 K 5,188 K 3256 Sticky Notes Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 22,236 K 11,296 K 2728 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,068 K 11,476 K 3184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nordvpn-service.exe < 0.01 41,088 K 70,572 K 5908 nordvpn-service (Verified) TEFINCOM S.A.
svchost.exe < 0.01 15,680 K 12,204 K 656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 34,584 K 40,484 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,764 K 15,840 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 12,932 K 7,048 K 1868 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
mscorsvw.exe 0.01 4,648 K 2,440 K 1140 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Dynamic Code Publisher
TeamViewer_Service.exe 0.01 5,328 K 4,492 K 1244 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
CCleaner64.exe 0.01 13,272 K 7,288 K 2672 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
svchost.exe 0.01 135,516 K 129,320 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 2,132 K 1,916 K 2196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
NordVPN.exe 0.01 136,412 K 188,152 K 5768 NordVPN NordVPN (Verified) TEFINCOM S.A.
svchost.exe 0.02 21,412 K 16,272 K 920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
brave.exe 0.04 44,608 K 52,676 K 1804 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 0.04 47,164 K 70,380 K 1288 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
svchost.exe 0.05 5,160 K 4,500 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 42,784 K 42,988 K 3028 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
brave.exe 0.07 54,880 K 83,520 K 2572 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
System 0.08 844 K 6,192 K 4
brave.exe 0.11 15,300 K 31,196 K 6116 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 0.21 134,560 K 180,984 K 2388 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 0.33 142,224 K 185,124 K 4048 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
brave.exe 0.33 149,304 K 182,276 K 1444 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
taskmgr.exe 0.44 3,940 K 9,952 K 4572 Windows Task Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.52 3,132 K 4,220 K 508 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.69 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 1.57 26,724 K 44,472 K 4244 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
brave.exe 3.42 67,692 K 109,256 K 1588 Brave Browser Brave Software, Inc. (Verified) Brave Software, Inc.
System Idle Process 91.94 0 K 24 K 0

this is what pops UP AFTER RUNNING THE CMD COMMANDS

Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 344 N/A
csrss.exe 460 N/A
wininit.exe 488 N/A
csrss.exe 508 N/A
services.exe 544 N/A
lsass.exe 560 KeyIso, SamSs
lsm.exe 568 N/A
winlogon.exe 624 N/A
svchost.exe 716 DcomLaunch, PlugPlay, Power
svchost.exe 824 RpcEptMapper, RpcSs
svchost.exe 920 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 952 AudioEndpointBuilder, CscService, hidserv,
HomeGroupListener, Netman, PcaSvc, SysMain,
TrkWks, UxSms, Wlansvc
svchost.exe 988 EventSystem, fdPHost, FontCache, netprofm,
nsi, WdiServiceHost, WinHttpAutoProxySvc
svchost.exe 1020 AeLookupSvc, BITS, Browser, EapHost, gpsvc,
iphlpsvc, LanmanServer, MMCSS, ProfSvc,
Schedule, SENS, ShellHWDetection, Themes,
Winmgmt, wuauserv
svchost.exe 656 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
wlanext.exe 1144 N/A
conhost.exe 1156 N/A
spoolsv.exe 1224 Spooler
svchost.exe 1340 BFE, DPS, MpsSvc
dwm.exe 1768 N/A
taskhost.exe 1868 N/A
TeamViewer_Service.exe 1244 TeamViewer
svchost.exe 2196 bthserv
CCleaner64.exe 2672 N/A
SearchIndexer.exe 2728 WSearch
explorer.exe 3028 N/A
svchost.exe 2028 FDResPub, SSDPSRV
svchost.exe 3184 p2pimsvc, p2psvc, PNRPsvc
StikyNot.exe 3256 N/A
mscorsvw.exe 3944 clr_optimization_v4.0.30319_32
mscorsvw.exe 1140 clr_optimization_v4.0.30319_64
HPSupportSolutionsFramewo 2724 HPSupportSolutionsFrameworkService
dllhost.exe 2476 N/A
ctfmon.exe 2496 N/A
wuauclt.exe 4604 N/A
svchost.exe 3716 WinDefend
taskhost.exe 5332 N/A
nordvpn-service.exe 5908 nordvpn-service
NordVPN.exe 5768 N/A
svchost.exe 4988 SDRSVC
brave.exe 2388 N/A
brave.exe 1104 N/A
brave.exe 4072 N/A
brave.exe 6116 N/A
brave.exe 4328 N/A
brave.exe 6080 N/A
brave.exe 1804 N/A
brave.exe 2892 N/A
brave.exe 1588 N/A
brave.exe 2240 N/A
brave.exe 2564 N/A
brave.exe 4048 N/A
brave.exe 1444 N/A
brave.exe 1288 N/A
WmiPrvSE.exe 3080 N/A
brave.exe 2572 N/A
CCleaner64.exe 2912 N/A
brave.exe 5672 N/A
WmiPrvSE.exe 5280 N/A
brave.exe 2920 N/A
brave.exe 3100 N/A
brave.exe 6064 N/A
brave.exe 5392 N/A
Speccy64.exe 2644 N/A
WmiApSrv.exe 3676 wmiApSrv
WmiPrvSE.exe 2988 N/A
audiodg.exe 5636 N/A
SearchProtocolHost.exe 5316 N/A
SearchFilterHost.exe 4728 N/A
cmd.exe 2768 N/A
conhost.exe 5740 N/A
tasklist.exe 3228 N/A

SPECCYT

#6
steveairway

Posted 18 March 2020 - 11:29 PM

Member

Topic Starter
Member
54 posts

I DONT SEE ATTACH BUTTON ON HERE FOR SPECCY LOG

WILL FIND SOON

#7
RKinner

Posted 19 March 2020 - 04:08 AM

Malware Expert

Expert
24,624 posts

Click on the More Reply Options button

Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Avast never installed. Try the offline install:

https://www.avast.co...ST&locale=en-us

Save then right click and Run as Admin. Uncheck any optional files like dropbox or chrome. Stick with the Basic (free) version. Avoid the Quick Scan instead do the boot-time scan (May take hours)

Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.

Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

Did you install teamviewer?

#8
steveairway

Posted 19 March 2020 - 03:09 PM

Member

Topic Starter
Member
54 posts

OK I ATTATCHED SPECCY LOG

Attached Files

Speccy log file for geeks.txt 63.9KB 202 downloads

#9
steveairway

Posted 19 March 2020 - 03:54 PM

Member

Topic Starter
Member
54 posts

ALSO JUST WANTED TO SHOW U HE ADDED THINGS LIKE THIS TO MY COMPUTER ...

FILES TO MANIPULATE MY COMPUTER AND ALSO TO RELOAD IF I REINSTALL WINDOWS.

SEE I DID THAT.. I PUT A FRESH VERSION ON LAST WEEK But he i gueses

1. Gets into my router / home ip network..

How can i get him out of my router ? I guess i need keyscrambler right? so that way i can call ip and change to private/ new router name and pass..etc..

I attacted file which he put on my desktop.... u can see its all virus stuff i belive.

#10
steveairway

Posted 19 March 2020 - 03:55 PM

Member

Topic Starter
Member
54 posts

Yes i did install teamviewer..

I just deleted it though as i know it can be used bigtime as spyware.

Also last night he was making new account names on my internet options/ network.. with the same name i use as my network etc

he did this becasue i wateched a show about how a phone will connect to any fraud network that has same name as one at home etc

#11
RKinner

Posted 19 March 2020 - 04:13 PM

Malware Expert

Expert
24,624 posts

Did you run MBAR yet?

So far all I can see is that Speccy says your PC is running a bit hot and your hard drive is about to crash on you.

Speccy sometimes reads a bit hot so let's get a second opinion:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray. With no other programs running what is the highest temp you see? Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes. What is the highest temp now?

We don't really want it to go over about 65 under load. If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink. However on some PCs this is major surgery. Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink. Don't do it too long as the fan may overrev.

If you think the router has been compromised you can reset it to factory then change the default password. Tell me the make and model number and I will look up how to do that.

#12
steveairway

Posted 19 March 2020 - 04:52 PM

Member

Topic Starter
Member
54 posts

Thanks for info

About to run Mbar now..

Quick question though... Can all this be avoided if i dont mind just reloading a fresh windows version?

I mean that is so much easier than doing all this diagnosis stuff right?

I JUST WANT TO DO A REBOOT AND HOPE HE HAS NOT SENT OVER HIS RAT/ HACKING FILES TO MY NEW VERSION.

i have a disk and put on new version but AM PISSED to see the new download WENT OVER OLD FILES FROM LAST SYSTEM.. WHAT THE HECK!!

I have nothing on my computer i care about so to do fresh reboots is no big deal to me.

I know for sure the guy is in my router though.. Last night he there was other networks somehow available under same name in networks available. He put like 3 of them.. just to mess around with me .

I just installed ZEMANA ANTILOGGER/ KEYSCRAMBLER.. maybe this will help him from keylogging me with his rat?

Its just i think his viruses have disabled all my anti viruses to work.

i have avast and i paid for avast premium last week but when i punch in passoword to start Avast premium/ paid it says NOT WORKING.. so he is somehow stopping me from logging in ..

I THINK FOR SURE I'M BEING WEB FILTERED.. MY CONNETION GOES FROM ME TO HIS COMPUTER THEN TO INTERNET..

if i look up thing.. like avast dot com . it wont take me there. etc

Def hacked right? and being ratted

Btw

THANKS.. WILL have mbar scan etc on next post and other stuff.

Edited by steveairway, 19 March 2020 - 04:55 PM.

#13
steveairway

Posted 19 March 2020 - 05:10 PM

Member

Topic Starter
Member
54 posts

https://gyazo.com/6f...f56c5833e1eee6e

Also got this when was about to run MBar on my computer.

thoughts?

also I THINK THIS GUY HAS MADE HIM ADMIN OF MY COMPUTERS

on this computer.. its my oldest of 3.. he has like full control

there is like 4 accounts on here.. Nathan/ admin me

then he made like 3 false ones

SYSTEM

ADMIN/ NATHAN/ ADMIM

EVERYBODY

SO U CAN SEE HE TOOK OVER ALL CONTROLS

I should prob just run refresh of fresh windows right?

i just want to make sure that no OLD files come to new install..

Edited by steveairway, 19 March 2020 - 05:36 PM.

#14
steveairway

Posted 19 March 2020 - 05:44 PM

Member

Topic Starter
Member
54 posts

https://gyazo.com/c2...05b454059d70f97

AT END OF MBAR ROOT SCAN .. THIS HAPP

BASICALLY HE HAS A FILE ON COMPTUER NOT TO LET ME RUN THIS PROGRAM I THINK

u cant' see it in the photo but it says mbar could not be executed to mbar.exe .. his anti virus code he has on my computer stopping the scan

there is all kinds of notepad stuff on my computer thats viruses.. code written to not let bank sites have cookies or whatever

i've seen .. Notepad stuff to not let anti virus progams work

Edited by steveairway, 19 March 2020 - 05:49 PM.

#15
RKinner

Posted 19 March 2020 - 08:20 PM

Malware Expert

Expert
24,624 posts

AppInit_DLL is a value in the registry that can be used to load a file when other files load.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
There are two values in the registry. One lists the file(s) that are to be loaded (AppInit_DLLs) and a second one enables the load (LoadAppInit_DLLs). Often a program will be installed that uses the entry and enables the load. Usually when they uninstall the program they forget to turn off the enable entry. If there were files listed to be loaded they would have shown up in the FRST log. Since they didn't I expect MBAR was just being careful and asking if it could turn off the enable. This can be done with a registry merge:

Download the following wininit.reg file and save it then right click and MERGE. Ignore the warning.

wininit.reg 340bytes 205 downloads

This will not only turn off the enable but will remove any file lists.

MBAR is sensitive to the health of the hard drive. As I mentioned earlier your hard drive is about to die so I expect that's why you got the error. The drive needs to be replaced ASAP. It's an old Seagate (known to be unreliable) and yours is a SATA-2 so rather slow compared to the newer SATA-3

The Avast install is hung. It never completed. Don't know why. You can get a new copy of the version you paid for here:
https://www.avast.co...tallation-files

Choose the Offline installer. Download, Save then right click and Run As Admin.