Detecting Threats are being Cleaned

Hey guys,

I'm trying to download these icons on my computer, which I purchased online. I've dealt with this company multiple times, all other downloads went well. So, not afraid of any kind of virus, at all.

"Detecting threats are being cleaned" keeps popping up on bottom right corner and not allowing me to go through with it. I've tried it on Google Chrome and Internet Explorer.

Let me know, if there's anyway to disable the detecting message b/c I do trust the download.

Thanks in advance.

What program did you download?

It's a DropBox.com download from ModManiac.com. It's custom mods for online poker.

Then there has to be something in the program that is triggering your virus/malware program. There are mods that will do this. You either need to create an exception for the program or at least verify with multiple scanners that the program is safe to use.

He decided to send me ".exe" download through email, which they won't download either. How do I create an exception for the program or the run multiple scanners?

He said save the ".exe" to my computer, rename them with the ".exe" extension then I'd be able to run them.

What antivirus program do you use. And how do you know you can trust this "mod"?

I'd abandon ship, the methods and even responses from the guy indicate no bueno.

I don't use any anti-virus, to be quite honest. But I do trust the mod. He's well known.

I would run the following.

1.

Please download AdwCleaner onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool. Please click on yes to allow Adwcleaner to run on your system.
•Click on Scan.



•After the scan, the clean button will be replaced by the clean button which you will need to click on to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it. Again, please press ok to let the program run on your system.
•The tool will open, you will need to press a key for the program to start scanning.



•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• Launch Malwarebytes' Anti-Malware.

[*]Click on the scan now button and let it start scanning your system.
[*]When the scan is complete, please make sure all entries are checked and click on quarantine.
[*]A log will be saved automatically which you can access by clicking on the the reports tab on the left and then click on scan report. You can open that report and copy and paste the contents in your reply.
[/LIST]

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



4.

Download OTL to your Desktop




•Double click on the icon to run it. Again click on yes to allow it to run. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan may take a few minutes.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 01:52:44 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\AppData\Roaming\PPC-software
Deleted: C:\Users\Documents\PPC-software
Deleted: C:\Users\AppData\Roaming\PPC-software
Deleted: C:\Users\Documents\PPC-software


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\WebBar
Deleted: [Key] - HKU\S-1-5-21-1740583814-1593686312-996612215-1000\Software\ICSW1.23
Deleted: [Key] - HKCU\Software\ICSW1.23
Deleted: [Key] - HKLM\SOFTWARE\PPC-software
Deleted: [Key] - HKLM\SOFTWARE\PPC-software
Deleted: [Key] - HKU\S-1-5-21-1740583814-1593686312-996612215-1000\Software\PPC-softwareLanguage
Deleted: [Key] - HKCU\Software\PPC-softwareLanguage
Deleted: [Key] - HKU\S-1-5-21-1740583814-1593686312-996612215-1000\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-1740583814-1593686312-996612215-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2103 B] - [2017/10/25 1:51:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Christopher Siraco (Administrator) on Tue 10/24/2017 at 22:00:37.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ERCUL4N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ1JI5XU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEKPO0X9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASH738V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ERCUL4N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ1JI5XU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEKPO0X9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASH738V (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/24/2017 at 22:01:34.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan Date: 10/24/17
Scan Time: 10:05 PM
Log File: 059745a2-b929-11e7-bd00-7085c20ec44c.json
Administrator: Yes
Version: 3.2.2.2029
Component Package Version: 1.0.212
Update Package Version: 1.0.3088
License: Trial
OS: Windows 7 Service Pack 1
CPU: x64
File System Type: NTFS
User: HP
Scan Type: Threat
Result: Completed
Objects Scanned: 309,278
Threats Detected: 29
Threats Quarantined: 29
Time Elapsed: 00:01:41
Processes: 0
Modules: 0
Registry Keys: 12
Registry Values: 3
Registry Data: 2
Folders: 1
Files: 11
Memory: Enabled
Startup: Enabled
File System: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

The last step... OTL, brings me to... http://www.geekstogo.com/forum/files/go/9031ce48bdf2a93f588168bbe93a35a4/otl-oldtimers-list-it

Is that correct?

And... for the Malwarebytes Scan Report. Let me know, if you need the second part b/c there's more to it. Which, is the bottom half.

I need the whole log for malwarebytes, what you posted doesn't tell me what it found and deleted.

Use this link for OTL

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

Threat Type Location Action ID
PUP.Optional.ByteFence Registry Key HKLM\SOFTWARE\MIC Quarantined 632
PUP.Optional.ByteFence Registry Key HKLM\SOFTWARE\MIC Quarantined 632
PUP.Optional.ByteFence File C:\USERS Quarantined 632
PUP.Optional.SearchM Registry Key HKLM\SOFTWARE\GO Quarantined 526
PUP.Optional.SearchM Registry Key HKLM\SOFTWARE\WO Quarantined 526
PUP.Optional.SearchM Registry Key HKU\S-1-5-21-174058 Quarantined 526
PUP.Optional.Solvussoft File C:\USERS Quarantined 359
PUP.Optional.WebBar Registry Key HKLM\SOFTWARE\MIC Quarantined 3662
PUP.Optional.WebBar Registry Key HKLM\SOFTWARE\MIC Quarantined 3662
PUP.Optional.WinYahoo File C:\WINDOWS\TASKS\YA Quarantined 63
PUP.Optional.WinYahoo File C:\WINDOWS\SYSTEM3 Quarantined 63
PUP.Optional.WinYahoo Registry Key HKLM\SOFTWARE\MIC Quarantined 63
PUP.Optional.WinYahoo Registry Value HKLM\SOFTWARE\MIC Quarantined 63
PUP.Optional.WinYahoo Registry Key HKLM\SOFTWARE\MIC Quarantined 63
PUP.Optional.WinYahoo Registry Data HKLM\SOFTWARE\WO Replaced 63
PUP.Optional.WinYahoo Registry Value HKLM\SOFTWARE\WO Quarantined 63
PUP.Optional.WinYahoo Registry Key HKU:\S-1-5-21-174058 Quarantined 63
PUP.Optional.WinYahoo Registry Key HKLM\SOFTWARE\MIC Quarantined 63
PUP.Optional.WinYahoo Registry Key HKLM\SOFTWARE\WO Quarantined 63
PUP.Optional.WinYahoo Registry Data HKLM\SOFTWARE\MIC Replaced 63
PUP.Optional.WinYahoo Registry Value HKLM\SOFTWARE\MIC Quarantined 63
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4 Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo File C:\PROGRAMDATA\{5F4B Quarantined 1197
PUP.Optional.WinYahoo Folder C:\PROGRAMDATA\{5F4 Quarantined 1197

OTL logfile created on: 10/25/2017 1:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18816)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.06 Gb Available Physical Memory | 81.85% Memory free
31.90 Gb Paging File | 29.15 Gb Available in Paging File | 91.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.78 Gb Total Space | 354.19 Gb Free Space | 79.28% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe (Corsair Components, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\d64d97af7c6f3e573e91e2342e36734e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\c94d111b685d55c9ac7b442daaa72f46\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e0fb0b9ff53a543385844ca3d4fe0e67\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\b275f3c85451b4712ba4441c8b142cdc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a940a59838344f50d68b17da426928ad\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\83aa5cbe367dcd5373421de6d20441df\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\997ae7ebb28384eb69f1b94c2bb2e170\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c4a944b009f4f07008b4d8cb6feb62bc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4a34b8e8ee4dff4d0a60143313c17eb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\35511e4186f06439802b46ef18ab4a6a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bcfc8f02ea2e1edbf8b711b542f4b43f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e0c58e3528d935e36495738dd955ab31\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\083ff8b4b0ffd899249c5e4164870e25\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2a4d9d3dc67b64fc0cd7e1156a358702\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.dll ()
MOD - C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESV2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (igfxCUIService2.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMFarflt) -- C:\Windows\SysNative\drivers\farflt.sys (Malwarebytes)
DRV:64bit: - (MBAMWebProtection) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes)
DRV:64bit: - (MBAMProtection) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (MBAMChameleon) -- C:\Windows\SysNative\drivers\MbamChameleon.sys (Malwarebytes)
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ESProtectionDriver) -- C:\Windows\SysNative\drivers\mbae64.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (CorsairVBusDriver) -- C:\Windows\SysNative\drivers\CorsairVBusDriver.sys (Corsair)
DRV:64bit: - (CorsairVHidDriver) -- C:\Windows\SysNative\drivers\CorsairVHidDriver.sys (Corsair)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (dlusbaudio) -- C:\Windows\SysNative\drivers\dlusbaudio_x64.sys ()
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Files - Modified Within 30 Days ==========

[2017/10/25 14:00:20 | 000,084,256 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017/10/25 13:56:00 | 000,110,016 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017/10/25 13:56:00 | 000,045,504 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/10/25 13:55:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/10/25 13:55:52 | 4256,686,078 | -HS- | M] () -- C:\hiberfil.sys
[2017/10/25 00:22:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2017/10/25 00:22:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/10/25 00:22:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/10/25 00:22:27 | 000,783,606 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/10/25 00:22:27 | 000,663,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/10/25 00:22:27 | 000,122,464 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/10/24 22:05:34 | 000,192,952 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2017/10/24 22:05:12 | 000,252,232 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2017/10/21 23:44:48 | 000,000,000 | ---- | M] () -- C:\Users\AppData\Local\chico.bin
[2017/10/18 22:16:40 | 010,736,745 | ---- | M] () -- C:\Users\Documents\pearl.zip
[2017/10/18 22:08:05 | 019,840,908 | ---- | M] () -- C:\User\Documents\white_2.zip
[2017/10/17 00:38:47 | 000,000,060 | ---- | M] () -- C:\ProgramData\SoftwareUpdateTemp.xml
[2017/10/10 16:54:59 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/10/10 13:51:24 | 000,775,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/10/10 11:04:13 | 000,002,040 | ---- | M] () -- C:\Users\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars NJ.lnk
[2017/10/05 17:40:24 | 000,522,632 | ---- | M] () -- C:\Windows\SysNative\GameManager64.dll
[2017/10/05 17:40:20 | 000,356,744 | ---- | M] () -- C:\Windows\SysWow64\GameManager32.dll
[2017/10/05 17:40:18 | 000,543,624 | ---- | M] () -- C:\Windows\SysNative\dgtrayicon.exe
[2017/10/05 17:40:04 | 000,544,136 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2017/10/05 17:40:00 | 000,115,592 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2017/10/05 17:39:54 | 000,360,840 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2017/10/05 17:39:52 | 000,127,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2017/10/05 17:39:50 | 000,105,864 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2017/10/05 17:39:48 | 000,543,112 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2017/10/05 17:39:46 | 000,772,488 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2017/10/05 17:39:44 | 000,475,016 | ---- | M] () -- C:\Windows\SysNative\atieah64.exe
[2017/10/05 17:39:42 | 000,325,512 | ---- | M] () -- C:\Windows\SysWow64\atieah32.exe
[2017/10/05 17:38:38 | 000,915,848 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_17.30.dll
[2017/10/05 17:38:38 | 000,505,736 | ---- | M] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2017/10/05 17:38:38 | 000,351,624 | ---- | M] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2017/10/05 16:52:46 | 000,831,736 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2017/10/05 16:52:46 | 000,831,736 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2017/10/05 16:51:24 | 003,437,632 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2017/10/05 16:46:18 | 003,471,376 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2017/10/04 22:57:04 | 000,000,045 | ---- | M] () -- C:\Users\AppData\Local\machpro.dat
[2017/10/04 13:15:42 | 000,077,440 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017/09/27 16:23:54 | 000,266,640 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_FJ_nd.dat
[2017/09/27 16:23:40 | 000,266,900 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_FJ.dat
[2017/09/27 15:00:40 | 000,276,960 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_stn_nd.dat
[2017/09/27 14:57:08 | 000,271,584 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_cz_nd.dat
[2017/09/27 14:18:32 | 000,370,976 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_el_nd.dat
[2017/09/27 13:54:28 | 000,371,296 | ---- | M] () -- C:\Windows\SysNative\ativvaxy_gl_nd.dat
[30 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[17 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/10/24 22:05:08 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017/10/18 22:17:46 | 010,736,745 | ---- | C] () -- C:\Users\Documents\pearl.zip
[2017/10/18 22:15:09 | 019,840,908 | ---- | C] () -- C:\Users\Documents\white_2.zip
[2017/10/10 11:04:13 | 000,002,040 | ---- | C] () -- C:\Users\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars NJ.lnk
[2017/10/10 01:05:01 | 000,000,000 | ---- | C] () -- C:\Users\AppData\Local\chico.bin
[2017/10/05 17:40:24 | 000,522,632 | ---- | C] () -- C:\Windows\SysNative\GameManager64.dll
[2017/10/05 17:40:20 | 000,356,744 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2017/10/05 17:40:18 | 000,543,624 | ---- | C] () -- C:\Windows\SysNative\dgtrayicon.exe
[2017/10/05 17:39:54 | 000,360,840 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2017/10/05 17:39:44 | 000,475,016 | ---- | C] () -- C:\Windows\SysNative\atieah64.exe
[2017/10/05 17:39:42 | 000,325,512 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2017/10/05 17:38:38 | 000,505,736 | ---- | C] () -- C:\Windows\SysNative\amdgfxinfo64.dll
[2017/10/05 17:38:38 | 000,351,624 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2017/10/05 16:52:46 | 000,831,736 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2017/10/05 16:52:46 | 000,831,736 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2017/10/05 16:51:24 | 003,437,632 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2017/10/05 16:46:18 | 003,471,376 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2017/10/04 22:57:04 | 000,000,045 | ---- | C] () -- C:\Users\AppData\Local\machpro.dat
[2017/09/27 16:58:10 | 000,000,060 | ---- | C] () -- C:\ProgramData\SoftwareUpdateTemp.xml
[2017/09/27 16:23:54 | 000,266,640 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_FJ_nd.dat
[2017/09/27 16:23:40 | 000,266,900 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_FJ.dat
[2017/09/27 15:00:40 | 000,276,960 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_stn_nd.dat
[2017/09/27 14:57:08 | 000,271,584 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cz_nd.dat
[2017/09/27 14:18:32 | 000,370,976 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_el_nd.dat
[2017/09/27 13:54:28 | 000,371,296 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_gl_nd.dat
[2017/08/29 20:37:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2017/08/08 22:40:07 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/07/12 12:54:00 | 000,776,992 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-54-0.dll
[2017/07/12 12:53:54 | 000,477,472 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-54-0.exe
[2017/06/19 22:41:01 | 000,000,000 | ---- | C] () -- C:\Users\.mergeclient
[2017/06/15 15:32:56 | 000,525,088 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-51-0.dll
[2017/06/15 15:32:50 | 000,233,760 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-51-0.exe
[2017/03/11 19:50:09 | 000,000,344 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2017/02/24 16:34:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2017/02/24 16:34:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2017/02/16 19:51:28 | 000,776,992 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2017/02/16 19:51:28 | 000,477,472 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2017/01/24 10:34:38 | 000,000,048 | -H-- | C] () -- C:\Program Files (x86)\ywcxhve8rv.dat
[2016/12/15 20:33:50 | 000,273,696 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-37-0.dll
[2016/12/15 20:33:18 | 000,111,392 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-37-0.exe
[2016/12/14 23:08:48 | 000,688,640 | ---- | C] () -- C:\Windows\SysWow64\VulkanRT-Installer.exe
[2016/12/14 23:07:52 | 000,103,416 | ---- | C] () -- C:\Windows\SysWow64\libGLESv2.dll
[2016/12/14 23:07:50 | 000,092,664 | ---- | C] () -- C:\Windows\SysWow64\libGLESv1_CM.dll
[2016/12/14 23:07:48 | 000,132,600 | ---- | C] () -- C:\Windows\SysWow64\libEGL.dll
[2016/12/14 23:06:14 | 001,100,872 | ---- | C] () -- C:\Windows\SysWow64\iga32.dll
[2016/11/22 20:23:44 | 000,271,648 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-33-0.dll
[2016/11/22 20:23:14 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-33-0.exe
[2016/10/24 19:39:50 | 000,775,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/10/24 19:39:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/09/16 15:39:46 | 000,233,352 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/09/09 14:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/09 14:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/15 11:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/15 11:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2017/01/24 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Corsair
[2017/03/12 22:07:22 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\discord
[2017/01/25 16:25:38 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Downloaded Installations
[2017/10/04 22:51:59 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\HoldemManager
[2017/10/04 22:55:26 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\TableNinja.v2

========== Purity Check ==========



< End of report >