ProblemsRBad

Members
  • Content count

    864
  • Joined

  • Last visited

  • Days Won

    1
  • Time Online

    215d 32m 47s

About ProblemsRBad

  • Rank
    $ Supporting Member
  • Birthday

Profile Information

  • Gender
    Not Telling
  • OS
    Windows 10

Profile Fields

  • Country
  1. Thanks a lot! Computer running much better now. Have a great weekend.
  2. Ok Sophos scan clean so I don't have a log. Here is the other 2 logs thanks for help, Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Avast Antivirus Malwarebytes Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 121 Java version 32-bit out of Date! Adobe Flash Player 24.0.0.194 Mozilla Firefox (52.0) Google Chrome (56.0.2924.87) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------------ Farbar Service Scanner Version: 27-01-2016 Ran by bobby (administrator) on 01-02-2017 at 22:27:52 Running from "C:\Users\bobby\Desktop" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  3. Ok done here is the log file: Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by bobby (01-02-2017 22:02:16) Run:1 Running from C:\Users\bobby\Desktop Loaded Profiles: bobby (Available Profiles: bobby & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-31] (AVAST Software) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File Toolbar: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X] U3 idsvc; no ImagePath S0 vhrfpdu; System32\drivers\qbbvfpvm.sys [X] 2017-02-01 16:20 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll C:\Windows\SysWOW64\msvcp110.dll Task: {64F98E0C-AC2A-4256-AB40-F30489488D5C} - System32\Tasks\REGUtilities Task => C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION C:\Program Files (x86)\REGUtilities Task: C:\WINDOWS\Tasks\REGUtilities Task.job => C:\Program Files (x86)\REGUtilities\REGUtilities.exe -t C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. HKLM\System\CurrentControlSet\Services\aswHdsKe => key removed successfully aswHdsKe => service removed successfully HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully idsvc => service removed successfully HKLM\System\CurrentControlSet\Services\vhrfpdu => key removed successfully vhrfpdu => service removed successfully C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Windows\SysWOW64\msvcp110.dll => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64F98E0C-AC2A-4256-AB40-F30489488D5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64F98E0C-AC2A-4256-AB40-F30489488D5C} => key removed successfully C:\WINDOWS\System32\Tasks\REGUtilities Task => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGUtilities Task => key removed successfully "C:\Program Files (x86)\REGUtilities" => not found. C:\WINDOWS\Tasks\REGUtilities Task.job => moved successfully ==== End of Fixlog 22:02:18 ====
  4. Ok here is the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by bobby (administrator) on BOBBY-HP (01-02-2017 21:23:45) Running from C:\Users\bobby\Desktop Loaded Profiles: bobby (Available Profiles: bobby & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [59112 2016-04-28] (Hewlett-Packard ) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-31] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {c8f67b2c-8946-11e5-8d70-74de2b79f7ca} - "M:\autoinst.exe" /checkssn ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-31] (AVAST Software) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{05dce99d-5de2-457e-9257-ffd89dfad120}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {122FCF2F-C8E0-448E-A9A9-F9CC258C9F41} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-31] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File Toolbar: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF ProfilePath: C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074 [2017-02-01] FF Extension: (Diagnostics) - C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\features\{1fcd07f6-e94c-4dd2-9e8d-0ae19ded7357}\diagnostics@mozilla.org.xpi [2017-02-01] FF SearchPlugin: C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\searchplugins\google-lavasoft.xml [2016-09-24] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-31] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-31] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-31] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-31] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () Chrome: ======= CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-01-31] CHR Extension: (Google Slides) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-31] CHR Extension: (Google Docs) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-31] CHR Extension: (Google Drive) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31] CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31] CHR Extension: (Google Sheets) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-31] CHR Extension: (Google Docs Offline) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31] CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-31] (AVAST Software) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-31] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-31] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-31] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-31] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-31] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-31] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-12-14] (Advanced Micro Devices) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-13] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-01] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [570392 2016-04-28] (Tempo Semiconductor Inc.) R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.) R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.) S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X] U3 idsvc; no ImagePath S0 vhrfpdu; System32\drivers\qbbvfpvm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 21:08 - 2017-02-01 21:08 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-02-01 21:07 - 2017-02-01 21:08 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-02-01 21:07 - 2017-02-01 21:07 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-01 21:07 - 2017-02-01 21:07 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-02-01 21:07 - 2017-02-01 21:07 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-02-01 21:07 - 2017-02-01 21:07 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-01 21:07 - 2017-02-01 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-01 21:07 - 2017-02-01 21:07 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-01 21:07 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-02-01 21:06 - 2017-02-01 21:07 - 55566792 _____ (Malwarebytes ) C:\Users\bobby\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-01 16:30 - 2017-02-01 16:30 - 00000000 ____D C:\Users\bobby\AppData\Local\CrashDumps 2017-02-01 16:24 - 2017-02-01 21:11 - 00001082 _____ C:\Users\bobby\Desktop\mbamlog.txt 2017-02-01 16:22 - 2017-02-01 16:22 - 00007858 _____ C:\Users\bobby\Desktop\rkill.txt 2017-02-01 16:19 - 2017-02-01 16:19 - 34821984 _____ (Adlice Software ) C:\Users\bobby\Downloads\setup.exe 2017-02-01 16:13 - 2017-02-01 16:13 - 00010000 _____ C:\Users\bobby\Desktop\AdwCleaner[S0].txt 2017-02-01 09:40 - 2017-02-01 09:41 - 00041963 _____ C:\Users\bobby\Desktop\Addition.txt 2017-02-01 09:39 - 2017-02-01 21:24 - 00019292 _____ C:\Users\bobby\Desktop\FRST.txt 2017-02-01 09:39 - 2017-02-01 21:23 - 00000000 ____D C:\FRST 2017-02-01 09:37 - 2017-02-01 09:37 - 02420736 _____ (Farbar) C:\Users\bobby\Desktop\FRST64.exe 2017-01-31 22:54 - 2017-01-31 22:55 - 162167600 _____ (Sophos Limited) C:\Users\bobby\Downloads\Sophos Virus Removal Tool(1).exe 2017-01-31 22:54 - 2017-01-31 22:54 - 00852798 _____ C:\Users\bobby\Downloads\SecurityCheck.exe 2017-01-31 22:38 - 2017-01-31 22:38 - 00000000 ____D C:\ProgramData\Adobe 2017-01-31 21:49 - 2017-01-31 21:49 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-01-31 21:49 - 2017-01-31 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-01-31 21:49 - 2017-01-31 21:49 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-01-31 21:28 - 2017-01-31 21:28 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-01-31 21:28 - 2017-01-31 21:28 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-01-31 21:27 - 2017-01-31 21:28 - 00739392 _____ (Oracle Corporation) C:\Users\bobby\Downloads\JavaSetup8u121.exe 2017-01-31 21:14 - 2017-02-01 16:20 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-01-31 21:14 - 2017-02-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-01-31 21:14 - 2017-02-01 16:20 - 00000000 ____D C:\Program Files\RogueKiller 2017-01-31 21:14 - 2017-01-31 21:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-01-31 21:13 - 2017-01-31 21:13 - 00000000 ____D C:\ProgramData\RogueKiller 2017-01-31 20:43 - 2017-01-31 20:43 - 00000951 _____ C:\Users\bobby\Desktop\JRT.txt 2017-01-31 19:37 - 2017-01-31 21:45 - 162160408 _____ (Sophos Limited) C:\Users\bobby\Downloads\Sophos Virus Removal Tool.exe 2017-01-31 19:33 - 2017-01-31 19:33 - 34821984 _____ (Adlice Software ) C:\Users\bobby\Downloads\roguekiller setup.exe 2017-01-31 19:14 - 2017-01-31 19:14 - 00000000 ____D C:\Users\bobby\AppData\Roaming\SUPERAntiSpyware.com 2017-01-31 19:13 - 2017-01-31 19:14 - 01663040 _____ (Malwarebytes) C:\Users\bobby\Desktop\JRT.exe 2017-01-31 19:13 - 2017-01-31 19:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-01-31 19:13 - 2017-01-31 19:13 - 00001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-01-31 19:13 - 2017-01-31 19:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-01-31 19:13 - 2017-01-31 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-01-31 19:12 - 2017-01-31 19:12 - 29086808 _____ (SUPERAntiSpyware) C:\Users\bobby\Downloads\SUPERAntiSpyware.exe 2017-01-31 19:08 - 2017-01-31 19:09 - 04015056 _____ C:\Users\bobby\Downloads\adwcleaner_6.043(1).exe 2017-01-31 18:50 - 2017-01-31 18:50 - 00000000 ____D C:\Users\bobby\Downloads\xumouse 2017-01-31 18:48 - 2017-01-31 19:23 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485906531 2017-01-31 18:48 - 2017-01-31 19:23 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-31 18:48 - 2017-01-31 18:48 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-01-31 18:48 - 2017-01-31 18:48 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-01-31 18:45 - 2017-01-31 18:45 - 25564840 _____ (HP Inc. ) C:\Users\bobby\Downloads\sp74939.exe 2017-01-31 18:44 - 2017-01-31 18:44 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-01-31 18:44 - 2017-01-31 18:44 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-31 18:44 - 2017-01-31 18:44 - 00000000 ____D C:\Users\bobby\AppData\Roaming\AVAST Software 2017-01-31 18:43 - 2017-01-31 18:43 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-01-31 18:43 - 2017-01-31 18:43 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-01-31 18:43 - 2017-01-31 18:43 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-01-31 18:43 - 2017-01-31 18:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2017-01-31 18:43 - 2017-01-31 18:43 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-31 18:42 - 2017-01-31 18:42 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2017-01-31 18:41 - 2017-01-31 18:48 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-31 18:41 - 2017-01-31 18:48 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-31 18:24 - 2017-01-31 18:24 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2017-01-31 18:19 - 2017-01-31 18:19 - 06253640 _____ (AVAST Software) C:\Users\bobby\Downloads\avast_free_antivirus_setup_online_cnet_2.exe 2017-01-31 18:09 - 2017-01-31 18:09 - 00006838 _____ C:\mbamlog.txt 2017-01-31 18:03 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-31 18:03 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-31 17:57 - 2017-01-31 17:57 - 00371079 _____ C:\Users\bobby\Desktop\CisReport_x64_v8.4.0.5165_20170131-185746.zip 2017-01-31 17:46 - 2017-01-31 17:46 - 00000000 ____D C:\Users\bobby\AppData\Local\AMD 2017-01-31 17:42 - 2017-01-31 17:42 - 00000000 ____D C:\ProgramData\ATI 2017-01-31 16:19 - 2017-01-31 19:15 - 00000000 ____D C:\AdwCleaner 2017-01-31 16:19 - 2017-01-31 16:19 - 04015056 _____ C:\Users\bobby\Desktop\adwcleaner_6.043.exe 2017-01-31 16:17 - 2017-01-31 16:17 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-31 16:01 - 2017-01-31 16:01 - 00000000 __SHD C:\found.001 2017-01-31 15:51 - 2017-01-31 15:51 - 00000000 ____D C:\ProgramData\PDFC 2017-01-31 15:44 - 2017-01-31 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2017-01-31 15:43 - 2017-01-31 17:08 - 00000000 ____D C:\Program Files\AMD 2017-01-31 15:43 - 2017-01-31 15:43 - 00000000 ____D C:\ProgramData\AMD 2017-01-31 15:18 - 2017-01-31 18:06 - 00000000 ____D C:\Users\bobby\Desktop\video driver 2017-01-31 14:53 - 2017-01-31 21:59 - 00261484 ____N C:\WINDOWS\Minidump\013117-85578-01.dmp 2017-01-31 14:53 - 2017-01-31 19:02 - 00557772 ____N C:\WINDOWS\Minidump\013117-35453-01.dmp 2017-01-31 14:53 - 2017-01-31 17:33 - 00553165 ____N C:\WINDOWS\Minidump\013117-32953-01.dmp 2017-01-31 14:53 - 2017-01-31 16:51 - 00557837 ____N C:\WINDOWS\Minidump\013117-30171-01.dmp 2017-01-31 14:53 - 2017-01-31 16:34 - 00557837 ____N C:\WINDOWS\Minidump\013117-33937-01.dmp 2017-01-31 14:53 - 2017-01-31 16:33 - 00557348 ____N C:\WINDOWS\Minidump\013117-32718-01.dmp 2017-01-31 14:53 - 2017-01-31 16:29 - 00557837 ____N C:\WINDOWS\Minidump\013117-32765-02.dmp 2017-01-31 14:53 - 2017-01-31 16:27 - 00558669 ____N C:\WINDOWS\Minidump\013117-32593-02.dmp 2017-01-31 14:53 - 2017-01-31 16:24 - 00557844 ____N C:\WINDOWS\Minidump\013117-33562-01.dmp 2017-01-31 14:53 - 2017-01-31 15:42 - 00558628 ____N C:\WINDOWS\Minidump\013117-29734-01.dmp 2017-01-31 14:53 - 2017-01-31 15:40 - 00557796 ____N C:\WINDOWS\Minidump\013117-32750-01.dmp 2017-01-31 14:53 - 2017-01-31 15:38 - 00553165 ____N C:\WINDOWS\Minidump\013117-32578-01.dmp 2017-01-31 14:53 - 2017-01-31 15:35 - 00557284 ____N C:\WINDOWS\Minidump\013117-33015-01.dmp 2017-01-31 14:53 - 2017-01-31 15:34 - 00559117 ____N C:\WINDOWS\Minidump\013117-32765-01.dmp 2017-01-31 14:12 - 2017-01-31 14:12 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-31 14:12 - 2017-01-31 14:12 - 00002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-31 14:12 - 2017-01-31 14:12 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk 2017-01-31 14:12 - 2017-01-31 14:12 - 00000000 ____D C:\Users\bobby\AppData\Local\Google 2017-01-31 14:12 - 2017-01-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2017-01-31 14:12 - 2017-01-31 14:12 - 00000000 ____D C:\Program Files\Speccy 2017-01-31 14:11 - 2017-01-31 14:12 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-31 14:11 - 2017-01-31 14:11 - 06293184 _____ (Piriform Ltd) C:\Users\bobby\Desktop\spsetup130.exe 2017-01-31 14:07 - 2017-01-31 19:05 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-01-31 13:54 - 2017-01-31 13:54 - 00000000 ____D C:\Users\bobby\AppData\Local\ElevatedDiagnostics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 21:23 - 2016-09-23 14:18 - 00000000 ____D C:\Users\bobby\AppData\LocalLow\Mozilla 2017-02-01 21:07 - 2015-11-08 04:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-01 21:05 - 2015-11-08 04:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-02-01 20:56 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-01 20:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-01 12:44 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-01 09:41 - 2016-01-21 06:06 - 00000000 ____D C:\Users\bobby\AppData\Local\MEGAsync 2017-02-01 09:29 - 2016-10-03 13:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-01 09:29 - 2016-07-25 19:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-01 01:20 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-01 01:17 - 2016-10-03 12:42 - 00000000 ____D C:\Users\bobby 2017-02-01 01:13 - 2015-11-09 07:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-01 01:09 - 2015-11-09 07:23 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-31 22:38 - 2016-07-25 19:57 - 00000000 ____D C:\Users\bobby\AppData\Local\Adobe 2017-01-31 22:38 - 2015-11-08 04:36 - 00000000 ____D C:\Users\bobby\AppData\Roaming\Adobe 2017-01-31 22:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-31 22:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-31 21:59 - 2016-10-13 14:24 - 00000000 ____D C:\WINDOWS\Minidump 2017-01-31 21:59 - 2016-10-03 12:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-31 21:39 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-01-31 21:38 - 2016-07-24 18:11 - 00000000 ____D C:\ProgramData\Oracle 2017-01-31 21:38 - 2016-07-24 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-31 21:38 - 2016-07-24 18:11 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-31 21:37 - 2016-07-24 18:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-01-31 19:49 - 2016-10-03 12:42 - 00000000 ____D C:\Users\DefaultAppPool 2017-01-31 19:17 - 2015-11-08 04:34 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job 2017-01-31 18:53 - 2011-02-11 11:32 - 00000000 ____D C:\SWSETUP 2017-01-31 18:46 - 2016-10-03 12:40 - 00006848 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-31 18:40 - 2015-11-13 06:22 - 00001415 _____ C:\Users\bobby\Desktop\sn.lnk 2017-01-31 18:34 - 2016-10-03 13:00 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBOBBY-HP$ 2017-01-31 18:26 - 2016-07-28 16:29 - 00000000 ____D C:\Program Files\Intel 2017-01-31 18:26 - 2016-07-28 16:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-01-31 18:23 - 2016-07-28 16:18 - 00000000 ____D C:\ProgramData\McAfee 2017-01-31 16:24 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-01-31 16:17 - 2015-11-08 06:12 - 00002401 _____ C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-31 16:16 - 2015-11-08 06:12 - 00000000 ___RD C:\Users\bobby\OneDrive 2017-01-31 15:55 - 2012-02-14 20:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2017-01-31 15:55 - 2012-02-14 20:36 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2017-01-31 15:54 - 2016-10-03 13:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2017-01-31 15:54 - 2012-02-14 20:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2017-01-31 15:52 - 2016-01-20 10:32 - 00000000 ____D C:\Program Files (x86)\Driver Support 2017-01-31 15:51 - 2012-02-14 20:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers 2017-01-31 15:43 - 2016-07-28 16:29 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-31 15:43 - 2012-02-14 20:39 - 00000000 ____D C:\Program Files (x86)\AMD 2017-01-31 15:38 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-31 15:26 - 2015-11-08 05:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-31 15:13 - 2016-01-19 23:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\Nui 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-31 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-31 14:36 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-01-31 14:36 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-01-31 14:36 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2017-01-31 14:35 - 2016-10-03 13:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\setup 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-01-31 14:35 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-01-31 14:35 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing 2017-01-31 14:35 - 2016-01-20 00:04 - 00000000 ____D C:\Users\bobby\AppData\Roaming\DAoC Portal 2017-01-31 14:35 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-31 14:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration 2017-01-31 14:06 - 2015-11-08 13:37 - 00565645 ____N C:\WINDOWS\Minidump\013117-36093-01.dmp 2017-01-31 13:43 - 2015-11-08 13:37 - 00557453 ____N C:\WINDOWS\Minidump\013117-58921-01.dmp 2017-01-10 20:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports Some files in TEMP: ==================== 2017-02-01 16:20 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\msvcp110.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-01 00:05 ==================== End of FRST.txt ============================ ---------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by bobby (01-02-2017 21:24:51) Running from C:\Users\bobby\Desktop Windows 10 Home Version 1607 (X64) (2016-10-03 18:08:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-956974598-3299727750-65723944-500 - Administrator - Disabled) bobby (S-1-5-21-956974598-3299727750-65723944-1001 - Administrator - Enabled) => C:\Users\bobby DefaultAccount (S-1-5-21-956974598-3299727750-65723944-503 - Limited - Disabled) Guest (S-1-5-21-956974598-3299727750-65723944-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-956974598-3299727750-65723944-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{421976B6-DEC6-4CA5-941F-F0663B3A2B74}) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Genesis version Genesis Launcher 1.011 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.011 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.8101 - HRB Technology, LLC.) H&R Block Michigan 2015 (HKLM-x32\...\{C34A4378-B23F-4155-AC8B-95E40F7370FC}) (Version: 1.15.4001 - HRB Technology, LLC.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard) HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6239 - Mozilla) NWZ-S540 WALKMAN Guide (HKLM-x32\...\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}) (Version: 2.0.00.07010 - Sony Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD) RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RogueKiller version 12.9.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.6.0 - Adlice Software) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uthgard Launcher (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0BAF62F2-FAFB-44BA-AA01-A02D7FF12BA3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {1E68D6FB-C3B1-4CCF-AB98-7ED668B58DCD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-31] (AVAST Software) Task: {274BB102-8D04-46E5-A79E-D14860A74EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {2BD23AC5-1AE4-4DDA-9587-C081BC86A246} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {2FF42FA2-4EE4-4AF8-AD5A-C65B330C09E6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-31] (Adobe Systems Incorporated) Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {36C0939E-1A7E-40C5-B4F3-E1154E139970} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {38703468-C162-4F57-B44C-44E58A48E390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {49F3F14B-37B0-4FF8-8D79-A67723C5CB0E} - System32\Tasks\{072CA81D-69BB-49C4-914E-7EAC144C21C4} => pcalua.exe -a "C:\Program Files\McAfee Security Scan\uninstall.exe" Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5345AC3C-FFF9-4831-B7E8-442B88B745F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {64F98E0C-AC2A-4256-AB40-F30489488D5C} - System32\Tasks\REGUtilities Task => C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {86B76D85-EC61-412A-8F5E-20B20B23A6CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B00420E6-58FD-4BA4-89B8-24504B76CB13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B8154F59-58F9-4937-80E6-BFB813638286} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BBEC600D-225B-4BB6-ABF1-9BEC62ADE6DC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {BEEFBCAC-0FD0-484D-841E-6BCD50C20927} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D6DA3362-2103-438C-95A8-10187738F89C} - System32\Tasks\HPCeeScheduleForBOBBY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {E29DD31D-0D97-4766-BD7D-D6792DE3241E} - System32\Tasks\SafeZone scheduled Autoupdate 1485906531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F90F3E4B-45EC-4E24-8B3E-D44B55610878} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-31] (AVAST Software) Task: {FA82EDE2-406E-403A-8015-31BAD5CE2FD0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\REGUtilities Task.job => C:\Program Files (x86)\REGUtilities\REGUtilities.exe -t C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-13 17:10 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-13 17:10 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-11-08 16:19 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-08 16:19 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-08 16:19 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-08 16:19 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-08 16:19 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-08 16:19 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-10-03 16:27 - 2016-10-03 16:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-13 17:09 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-12-13 17:09 - 2016-12-09 04:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-01-31 20:04 - 2017-01-31 20:04 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-01-31 20:04 - 2017-01-31 20:04 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-01-31 20:04 - 2017-01-31 20:04 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 16:47 - 2016-12-14 16:47 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll 2017-02-01 21:07 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-02-01 21:07 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-02-01 21:07 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-31 18:42 - 2017-01-31 18:42 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-31 18:42 - 2017-01-31 18:42 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-02-01 13:31 - 2017-02-01 13:31 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17020101\algo.dll 2017-01-31 18:42 - 2017-01-31 18:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-10-13 15:05 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-956974598-3299727750-65723944-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMD FUEL Service => 2 MSCONFIG\Services: AMD_RAIDXpert => 2 MSCONFIG\Services: DSAO => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: HPClientSvc => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: pdfcDispatcher => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TrueKey => 2 MSCONFIG\Services: TrueKeyScheduler => 2 MSCONFIG\Services: TrueKeyServiceHelper => 3 HKLM\...\StartupApproved\Run: => "BeatsOSDApp" HKLM\...\StartupApproved\Run: => "hpsysdrv" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "PDF Complete" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{9FD064D4-CD89-43C1-BB0D-ABE2CD1A1EF4}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B01E3941-B0C6-4E38-B978-0444CAA744EB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1AB7D572-B31F-475A-812B-39796CA9F452}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D96512AA-7D2C-410B-B970-26158E38E61D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A677BDEB-F455-486B-BA8C-627177E3E33D}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{51FBFFCF-7C67-4D7E-B72C-AD27D73475B2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C24D602C-0599-47A0-8BA0-4DEE2521526E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DFBF3220-475B-4E1F-BB00-6839C9D1B65D}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{08DB7BC7-5519-4E0C-AFB2-E0B81CB4EFA8}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{8198B192-730D-42CE-BDDB-754C06A3C136}] => LPort=1900 FirewallRules: [{80771F50-EFFA-429F-BA99-EE0E719DB6EF}] => LPort=2869 FirewallRules: [{8BDA70CE-E4B6-491B-AE18-B5647C851DDF}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{029D6B59-D202-4414-8D18-01BFB345837E}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{8E5436B7-277B-4E33-89F1-16FB14C5A901}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C6AB79E4-5276-49D1-8C20-923AAC1823D9}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9CFF2F32-298B-468C-8B67-3B58F8940774}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9D578EE5-CC31-4245-8660-F4A3895C93C6}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{411D98B1-C768-46C9-B667-55C09F037FB7}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{AB50CFA6-A8CF-4783-8D5A-E89A57DF1FDC}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{7EFCD63C-7B57-4E7D-827D-61F6C5BDF257}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{12CE08CE-7F59-4486-B373-1E5917BF1CDC}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{2C2D57AB-8E2B-413C-80B9-BFA7C8A8FBD2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DB280241-0DA7-4BF6-A43D-C6C5B528AB04}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{639932CC-61B7-4CB7-A0AF-D7832E2A5C58}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-01-2017 15:49:05 Removed Zinio Reader 4 31-01-2017 20:39:34 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: AMD Radeon HD 7450 Description: AMD Radeon HD 7450 Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices, Inc. Service: amdkmdap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2017 09:11:34 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 06:24:36 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 05:23:07 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:59:21 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:58:11 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:56:35 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:55:49 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:55:45 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:55:14 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 04:53:43 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. System errors: ============= Error: (02/01/2017 04:52:32 PM) (Source: DCOM) (EventID: 10016) (User: bobby-HP) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user bobby-HP\bobby SID (S-1-5-21-956974598-3299727750-65723944-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 09:30:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 09:30:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 09:30:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 09:30:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (02/01/2017 09:29:41 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: E:\Device\HarddiskVolume52 Error: (02/01/2017 01:08:54 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: E:\Device\HarddiskVolume52 Error: (01/31/2017 10:00:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 10:00:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 10:00:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-01-31 18:14:45.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:14:35.200 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:31.749 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:30.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:30.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:44:17.423 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:22.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:20.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:20.137 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:10:04.427 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 27% Total physical RAM: 10014.89 MB Available physical RAM: 7273.25 MB Total Virtual: 10654.89 MB Available Virtual: 7865.99 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.22 GB) (Free:1781.39 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:139.73 GB) (Free:56.79 GB) NTFS Drive m: (SSN) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: B1A1F069) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 139.7 GB) (Disk ID: B649B649) Partition 1: (Active) - (Size=139.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. Ok, I updated MBAM here is the new log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/1/17 Scan Time: 9:08 PM Logfile: mbamlog.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1154 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: bobby-HP\bobby -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 455231 Time Elapsed: 2 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  6. The avast was showing notifications about network issues. When I clicked on the notification Avast opened showing red in protection issues and network issues. Avast didn't provide anything else about this issues. Here is the logs: RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : bobby [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 01/31/2017 22:14:51 (Duration : 00:25:03) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7549\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x] -> Found [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_7549\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Seagate ST2000DL003-9VT1 SCSI Disk Device +++++ --- User --- [MBR] f5add1d7244139ed0d4d8b4fffe8e120 [BSP] 23561b79313aca46a562fa6e22330296 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1889507 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3869917184 | Size: 450 MB 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3870838784 | Size: 17289 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )] User != LL1 ... KO! --- LL1 --- [MBR] f5add1d7244139ed0d4d8b4fffe8e120 [BSP] 23561b79313aca46a562fa6e22330296 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1889507 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3869917184 | Size: 450 MB 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3870838784 | Size: 17289 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive1: WDC WD1500AHFD-00RAR SCSI Disk Device +++++ --- User --- [MBR] f19743c3bea6cb637dba6fa2e303c383 [BSP] 7a24422432587a193cb1835325b571b7 : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 143078 MB [Windows XP Bootstrap | Windows XP Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/31/2017 Scan Time: 4:57 PM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.01.31.07 Rootkit Database: v2016.11.20.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: bobby Scan Type: Threat Scan Result: Completed Objects Scanned: 367125 Time Elapsed: 12 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 9 PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASCValidatorService, Quarantined, [75fe94ee04a40f27909d1098798749b7], PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR, Quarantined, [b8bbd2b0dace1c1a171c144be21e0af6], PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [b7bc651daafe20169d2bf7688779ba46], PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [93e0ceb408a095a15276d788847c55ab], PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [0271d4ae88200f27a0222865c0401ee2], PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [aec53949e1c749ed7d4ba1be57a91ae6], PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [df943c461098d75fe7dbddb06c94a15f], PUP.Optional.YahooVNM, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Quarantined, [8ee55f234365ce683bfc403d23e0ba46], PUP.Optional.ASK, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [d69df092891fe353ac906529df211ee2], Registry Values: 14 PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR|affiliateid, Quarantined, [b8bbd2b0dace1c1a171c144be21e0af6], PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\bobby\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [b7bc651daafe20169d2bf7688779ba46], %5 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\WINDOWS\system32\OpenWith.exe "Quarantined", [fc77a2e0eeba2e0859b4da893ec245bb], %5 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\bobby\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [93e0ceb408a095a15276d788847c55ab], %5 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\WINDOWS\system32\OpenWith.exe "Quarantined", [165db2d0f7b177bf54b93b2816ea8f71], %5 PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF, Quarantined, [0271d4ae88200f27a0222865c0401ee2] PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\bobby\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [aec53949e1c749ed7d4ba1be57a91ae6], %5 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\WINDOWS\system32\OpenWith.exe "Quarantined", [383bd7abf8b00036ca4364ffc33d25db], %5 PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, Quarantined, [3e351d65cbddb581ab62153835cb4bb5] PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF, Quarantined, [df943c461098d75fe7dbddb06c94a15f] PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, Quarantined, [fe75d3afccdcbd79e41ac6d814efa45c] PUP.Optional.YahooVNM, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10122__160924__yaie&p={searchTerms}, Quarantined, [8ee55f234365ce683bfc403d23e0ba46] PUP.Optional.YahooVNM, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|TopResultURL, https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10122__160924__yaie&p={searchTerms}, Quarantined, [dc975b275c4cf442989f1e5fc142f709] PUP.Optional.ASK, HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF, Quarantined, [d69df092891fe353ac906529df211ee2] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 8 PUP.Optional.DriverUpdate, C:\Users\bobby\Downloads\DriverUpdate-setup.exe, Quarantined, [b3c0483a1d8bce685a4f5c0e5da38f71], PUP.Optional.DriverUpdate, C:\Users\bobby\Downloads\DriverUpdate-setup(1).exe, Quarantined, [2a49abd7d1d7979f1a8f79f14eb246ba], PUP.Optional.InstallCore, C:\Users\bobby\Downloads\xumouse-3.6.exe, Quarantined, [bbb8532fdace44f254847f92689ce51b], PUP.Optional.InstallCore, C:\Users\bobby\Downloads\xumouse.exe, Quarantined, [3241c0c29711cf6787ab84e46997c43c], PUP.Optional.APNToolBar, C:\Users\bobby2556\Documents\APNSetup.exe, Quarantined, [b5be10728f192c0a0512b0f8877a28d8], PUP.Optional.AdvanceSystemCare, C:\ProgramData\Comodo\Cis\Quarantine\data\{2A4E53BD-A94E-4BB5-8ECB-59E6511EE307}, Quarantined, [92e1463c0f990c2a06545e0803fdba46], PUP.Optional.MindSpark.Generic, C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\prefs.js, Good: (), Bad: (user_pref("extensions.toolbar.mindspark.hp.enabled", false);), Replaced,[1c57b4ce4d5ba2945effe54da35de818] PUP.Optional.MindSpark.Generic, C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\prefs.js, Good: (), Bad: (nces /* Do not edit this file. * * If you make changes to this file while the app), Replaced,[e78c9ee4f7b150e635288fa38977e818] Physical Sectors: 0 (No malicious items detected) (end) ------------------------------------------------------------------------------------------------------------------------------------------------------------ # AdwCleaner v6.043 - Logfile created 31/01/2017 at 17:22:03 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-01-30.3 [Server] # Operating System : Windows 10 Home (X64) # Username : bobby - BOBBY-HP # Running from : C:\Users\bobby\Downloads\adwcleaner_6.043.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\Users\bobby\AppData\Local\slimware utilities inc Folder Found: C:\Users\bobby\AppData\Local\SlimWare Utilities Inc Folder Found: C:\Users\bobby\AppData\Roaming\FileOpenerWindows Folder Found: C:\Users\bobby\AppData\Roaming\InstantSupport Folder Found: C:\ProgramData\ASCValidator Folder Found: C:\ProgramData\Application Data\ASCValidator Folder Found: C:\Users\Public\Documents\Downloaded Installers ***** [ Files ] ***** File Found: C:\WINDOWS\SysNative\LavasoftTcpService64.dll File Found: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini File Found: C:\WINDOWS\SysNative\drivers\swdumon.sys File Found: C:\Users\Public\Desktop\eBay.lnk File Found: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll File Found: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: SlimCleaner Plus (Scheduled Scan - bobby) ***** [ Registry ] ***** Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SlimService Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\darwendlm Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\csastats Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\InSTab Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\ACPTab Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\ICSW1.22 Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\darwendlm Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\csastats Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\InSTab Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\ACPTab Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\ICSW1.22 Key Found: HKCU\Software\darwendlm Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\SlimWare Utilities Inc Key Found: HKCU\Software\csastats Key Found: HKCU\Software\InSTab Key Found: HKCU\Software\ACPTab Key Found: HKCU\Software\ICSW1.22 Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc Key Found: HKLM\SOFTWARE\Lavasoft\Web Companion Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate Key Found: [x64] HKCU\Software\darwendlm Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\SlimWare Utilities Inc Key Found: [x64] HKCU\Software\csastats Key Found: [x64] HKCU\Software\InSTab Key Found: [x64] HKCU\Software\ACPTab Key Found: [x64] HKCU\Software\ICSW1.22 Key Found: [x64] HKLM\SOFTWARE\ASCValidatorService Key Found: [x64] HKLM\SOFTWARE\asc-pr Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-956974598-3299727750-65723944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe] Value Found: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe] Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Value Found: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [windowsfileopener.Dat] ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\prefs.js] - "extensions.toolbar.mindspark.hp.enabled" - false Firefox pref Found: [C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\prefs.js] - "extensions.toolbar.mindspark.lastInstalled" - "easypdfcombine@mindspark.com" Chrome pref Found: [C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [9724 Bytes] - [31/01/2017 17:22:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9797 Bytes] ########## ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 10 Home x64 Ran by bobby (Administrator) on Tue 01/31/2017 at 21:39:31.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{122FCF2F-C8E0-448E-A9A9-F9CC258C9F41} (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{122FCF2F-C8E0-448E-A9A9-F9CC258C9F41} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 01/31/2017 at 21:43:12.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. Good morning, this machine is showing me protection issues and network issues in Avast. Not sure why. Here is FRST logs have a look please: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by bobby (administrator) on BOBBY-HP (01-02-2017 10:39:09) Running from C:\Users\bobby\Desktop Loaded Profiles: bobby (Available Profiles: bobby & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [59112 2016-04-28] (Hewlett-Packard ) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-31] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {c8f67b2c-8946-11e5-8d70-74de2b79f7ca} - "M:\autoinst.exe" /checkssn ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-31] (AVAST Software) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{05dce99d-5de2-457e-9257-ffd89dfad120}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {122FCF2F-C8E0-448E-A9A9-F9CC258C9F41} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-31] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File Toolbar: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF ProfilePath: C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074 [2017-02-01] FF SearchPlugin: C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\searchplugins\google-lavasoft.xml [2016-09-24] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-31] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-31] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-31] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-31] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () Chrome: ======= CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-01-31] CHR Extension: (Google Slides) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-31] CHR Extension: (Google Docs) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-31] CHR Extension: (Google Drive) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31] CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31] CHR Extension: (Google Sheets) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-31] CHR Extension: (Google Docs Offline) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31] CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-31] (AVAST Software) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-31] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-31] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-31] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-31] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-31] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-31] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-12-14] (Advanced Micro Devices) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-13] (Disc Soft Ltd) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-31] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [570392 2016-04-28] (Tempo Semiconductor Inc.) R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc.) R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc.) S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X] U3 idsvc; no ImagePath S0 vhrfpdu; System32\drivers\qbbvfpvm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 10:39 - 2017-02-01 10:39 - 00018644 _____ C:\Users\bobby\Desktop\FRST.txt 2017-02-01 10:39 - 2017-02-01 10:39 - 00000000 ____D C:\FRST 2017-02-01 10:37 - 2017-02-01 10:37 - 02420736 _____ (Farbar) C:\Users\bobby\Desktop\FRST64.exe 2017-01-31 23:54 - 2017-01-31 23:55 - 162167600 _____ (Sophos Limited) C:\Users\bobby\Downloads\Sophos Virus Removal Tool(1).exe 2017-01-31 23:54 - 2017-01-31 23:54 - 00852798 _____ C:\Users\bobby\Downloads\SecurityCheck.exe 2017-01-31 23:38 - 2017-01-31 23:38 - 00000000 ____D C:\ProgramData\Adobe 2017-01-31 22:49 - 2017-01-31 22:49 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-01-31 22:49 - 2017-01-31 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-01-31 22:49 - 2017-01-31 22:49 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-01-31 22:28 - 2017-01-31 22:28 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-01-31 22:28 - 2017-01-31 22:28 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-01-31 22:27 - 2017-01-31 22:28 - 00739392 _____ (Oracle Corporation) C:\Users\bobby\Downloads\JavaSetup8u121.exe 2017-01-31 22:14 - 2017-01-31 22:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-01-31 22:14 - 2017-01-31 22:14 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-01-31 22:14 - 2017-01-31 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-01-31 22:14 - 2017-01-31 22:14 - 00000000 ____D C:\Program Files\RogueKiller 2017-01-31 22:13 - 2017-01-31 22:13 - 00000000 ____D C:\ProgramData\RogueKiller 2017-01-31 21:43 - 2017-01-31 21:43 - 00000951 _____ C:\Users\bobby\Desktop\JRT.txt 2017-01-31 20:37 - 2017-01-31 22:45 - 162160408 _____ (Sophos Limited) C:\Users\bobby\Downloads\Sophos Virus Removal Tool.exe 2017-01-31 20:33 - 2017-01-31 20:33 - 34821984 _____ (Adlice Software ) C:\Users\bobby\Downloads\roguekiller setup.exe 2017-01-31 20:14 - 2017-01-31 20:14 - 00000000 ____D C:\Users\bobby\AppData\Roaming\SUPERAntiSpyware.com 2017-01-31 20:13 - 2017-01-31 20:14 - 01663040 _____ (Malwarebytes) C:\Users\bobby\Desktop\JRT.exe 2017-01-31 20:13 - 2017-01-31 20:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-01-31 20:13 - 2017-01-31 20:13 - 00001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-01-31 20:13 - 2017-01-31 20:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-01-31 20:13 - 2017-01-31 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-01-31 20:12 - 2017-01-31 20:12 - 29086808 _____ (SUPERAntiSpyware) C:\Users\bobby\Downloads\SUPERAntiSpyware.exe 2017-01-31 20:08 - 2017-01-31 20:09 - 04015056 _____ C:\Users\bobby\Downloads\adwcleaner_6.043(1).exe 2017-01-31 19:50 - 2017-01-31 19:50 - 00000000 ____D C:\Users\bobby\Downloads\xumouse 2017-01-31 19:48 - 2017-01-31 20:23 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485906531 2017-01-31 19:48 - 2017-01-31 20:23 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-31 19:48 - 2017-01-31 19:48 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-01-31 19:48 - 2017-01-31 19:48 - 00001090 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-01-31 19:45 - 2017-01-31 19:45 - 25564840 _____ (HP Inc. ) C:\Users\bobby\Downloads\sp74939.exe 2017-01-31 19:44 - 2017-01-31 19:44 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-01-31 19:44 - 2017-01-31 19:44 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-31 19:44 - 2017-01-31 19:44 - 00000000 ____D C:\Users\bobby\AppData\Roaming\AVAST Software 2017-01-31 19:43 - 2017-01-31 19:43 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-01-31 19:43 - 2017-01-31 19:43 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-01-31 19:43 - 2017-01-31 19:43 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-01-31 19:43 - 2017-01-31 19:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2017-01-31 19:43 - 2017-01-31 19:43 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-31 19:42 - 2017-01-31 19:42 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2017-01-31 19:41 - 2017-01-31 19:48 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-31 19:41 - 2017-01-31 19:48 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-31 19:24 - 2017-01-31 19:24 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2017-01-31 19:19 - 2017-01-31 19:19 - 06253640 _____ (AVAST Software) C:\Users\bobby\Downloads\avast_free_antivirus_setup_online_cnet_2.exe 2017-01-31 19:09 - 2017-01-31 19:09 - 00006838 _____ C:\mbamlog.txt 2017-01-31 19:03 - 2016-12-21 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-31 19:03 - 2016-12-21 00:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-31 18:57 - 2017-01-31 18:57 - 00371079 _____ C:\Users\bobby\Desktop\CisReport_x64_v8.4.0.5165_20170131-185746.zip 2017-01-31 18:46 - 2017-01-31 18:46 - 00000000 ____D C:\Users\bobby\AppData\Local\AMD 2017-01-31 18:42 - 2017-01-31 18:42 - 00000000 ____D C:\ProgramData\ATI 2017-01-31 17:19 - 2017-01-31 20:15 - 00000000 ____D C:\AdwCleaner 2017-01-31 17:19 - 2017-01-31 17:19 - 04015056 _____ C:\Users\bobby\Desktop\adwcleaner_6.043.exe 2017-01-31 17:17 - 2017-01-31 17:17 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-31 17:01 - 2017-01-31 17:01 - 00000000 __SHD C:\found.001 2017-01-31 16:51 - 2017-01-31 16:51 - 00000000 ____D C:\ProgramData\PDFC 2017-01-31 16:44 - 2017-01-31 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2017-01-31 16:43 - 2017-01-31 18:08 - 00000000 ____D C:\Program Files\AMD 2017-01-31 16:43 - 2017-01-31 16:43 - 00000000 ____D C:\ProgramData\AMD 2017-01-31 16:18 - 2017-01-31 19:06 - 00000000 ____D C:\Users\bobby\Desktop\video driver 2017-01-31 15:53 - 2017-01-31 22:59 - 00261484 ____N C:\WINDOWS\Minidump\013117-85578-01.dmp 2017-01-31 15:53 - 2017-01-31 20:02 - 00557772 ____N C:\WINDOWS\Minidump\013117-35453-01.dmp 2017-01-31 15:53 - 2017-01-31 18:33 - 00553165 ____N C:\WINDOWS\Minidump\013117-32953-01.dmp 2017-01-31 15:53 - 2017-01-31 17:51 - 00557837 ____N C:\WINDOWS\Minidump\013117-30171-01.dmp 2017-01-31 15:53 - 2017-01-31 17:34 - 00557837 ____N C:\WINDOWS\Minidump\013117-33937-01.dmp 2017-01-31 15:53 - 2017-01-31 17:33 - 00557348 ____N C:\WINDOWS\Minidump\013117-32718-01.dmp 2017-01-31 15:53 - 2017-01-31 17:29 - 00557837 ____N C:\WINDOWS\Minidump\013117-32765-02.dmp 2017-01-31 15:53 - 2017-01-31 17:27 - 00558669 ____N C:\WINDOWS\Minidump\013117-32593-02.dmp 2017-01-31 15:53 - 2017-01-31 17:24 - 00557844 ____N C:\WINDOWS\Minidump\013117-33562-01.dmp 2017-01-31 15:53 - 2017-01-31 16:42 - 00558628 ____N C:\WINDOWS\Minidump\013117-29734-01.dmp 2017-01-31 15:53 - 2017-01-31 16:40 - 00557796 ____N C:\WINDOWS\Minidump\013117-32750-01.dmp 2017-01-31 15:53 - 2017-01-31 16:38 - 00553165 ____N C:\WINDOWS\Minidump\013117-32578-01.dmp 2017-01-31 15:53 - 2017-01-31 16:35 - 00557284 ____N C:\WINDOWS\Minidump\013117-33015-01.dmp 2017-01-31 15:53 - 2017-01-31 16:34 - 00559117 ____N C:\WINDOWS\Minidump\013117-32765-01.dmp 2017-01-31 15:12 - 2017-01-31 15:12 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-31 15:12 - 2017-01-31 15:12 - 00002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-31 15:12 - 2017-01-31 15:12 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk 2017-01-31 15:12 - 2017-01-31 15:12 - 00000000 ____D C:\Users\bobby\AppData\Local\Google 2017-01-31 15:12 - 2017-01-31 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2017-01-31 15:12 - 2017-01-31 15:12 - 00000000 ____D C:\Program Files\Speccy 2017-01-31 15:11 - 2017-01-31 15:12 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-31 15:11 - 2017-01-31 15:11 - 06293184 _____ (Piriform Ltd) C:\Users\bobby\Desktop\spsetup130.exe 2017-01-31 15:07 - 2017-01-31 20:05 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-01-31 14:54 - 2017-01-31 14:54 - 00000000 ____D C:\Users\bobby\AppData\Local\ElevatedDiagnostics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 10:33 - 2016-09-23 15:18 - 00000000 ____D C:\Users\bobby\AppData\LocalLow\Mozilla 2017-02-01 10:29 - 2016-10-03 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-01 10:29 - 2016-07-25 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-01 02:20 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-01 02:20 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-01 02:17 - 2016-10-03 13:42 - 00000000 ____D C:\Users\bobby 2017-02-01 02:13 - 2015-11-09 08:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-01 02:09 - 2015-11-09 08:23 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-31 23:38 - 2016-07-25 20:57 - 00000000 ____D C:\Users\bobby\AppData\Local\Adobe 2017-01-31 23:38 - 2015-11-08 05:36 - 00000000 ____D C:\Users\bobby\AppData\Roaming\Adobe 2017-01-31 23:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-31 23:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-31 22:59 - 2016-10-13 15:24 - 00000000 ____D C:\WINDOWS\Minidump 2017-01-31 22:59 - 2016-10-03 13:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-31 22:39 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-01-31 22:38 - 2016-07-24 19:11 - 00000000 ____D C:\ProgramData\Oracle 2017-01-31 22:38 - 2016-07-24 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-31 22:38 - 2016-07-24 19:11 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-31 22:37 - 2016-07-24 19:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-01-31 21:06 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-31 21:06 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-31 20:49 - 2016-10-03 13:42 - 00000000 ____D C:\Users\DefaultAppPool 2017-01-31 20:17 - 2015-11-08 05:34 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job 2017-01-31 19:53 - 2011-02-11 12:32 - 00000000 ____D C:\SWSETUP 2017-01-31 19:46 - 2016-10-03 13:40 - 00006848 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-31 19:40 - 2015-11-13 07:22 - 00001415 _____ C:\Users\bobby\Desktop\sn.lnk 2017-01-31 19:34 - 2016-10-03 14:00 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBOBBY-HP$ 2017-01-31 19:26 - 2016-07-28 17:29 - 00000000 ____D C:\Program Files\Intel 2017-01-31 19:26 - 2016-07-28 17:28 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-01-31 19:23 - 2016-07-28 17:18 - 00000000 ____D C:\ProgramData\McAfee 2017-01-31 19:08 - 2015-11-08 05:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-31 17:24 - 2010-11-20 23:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-01-31 17:17 - 2015-11-08 07:12 - 00002401 _____ C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-31 17:17 - 2015-11-08 05:49 - 00001169 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-01-31 17:17 - 2015-11-08 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-01-31 17:17 - 2015-11-08 05:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-31 17:16 - 2015-11-08 07:12 - 00000000 ___RD C:\Users\bobby\OneDrive 2017-01-31 16:55 - 2012-02-14 21:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2017-01-31 16:55 - 2012-02-14 21:36 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2017-01-31 16:54 - 2016-10-03 14:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2017-01-31 16:54 - 2012-02-14 21:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2017-01-31 16:52 - 2016-01-20 11:32 - 00000000 ____D C:\Program Files (x86)\Driver Support 2017-01-31 16:51 - 2012-02-14 21:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers 2017-01-31 16:43 - 2016-07-28 17:29 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-31 16:43 - 2012-02-14 21:39 - 00000000 ____D C:\Program Files (x86)\AMD 2017-01-31 16:38 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-31 16:26 - 2015-11-08 06:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-31 16:13 - 2016-01-20 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\Nui 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-31 15:36 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-31 15:36 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-01-31 15:36 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-01-31 15:36 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2017-01-31 15:35 - 2016-10-03 14:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-01-31 15:35 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-01-31 15:35 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\servicing 2017-01-31 15:35 - 2016-01-20 01:04 - 00000000 ____D C:\Users\bobby\AppData\Roaming\DAoC Portal 2017-01-31 15:35 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-31 15:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration 2017-01-31 15:06 - 2015-11-08 14:37 - 00565645 ____N C:\WINDOWS\Minidump\013117-36093-01.dmp 2017-01-31 14:43 - 2015-11-08 14:37 - 00557453 ____N C:\WINDOWS\Minidump\013117-58921-01.dmp 2017-01-10 21:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\msvcp110.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-01 01:05 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by bobby (01-02-2017 10:40:20) Running from C:\Users\bobby\Desktop Windows 10 Home Version 1607 (X64) (2016-10-03 18:08:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-956974598-3299727750-65723944-500 - Administrator - Disabled) bobby (S-1-5-21-956974598-3299727750-65723944-1001 - Administrator - Enabled) => C:\Users\bobby DefaultAccount (S-1-5-21-956974598-3299727750-65723944-503 - Limited - Disabled) Guest (S-1-5-21-956974598-3299727750-65723944-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-956974598-3299727750-65723944-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{421976B6-DEC6-4CA5-941F-F0663B3A2B74}) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Genesis version Genesis Launcher 1.011 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.011 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.8101 - HRB Technology, LLC.) H&R Block Michigan 2015 (HKLM-x32\...\{C34A4378-B23F-4155-AC8B-95E40F7370FC}) (Version: 1.15.4001 - HRB Technology, LLC.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard) HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6239 - Mozilla) NWZ-S540 WALKMAN Guide (HKLM-x32\...\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}) (Version: 2.0.00.07010 - Sony Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD) RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RogueKiller version 12.9.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.6.0 - Adlice Software) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uthgard Launcher (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0BAF62F2-FAFB-44BA-AA01-A02D7FF12BA3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {1E68D6FB-C3B1-4CCF-AB98-7ED668B58DCD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-31] (AVAST Software) Task: {274BB102-8D04-46E5-A79E-D14860A74EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {2BD23AC5-1AE4-4DDA-9587-C081BC86A246} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {2FF42FA2-4EE4-4AF8-AD5A-C65B330C09E6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-31] (Adobe Systems Incorporated) Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {36C0939E-1A7E-40C5-B4F3-E1154E139970} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {38703468-C162-4F57-B44C-44E58A48E390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {49F3F14B-37B0-4FF8-8D79-A67723C5CB0E} - System32\Tasks\{072CA81D-69BB-49C4-914E-7EAC144C21C4} => pcalua.exe -a "C:\Program Files\McAfee Security Scan\uninstall.exe" Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5345AC3C-FFF9-4831-B7E8-442B88B745F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {64F98E0C-AC2A-4256-AB40-F30489488D5C} - System32\Tasks\REGUtilities Task => C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {86B76D85-EC61-412A-8F5E-20B20B23A6CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B00420E6-58FD-4BA4-89B8-24504B76CB13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B8154F59-58F9-4937-80E6-BFB813638286} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BBEC600D-225B-4BB6-ABF1-9BEC62ADE6DC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {BEEFBCAC-0FD0-484D-841E-6BCD50C20927} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D6DA3362-2103-438C-95A8-10187738F89C} - System32\Tasks\HPCeeScheduleForBOBBY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {E29DD31D-0D97-4766-BD7D-D6792DE3241E} - System32\Tasks\SafeZone scheduled Autoupdate 1485906531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F90F3E4B-45EC-4E24-8B3E-D44B55610878} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-31] (AVAST Software) Task: {FA82EDE2-406E-403A-8015-31BAD5CE2FD0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\REGUtilities Task.job => C:\Program Files (x86)\REGUtilities\REGUtilities.exe -t C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-13 18:10 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-13 18:10 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\bobby\AppData\Local\MEGAsync\ShellExtX64.dll 2016-11-08 17:19 - 2016-11-02 06:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-08 17:19 - 2016-11-02 06:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-08 17:19 - 2016-11-02 06:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-08 17:19 - 2016-11-02 06:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-08 17:19 - 2016-11-02 06:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-08 17:19 - 2016-11-02 06:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-10-03 17:27 - 2016-10-03 17:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-13 18:09 - 2016-12-09 05:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-12-13 18:09 - 2016-12-09 05:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-01-31 19:42 - 2017-01-31 19:42 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-31 19:48 - 2017-01-31 19:48 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17020100\algo.dll 2017-01-31 19:42 - 2017-01-31 19:42 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-01-31 19:42 - 2017-01-31 19:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-10-13 16:05 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-956974598-3299727750-65723944-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMD FUEL Service => 2 MSCONFIG\Services: AMD_RAIDXpert => 2 MSCONFIG\Services: DSAO => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: HPClientSvc => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: pdfcDispatcher => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TrueKey => 2 MSCONFIG\Services: TrueKeyScheduler => 2 MSCONFIG\Services: TrueKeyServiceHelper => 3 HKLM\...\StartupApproved\Run: => "BeatsOSDApp" HKLM\...\StartupApproved\Run: => "hpsysdrv" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "PDF Complete" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{9FD064D4-CD89-43C1-BB0D-ABE2CD1A1EF4}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B01E3941-B0C6-4E38-B978-0444CAA744EB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1AB7D572-B31F-475A-812B-39796CA9F452}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D96512AA-7D2C-410B-B970-26158E38E61D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A677BDEB-F455-486B-BA8C-627177E3E33D}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{51FBFFCF-7C67-4D7E-B72C-AD27D73475B2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C24D602C-0599-47A0-8BA0-4DEE2521526E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DFBF3220-475B-4E1F-BB00-6839C9D1B65D}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{08DB7BC7-5519-4E0C-AFB2-E0B81CB4EFA8}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{8198B192-730D-42CE-BDDB-754C06A3C136}] => LPort=1900 FirewallRules: [{80771F50-EFFA-429F-BA99-EE0E719DB6EF}] => LPort=2869 FirewallRules: [{8BDA70CE-E4B6-491B-AE18-B5647C851DDF}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{029D6B59-D202-4414-8D18-01BFB345837E}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{8E5436B7-277B-4E33-89F1-16FB14C5A901}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C6AB79E4-5276-49D1-8C20-923AAC1823D9}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9CFF2F32-298B-468C-8B67-3B58F8940774}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9D578EE5-CC31-4245-8660-F4A3895C93C6}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{411D98B1-C768-46C9-B667-55C09F037FB7}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{AB50CFA6-A8CF-4783-8D5A-E89A57DF1FDC}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{7EFCD63C-7B57-4E7D-827D-61F6C5BDF257}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{12CE08CE-7F59-4486-B373-1E5917BF1CDC}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{2C2D57AB-8E2B-413C-80B9-BFA7C8A8FBD2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DB280241-0DA7-4BF6-A43D-C6C5B528AB04}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{639932CC-61B7-4CB7-A0AF-D7832E2A5C58}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-01-2017 16:49:05 Removed Zinio Reader 4 31-01-2017 21:39:34 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: AMD Radeon HD 7450 Description: AMD Radeon HD 7450 Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices, Inc. Service: amdkmdap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2017 10:39:13 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 10:36:20 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 10:32:53 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 10:32:00 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (4216) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (02/01/2017 10:31:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: bobby-HP) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.576_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (02/01/2017 02:17:07 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3844) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (01/31/2017 11:38:00 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3844) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (01/31/2017 11:08:37 PM) (Source: MsiInstaller) (EventID: 11606) (User: bobby-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error: (01/31/2017 11:08:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: bobby-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error: (01/31/2017 11:07:23 PM) (Source: MsiInstaller) (EventID: 11606) (User: bobby-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. System errors: ============= Error: (02/01/2017 10:30:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 10:30:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 10:30:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/01/2017 10:30:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (02/01/2017 10:29:41 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: E:\Device\HarddiskVolume52 Error: (02/01/2017 02:08:54 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: E:\Device\HarddiskVolume52 Error: (01/31/2017 11:00:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 11:00:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 11:00:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/31/2017 11:00:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetPipeActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-01-31 19:14:45.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 19:14:35.200 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:45:31.749 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:45:30.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:45:30.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:44:17.423 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:11:22.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:11:20.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:11:20.137 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:10:04.427 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 21% Total physical RAM: 10014.89 MB Available physical RAM: 7892.63 MB Total Virtual: 10654.89 MB Available Virtual: 8542.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.22 GB) (Free:1783.5 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:139.73 GB) (Free:56.79 GB) NTFS Drive m: (SSN) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: B1A1F069) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 139.7 GB) (Disk ID: B649B649) Partition 1: (Active) - (Size=139.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. [RESOLVED] Had unauthorized bank use

    Thanks a lot Broni. The PC seems ok now. I just hope this person did not steal my friends identity. I'll have them try out LifeLock or something.
  9. [RESOLVED] Had unauthorized bank use

    Ok nice thanks for help. Sophos scan was clean so I do not have a log. Here is the other logs: Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Java 8 Update 111 Java version 32-bit out of Date! Adobe Flash Player 24.0.0.186 Mozilla Firefox (50.1.0) Mozilla Thunderbird (45.6.0) Google Chrome (55.0.2883.87) Google Chrome (plugins...) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Comodo Firewall cmdagent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` -------------------------------------------------------------------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by r (administrator) on 08-01-2017 at 11:58:00 Running from "C:\Users\r\Desktop" Microsoft Windows 8.1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  10. [RESOLVED] Had unauthorized bank use

    Ok here is logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017 Ran by r (administrator) on MYPC (07-01-2017 21:14:31) Running from C:\Users\r\Desktop Loaded Profiles: r (Available Profiles: r) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\System32\consent.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-11-14] (COMODO) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-01-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [BingSvc] => C:\Users\r\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-18] (Siber Systems) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-20] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-29] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-07-20] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-20] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0AFB2531-3F52-4F94-B5DB-9FA0100A878F}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0C045A7A-E6E7-444F-BB59-583EC18ECB3D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> DefaultScope {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {B33B2A9F-F2E8-4364-B3B9-B8B7B8EC702F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-07] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) FireFox: ======== FF DefaultProfile: sbhzbhbt.default FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default [2017-01-07] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Yahoo FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Google FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\sbhzbhbt.default -> hxxp://google.com FF Session Restore: Mozilla\Firefox\Profiles\sbhzbhbt.default -> is enabled. FF Keyword.URL: Mozilla\Firefox\Profiles\sbhzbhbt.default -> hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Extension: (Ad-Aware Ad Block) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-12-16] FF Extension: (AdBlocker Ultimate) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28] FF Extension: (Add to Amazon Wish List Button) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-05] FF Extension: (InvisibleHand) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2016-11-20] FF Extension: (adblockgmail) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\jid1-dswFGkUjb2SIHv@jetpack.xpi [2016-12-14] FF Extension: (LastPass) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\support@lastpass.com [2016-12-16] FF Extension: (Ebates Cash Back) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-12-25] FF Extension: (WOT) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-06] FF Extension: (Adblock Plus) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: (RoboForm Toolbar for Firefox) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-09-18] [not signed] FF HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-07] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-10-12] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin HKU\S-1-5-21-4097768012-1274822476-2557327463-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\r\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default [2017-01-07] CHR Extension: (Google Slides) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09] CHR Extension: (Google Docs) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09] CHR Extension: (Google Drive) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09] CHR Extension: (YouTube) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09] CHR Extension: (Google Search) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09] CHR Extension: (Coupon Maker) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmkfflcdbpcaonppclhmbakcoapem [2016-06-22] CHR Extension: (Google Sheets) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09] CHR Extension: (Google Docs Offline) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-13] CHR Extension: (Yahoo Partner) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-06-17] CHR Extension: (Gmail) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09] CHR Extension: (Chrome Media Router) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-01] CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-11-14] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-11-14] (COMODO) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2016-12-23] (Aviata, Inc.) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-01-07] (Foxit Software Inc.) R2 HPSLPSVC; C:\Users\r\AppData\Local\Temp\7zS070B\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S3 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1181328 2016-12-23] (Lavasoft) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc) R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-08-31] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [853904 2016-08-31] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45592 2016-08-31] (COMODO) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-11-04] (Samsung Electronics Co., Ltd.) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138560 2016-08-31] (COMODO) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-11-04] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-07 21:14 - 2017-01-07 21:14 - 00026983 _____ C:\Users\r\Desktop\FRST.txt 2017-01-07 19:06 - 2017-01-07 19:06 - 00000883 _____ C:\Users\r\Desktop\JRT.txt 2017-01-07 18:55 - 2017-01-07 18:55 - 00001532 _____ C:\Users\r\Desktop\AdwCleaner[C0].txt 2017-01-07 18:53 - 2017-01-07 18:53 - 00000000 ___RD C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-01-07 18:38 - 2017-01-07 18:51 - 00000000 ____D C:\AdwCleaner 2017-01-07 18:38 - 2017-01-07 18:38 - 00008982 _____ C:\Users\r\Desktop\rogue.txt 2017-01-07 17:33 - 2017-01-07 17:40 - 00000000 ____D C:\Users\r\AppData\Roaming\ImgBurn 2017-01-07 17:32 - 2017-01-07 17:32 - 00001895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2017-01-07 17:32 - 2017-01-07 17:32 - 00001883 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2017-01-07 17:32 - 2017-01-07 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2017-01-07 17:32 - 2017-01-07 17:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2017-01-07 16:52 - 2017-01-07 16:52 - 00000872 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-01-07 16:52 - 2017-01-07 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-01-07 16:52 - 2017-01-07 16:52 - 00000000 ____D C:\Program Files\RogueKiller 2017-01-07 16:51 - 2017-01-07 16:51 - 00001160 _____ C:\Users\r\Desktop\mbamlog.txt 2017-01-07 16:49 - 2017-01-07 16:49 - 34631352 _____ (Adlice Software ) C:\Users\r\Desktop\setup.exe 2017-01-07 16:48 - 2017-01-07 16:48 - 03988944 _____ C:\Users\r\Desktop\AdwCleaner.exe 2017-01-07 16:48 - 2017-01-07 16:48 - 01663040 _____ (Malwarebytes) C:\Users\r\Desktop\JRT.exe 2017-01-07 15:12 - 2017-01-07 21:14 - 00000000 ____D C:\FRST 2017-01-07 15:12 - 2017-01-07 15:12 - 02418688 _____ (Farbar) C:\Users\r\Desktop\FRST64.exe 2017-01-07 15:01 - 2017-01-07 15:01 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-01-07 15:01 - 2017-01-07 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-07 15:01 - 2017-01-07 15:01 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-07 14:59 - 2017-01-07 14:59 - 00001373 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Foxit Software 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform 2016-12-29 18:39 - 2016-12-29 18:39 - 00001812 _____ C:\Users\r\Desktop\Vuze.lnk 2016-12-29 18:07 - 2016-12-29 18:07 - 00000000 ____D C:\Users\r\AppData\Roaming\TeamViewer 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 4).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 3).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 2).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 1).job 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 4) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 3) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 2) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 1) 2016-12-23 21:06 - 2015-09-08 20:05 - 00093360 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys 2016-12-23 19:15 - 2016-12-23 19:15 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration 2016-12-22 11:32 - 2016-12-22 11:32 - 00002144 _____ C:\Users\r\Desktop\walmart chat.txt 2016-12-21 23:13 - 2016-12-21 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2016-12-21 13:15 - 2016-12-21 23:12 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-12-13 22:36 - 2016-12-13 22:36 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2016-12-13 22:36 - 2016-12-13 22:36 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL 2016-12-13 22:36 - 2016-12-13 22:36 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys 2016-12-13 22:36 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2016-12-13 22:36 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\system32\locale.nls 2016-12-13 22:36 - 2016-09-27 15:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml 2016-12-12 11:33 - 2016-12-12 11:33 - 00721726 _____ C:\Users\r\Desktop\004.jpg 2016-12-11 22:05 - 2016-12-11 22:05 - 00066140 _____ C:\Users\r\Desktop\ipad.JPG 2016-12-11 11:35 - 2016-12-11 11:35 - 00061682 _____ C:\Users\r\Desktop\miles tablet.jpg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-07 21:12 - 2016-02-06 10:09 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2017-01-07 21:11 - 2015-07-22 21:46 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-01-07 21:01 - 2016-04-14 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-07 20:56 - 2016-02-04 23:14 - 00000388 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2017-01-07 20:11 - 2015-07-22 21:46 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-01-07 19:07 - 2015-07-21 19:54 - 00000000 ____D C:\Users\r\AppData\LocalLow\LastPass 2017-01-07 19:06 - 2016-11-28 16:50 - 00000000 ____D C:\Users\r\AppData\LocalLow\Mozilla 2017-01-07 19:03 - 2015-06-23 18:42 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4097768012-1274822476-2557327463-1001 2017-01-07 19:03 - 2015-06-23 18:38 - 00000000 __RDO C:\Users\r\OneDrive 2017-01-07 18:57 - 2014-11-20 23:42 - 01162822 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-07 18:57 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2017-01-07 18:52 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-07 17:13 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-01-07 16:53 - 2016-02-06 14:30 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-01-07 16:51 - 2015-06-24 14:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-07 15:03 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Resources 2017-01-07 15:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-07 15:02 - 2016-01-09 16:04 - 00000000 ____D C:\ProgramData\Oracle 2017-01-07 15:00 - 2016-04-14 19:30 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-07 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-07 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-07 14:59 - 2015-06-24 15:12 - 00000000 ____D C:\Users\r\AppData\Local\Adobe 2017-01-07 14:17 - 2016-11-22 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-01-07 14:17 - 2015-06-23 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-06 17:26 - 2015-07-15 15:05 - 00000000 ____D C:\Users\r\Desktop\Random pics 2017-01-06 17:26 - 2015-06-23 19:55 - 00000000 ____D C:\Users\r\Desktop\Chase ETC 2017-01-06 17:25 - 2015-07-11 16:50 - 00718336 ___SH C:\Users\r\Downloads\Thumbs.db 2016-12-30 12:55 - 2015-06-24 16:34 - 00000000 ____D C:\Users\r\AppData\Roaming\Azureus 2016-12-30 12:50 - 2016-10-31 19:35 - 00000000 ____D C:\Users\r\Desktop\Robo form password backup moms old pc 2016-12-26 04:54 - 2014-12-19 03:53 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000001.regtrans-ms 2016-12-26 04:54 - 2014-12-19 03:53 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TM.blf 2016-12-26 04:51 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\catroot2 2016-12-25 14:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache 2016-12-25 14:08 - 2015-09-08 20:05 - 00003604 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2016-12-25 14:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Tasks 2016-12-25 14:07 - 2013-08-22 10:31 - 00000000 ____D C:\Windows\system32\DriverStore 2016-12-25 14:07 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinSxS 2016-12-25 14:06 - 2016-11-20 10:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-25 14:06 - 2013-08-22 09:44 - 00377720 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-25 14:04 - 2015-05-14 00:54 - 00524288 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 14:04 - 2015-05-14 00:54 - 00065536 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf 2016-12-25 14:04 - 2014-11-20 22:50 - 00000000 ____D C:\Windows\system32\Drivers\en-US 2016-12-25 14:04 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\en-US 2016-12-25 14:04 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\en-US 2016-12-25 14:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\wbem 2016-12-25 14:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe 2016-12-23 19:15 - 2015-05-14 01:15 - 00000000 ____D C:\Windows\System32\Tasks\Dell 2016-12-23 19:15 - 2015-05-14 01:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-12-23 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-12-21 23:13 - 2015-05-14 01:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-12-16 16:04 - 2015-06-24 17:27 - 00000000 ____D C:\Users\r\AppData\Local\CrashDumps 2016-12-16 15:24 - 2015-07-17 20:44 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 15:24 - 2015-07-17 20:44 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 11:08 - 2016-11-22 13:00 - 00000000 ____D C:\Users\r\Desktop\OLD PC 2016-12-14 18:20 - 2016-01-09 15:02 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-14 11:34 - 2013-08-22 10:36 - 00000000 __RSD C:\Windows\assembly 2016-12-14 02:09 - 2015-06-26 04:39 - 00000000 ____D C:\Windows\system32\MRT 2016-12-14 02:09 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2016-12-14 02:07 - 2015-06-26 04:39 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-12-14 02:07 - 2014-11-21 07:47 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-14 02:07 - 2014-11-21 07:47 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-13 15:22 - 2016-05-26 09:54 - 00000000 ____D C:\Users\r\Desktop\New folder 2016-12-12 11:33 - 2016-07-01 14:42 - 00241152 ___SH C:\Users\r\Desktop\Thumbs.db Some files in TEMP: ==================== C:\Users\r\AppData\Local\Temp\dllnt_dump.dll C:\Users\r\AppData\Local\Temp\FoxitUpdater.exe C:\Users\r\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\r\AppData\Local\Temp\jre-8u111-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-04 02:57 ==================== End of FRST.txt ============================ -------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2017 Ran by r (07-01-2017 21:15:07) Running from C:\Users\r\Desktop Windows 8.1 (Update) (X64) (2015-06-23 23:35:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4097768012-1274822476-2557327463-500 - Administrator - Disabled) Guest (S-1-5-21-4097768012-1274822476-2557327463-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4097768012-1274822476-2557327463-1003 - Limited - Enabled) r (S-1-5-21-4097768012-1274822476-2557327463-1001 - Administrator - Enabled) => C:\Users\r ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware (x32 Version: 8.1.0 - Lavasoft) Hidden Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell System Detect (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Foxit PhantomPDF Business (HKLM-x32\...\{BC99D091-67DA-419D-BB72-D64B94203917}) (Version: 7.1.5.425 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\HP Photo Creations) (Version: 1.0.0.19662 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems) RogueKiller version 12.9.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.1.0 - Adlice Software) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 4.0.3.312816 - Linden Research, Inc.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.41 - Stardock Software, Inc.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.) WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E507543-4357-4716-9AAE-37840AE4473C} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2016-12-23] (Aviata Inc) Task: {1643E503-4DE0-4202-88CD-8271097295F2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {24D46A20-BE5E-4B12-8C01-78673A3E7EAD} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {24FBA04A-AF47-4E9C-A72E-BB14800B0B69} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {2A918867-3906-4CDF-B292-7EA5B8E86722} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {2C004B25-8748-4F20-9515-4CD8AD9F8FAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {30D4018B-AE40-4E25-A98A-5ADC2B4D1837} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-18] (Siber Systems) Task: {42DA5CD5-047F-4A41-8227-8C8A4FE7E7A2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-11-14] (COMODO) Task: {4C1FD6B8-5A19-4BE4-A268-DBBE7BE070A5} - System32\Tasks\{4FD0F0C5-AB4E-47A8-AA42-A27F5368C875} => pcalua.exe -a C:\Users\r\Downloads\cpro32_623_1364.exe -d C:\Users\r\Downloads Task: {5D57F43B-7960-4092-BACD-938CB3388355} - System32\Tasks\{6396FF8E-6879-411C-8094-3FFCD3DAD884} => pcalua.exe -a F:\cpro32.exe -d F:\ Task: {6116556D-AEB7-4EA4-85E3-926D740FE87E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-07] (Adobe Systems Incorporated) Task: {6757E3B3-3D06-4056-B4CF-E2F90994B113} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {683B1A8D-8E9A-40E2-B139-42F57816B276} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"] Task: {69C297FA-1C6F-4885-AECF-8F431570BBA2} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2016-12-23] (Aviata Inc) Task: {83622306-3EE2-44C2-83A2-EDBD46338387} - System32\Tasks\HP Photo Creations Communicator => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-02-04] () Task: {8D107A8E-CBF8-405E-AD5F-E0BD93C9A9D3} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {9526B327-6E62-474B-AB98-DDF47DBDD66B} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNOMCNMMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNIJNKJCMJNNICMJNDJCMKJBJ" Task: {A5A0DB84-208A-4601-AB62-D0B94CC2E4BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {AD344072-E3DA-4E9E-9F91-E6016708E2AD} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {C70BE064-CECB-4858-A648-41F0AD76846B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {CBDAC909-72D8-4E64-B33F-7D0B12424851} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {D1E6C94B-2B23-439A-B5B2-6628001CA107} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {D35618E4-E825-4BAB-9CBA-5D5E0312DBD7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMHMKMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMJMMMFMPMJNFI (the data entry has 31 more characters). Task: {E1283E54-716C-4AE9-BF2C-B486187F5D38} - System32\Tasks\{EC08A0C7-52EA-4871-AF66-D75A55D1E04B} => pcalua.exe -a C:\Users\r\Downloads\cpic32_623_1364.exe -d C:\Users\r\Downloads Task: {E5D12C1A-E446-4143-A4BD-19C36CD2B882} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {E939FBDE-A9D3-440A-8AF2-733816C015BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {EB175765-C915-4DD9-BC1D-7EF7538B1954} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-11-14] (COMODO) Task: {F2E68F9B-0736-44E2-8481-34EF8506D317} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {F6B34F00-5D20-4CF0-A130-11AEBFB78972} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\r\Desktop\OLD PC\moms folders\Desktop\Desktop\desktop\Favorites\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============== 2015-01-08 22:02 - 2016-03-16 05:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2016-12-16 09:13 - 2016-12-16 09:13 - 01114136 _____ () C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DbxSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GPhotos.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-canary.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-dev.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-stable.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\parport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serial.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifibus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwififlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifimp.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\004.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\AdwCleaner.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\AdwCleaner.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\DDA-Director-Job-Posting.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\JRT.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\ND-14-0008.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\Sophos Virus Removal Tool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\Sophos Virus Removal Tool.exe:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-06-16 10:43 - 00000834 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\r\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Dell Customer Connect => 2 MSCONFIG\Services: Dell Help & Support => 2 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McAWFwk => 3 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McNaiAnn => 3 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 3 MSCONFIG\Services: McProxy => 3 MSCONFIG\Services: MSK80Service => 2 MSCONFIG\Services: PDFsam Enhanced => 3 MSCONFIG\Services: PDFsam Enhanced CrashHandler => 3 MSCONFIG\Services: PDFsam Enhanced Creator => 2 MSCONFIG\Services: PDFsam Manager => 2 MSCONFIG\Services: SupportAssistAgent => 2 HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "BingSvc" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{51EC3F36-4DA8-4800-891C-A7E7CC4299F2}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B6F98FB6-4031-4B18-A2E6-EDFCA5A1E36F}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{14CE3398-5E0C-41AB-87BB-8FE5913DE604}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1A159B7A-432F-4977-BD55-87A91BDF56D6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DF2CA2A6-6A53-4A4B-85EC-DF3366B7A0BE}] => F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4E263ADD-65BB-4E28-951D-09745179424D}] => F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4621F2FB-8F49-4D61-A902-112865183ADC}] => C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{36980A12-564C-4ED0-A4CA-FFBD79FECB90}] => C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{B8B98331-1B5E-43B7-B77F-939908B56BA4}] => C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{52C5160C-7D6A-4D4C-84C4-9F7C4B6C6C97}] => C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CD1B66F-2BA9-4F76-9920-44DA432E206C}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{6065F500-5656-42BB-8C04-1AA619B951D1}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{742EB319-36F0-4ABD-8AAA-5F00E02C1A23}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{451CA570-BA0C-4F5C-AE53-EEADEB4652ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{538806D6-21D9-43B2-983C-E3A08AD4251C}] => F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{3EE1F596-C231-41F8-8819-E528CF387F1B}] => F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{C09C2E43-E5CE-445A-B032-8339D4B59136}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{91B567EA-C830-4AAB-A94C-781EE9C3F149}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{05BB8AEB-34E2-4AF9-862D-4C5CCC02AAA2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C5AF79D6-3B07-42A0-9F26-86F868444374}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{784F7048-47F0-4902-9CF3-BE698307C7A9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{5584567F-977F-4CCF-AFE7-E069757F5989}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{7A03AD63-794A-466C-8F2C-1192D54AC1AA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D104FD7B-1A76-4D9B-9539-0441CE358E83}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A9D16E73-EB8E-4574-B73E-DDE292EFA012}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{E9F16F9B-FF68-4942-A57F-461614EB59F4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6B9B7A6E-6084-49B1-828D-EAF96ACD88E5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{915A4BBE-8E5E-4087-A7FE-10C47F826ECA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{859E69F7-D379-4939-A9B3-583EB8DAB425}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{7D5C1A27-932D-47A6-A41D-244494807489}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{111DEF6A-B7EE-4B7F-983A-B7001DB43B97}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{6EDEBC10-0BCE-4D10-9942-03AA44BB079C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{E2054E47-AAF9-492F-9F0B-3F494E1DD409}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FC963E38-8F6B-42E8-A3A8-90FC7FF6168F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{860ABC0D-E6F6-49CA-918F-B16F2559D06F}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{5CD88139-3643-4050-B645-5FDB5A60ADB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{2F13BEFE-B126-4774-9944-29244D94A1F4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [TCP Query User{0D9CE2E7-0B74-4A0A-A6CE-F22BB8D4CB9E}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{D7F13FF1-AFB8-44CA-A606-4936ADB24972}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{880A395B-9A24-49CC-8C90-4D4732DB7BD0}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C4D547DB-64DC-40F4-80DD-4CD2E619ECA8}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 14-12-2016 02:05:48 Windows Update 28-12-2016 16:17:01 Scheduled Checkpoint 07-01-2017 14:48:41 Scheduled Checkpoint 07-01-2017 18:56:07 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2017 05:53:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.17415, time stamp: 0x54505614 Faulting module name: ProtectionManagement.dll, version: 4.8.207.0, time stamp: 0x55933dc7 Exception code: 0xc0000005 Fault offset: 0x000000000000f674 Faulting process id: 0x126c Faulting application start time: 0x01d26933534dc059 Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Program Files\Windows Defender\ProtectionManagement.dll Report Id: 0fa46171-d52c-11e6-82b8-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (01/07/2017 05:13:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.17415, time stamp: 0x54505614 Faulting module name: ProtectionManagement.dll, version: 4.8.207.0, time stamp: 0x55933dc7 Exception code: 0xc0000005 Fault offset: 0x000000000000f674 Faulting process id: 0x1390 Faulting application start time: 0x01d269334a89cbd9 Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Program Files\Windows Defender\ProtectionManagement.dll Report Id: 8882a31c-d526-11e6-82b8-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (01/07/2017 05:13:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.17415, time stamp: 0x54505614 Faulting module name: ProtectionManagement.dll, version: 4.8.207.0, time stamp: 0x55933dc7 Exception code: 0xc0000005 Fault offset: 0x000000000000f674 Faulting process id: 0x15bc Faulting application start time: 0x01d26923028a2729 Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe Faulting module path: C:\Program Files\Windows Defender\ProtectionManagement.dll Report Id: 83bdec67-d526-11e6-82b8-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (01/07/2017 03:14:22 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfDisk" in the "C:\Windows\System32\perfdisk.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/23/2016 02:31:01 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfDisk" in the "C:\Windows\System32\perfdisk.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/21/2016 11:13:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DbxSvc.exe, version: 1.0.19.0, time stamp: 0x582e3478 Faulting module name: Unknown!wine_get_version, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000139 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x2398 Faulting application start time: 0x01d25c09c2758bd6 Faulting application path: C:\Windows\system32\DbxSvc.exe Faulting module path: Unknown Report Id: 0037d592-c7fd-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:43:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1df4 Start Time: 01d257e003108229 Termination Time: 42 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 9ca58401-c3d8-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 50.0.2.6177 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fec Start Time: 01d24ef83ab1a6d0 Termination Time: 53 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 36da5595-c3d3-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:04:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 50.0.2.6177, time stamp: 0x583e5197 Faulting module name: mozglue.dll, version: 50.0.2.6177, time stamp: 0x583e4b91 Exception code: 0x80000003 Fault offset: 0x0000ed43 Faulting process id: 0x11b4 Faulting application start time: 0x01d251702af7c721 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 397fb185-c3d3-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/15/2016 10:12:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DbxSvc.exe, version: 1.0.19.0, time stamp: 0x582e3478 Faulting module name: Unknown!wine_get_version, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000139 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x2184 Faulting application start time: 0x01d2574a4c0e7a88 Faulting application path: C:\Windows\system32\DbxSvc.exe Faulting module path: Unknown Report Id: 89d6430c-c33d-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (01/07/2017 06:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DbxSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/07/2017 06:52:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect. Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s). Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (01/07/2017 06:51:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s). Error: (01/07/2017 06:51:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/07/2017 06:51:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-01-07 21:14:24.641 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 19:14:48.969 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 18:55:53.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 18:51:49.261 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 18:38:48.597 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 17:44:28.002 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 17:30:46.185 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 16:49:55.206 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 15:57:17.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 15:09:36.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz Percentage of memory in use: 26% Total physical RAM: 8108.94 MB Available physical RAM: 5936.31 MB Total Virtual: 9388.94 MB Available Virtual: 7330.47 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.39 GB) (Free:824.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 753CDF2B) Partition: GPT. ==================== End of Addition.txt ============================
  11. [RESOLVED] Had unauthorized bank use

    Ok, here is the logs: RogueKiller V12.9.1.0 (x64) [Jan 2 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : r [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 01/07/2017 17:30:29 (Duration : 00:22:45) ¤¤¤ Processes : 2 ¤¤¤ [Suspicious.Path] setup.tmp(5516) -- C:\Users\r\AppData\Local\Temp\is-B00JU.tmp\setup.tmp[x] -> Killed [TermThr] [Suspicious.Path] setup.tmp(3624) -- C:\Users\r\AppData\Local\Temp\is-0DH27.tmp\setup.tmp[x] -> Killed [TermThr] ¤¤¤ Registry : 8 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {962AB04C-32DC-47D6-8B46-8DEEB96DFD0F} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe|Name=proinstaller1096605312| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18468981-E613-47A0-9482-51D505876D16} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe|Name=proinstaller1096605312| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D524603D-9537-4D47-8885-7566815E61AF} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe|Name=proinstaller1065859364| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1AFE0555-9DE8-48E3-8DF4-2ACADC3B28E8} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe|Name=proinstaller1065859364| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {95317AEE-4BC1-4976-8375-4833288CE313} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1F882AA3-C887-44BC-AA3C-D33FF266ED4B} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D7A6E51-7B29-4128-A948-21B57D709104} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AB000502-FA76-480E-AA85-D042554F3087} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1ER162 +++++ --- User --- [MBR] 5725f48daf040a8daa5eed3ca2b3990b [BSP] 3e8280a392b3ce4e87e28c1f529b9ddc : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [HIDDEN!][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB 4 - Basic data partition | Offset (sectors): 2906112 | Size: 944526 MB 5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1937295360 | Size: 7923 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: HP Photosmart C3140 USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/7/2017 Scan Time: 2:36 PM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.01.07.02 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: r Scan Type: Threat Scan Result: Completed Objects Scanned: 302442 Time Elapsed: 9 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Perion, C:\ProgramData\Comodo\Cis\Quarantine\data\{0F09B3D6-9770-4C39-9981-461E3E51B542}, Quarantined, [bd5120598127cb6b1f21beed2cd51ae6], Physical Sectors: 0 (No malicious items detected) (end) ----------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v6.042 - Logfile created 07/01/2017 at 18:51:54 # Updated on 06/01/2017 by Malwarebytes # Database : 2017-01-06.1 [Server] # Operating System : Windows 8.1 (X64) # Username : r - MYPC # Running from : C:\Users\r\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: CouponPrinterService ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Web browsers ] ***** [-] [C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1307 Bytes] - [07/01/2017 18:51:54] C:\AdwCleaner\AdwCleaner[S0].txt - [1543 Bytes] - [07/01/2017 18:40:08] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1453 Bytes] ########## -------------------------------------------------------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 8.1 x64 Ran by r (Administrator) on Sat 01/07/2017 at 18:56:05.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Windows\couponprinter.ocx (File) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 01/07/2017 at 19:06:41.50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. Hello, Had some unauthorized transactions with my bank. I got that part sorted out and passwords changed already. Now I'm concerned that the PC might be infected. Here is a look at FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017 Ran by r (administrator) on MYPC (07-01-2017 15:12:54) Running from C:\Users\r\Desktop Loaded Profiles: r (Available Profiles: r) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-11-14] (COMODO) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-01-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [BingSvc] => C:\Users\r\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-18] (Siber Systems) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-20] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-29] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-07-20] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-20] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0AFB2531-3F52-4F94-B5DB-9FA0100A878F}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0C045A7A-E6E7-444F-BB59-583EC18ECB3D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> DefaultScope {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {B33B2A9F-F2E8-4364-B3B9-B8B7B8EC702F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-07] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) FireFox: ======== FF DefaultProfile: sbhzbhbt.default FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default [2017-01-07] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Yahoo FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Google FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sbhzbhbt.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\sbhzbhbt.default -> hxxp://google.com FF Session Restore: Mozilla\Firefox\Profiles\sbhzbhbt.default -> is enabled. FF Keyword.URL: Mozilla\Firefox\Profiles\sbhzbhbt.default -> hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Extension: (Ad-Aware Ad Block) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-12-16] FF Extension: (AdBlocker Ultimate) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28] FF Extension: (Add to Amazon Wish List Button) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-05] FF Extension: (InvisibleHand) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2016-11-20] FF Extension: (adblockgmail) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\jid1-dswFGkUjb2SIHv@jetpack.xpi [2016-12-14] FF Extension: (LastPass) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\support@lastpass.com [2016-12-16] FF Extension: (Ebates Cash Back) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-12-25] FF Extension: (WOT) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-06] FF Extension: (Adblock Plus) - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: (RoboForm Toolbar for Firefox) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-09-18] [not signed] FF HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-07] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-07] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-10-12] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin HKU\S-1-5-21-4097768012-1274822476-2557327463-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\r\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default [2016-12-01] CHR Extension: (Google Slides) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09] CHR Extension: (Google Docs) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09] CHR Extension: (Google Drive) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09] CHR Extension: (YouTube) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09] CHR Extension: (Google Search) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09] CHR Extension: (Coupon Maker) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmkfflcdbpcaonppclhmbakcoapem [2016-06-22] CHR Extension: (Google Sheets) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09] CHR Extension: (Google Docs Offline) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-13] CHR Extension: (Yahoo Partner) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-06-17] CHR Extension: (Gmail) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09] CHR Extension: (Chrome Media Router) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-01] CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-11-14] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-11-14] (COMODO) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2016-12-23] (Aviata, Inc.) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-01-07] (Foxit Software Inc.) R2 HPSLPSVC; C:\Users\r\AppData\Local\Temp\7zS070B\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S3 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1181328 2016-12-23] (Lavasoft) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc) R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-08-31] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [853904 2016-08-31] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45592 2016-08-31] (COMODO) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-11-04] (Samsung Electronics Co., Ltd.) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138560 2016-08-31] (COMODO) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-11-04] (Samsung Electronics Co., Ltd.) U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [24688 2016-06-16] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-07 15:12 - 2017-01-07 15:13 - 00028000 _____ C:\Users\r\Desktop\FRST.txt 2017-01-07 15:12 - 2017-01-07 15:12 - 02418688 _____ (Farbar) C:\Users\r\Desktop\FRST64.exe 2017-01-07 15:12 - 2017-01-07 15:12 - 00000000 ____D C:\FRST 2017-01-07 15:05 - 2017-01-07 15:05 - 00000000 ___RD C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-01-07 15:01 - 2017-01-07 15:01 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-01-07 15:01 - 2017-01-07 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-07 15:01 - 2017-01-07 15:01 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-07 14:59 - 2017-01-07 14:59 - 00001373 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Foxit Software 2017-01-07 14:59 - 2017-01-07 14:59 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform 2016-12-29 18:39 - 2016-12-29 18:39 - 00001812 _____ C:\Users\r\Desktop\Vuze.lnk 2016-12-29 18:07 - 2016-12-29 18:07 - 00000000 ____D C:\Users\r\AppData\Roaming\TeamViewer 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 4).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 3).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 2).job 2016-12-28 14:33 - 2017-01-07 14:25 - 00000412 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 1).job 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 4) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 3) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 2) 2016-12-23 21:06 - 2016-12-25 14:08 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 1) 2016-12-23 21:06 - 2015-09-08 20:05 - 00093360 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys 2016-12-23 19:15 - 2016-12-23 19:15 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration 2016-12-22 11:32 - 2016-12-22 11:32 - 00002144 _____ C:\Users\r\Desktop\walmart chat.txt 2016-12-21 23:13 - 2016-12-21 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2016-12-21 13:15 - 2016-12-21 23:13 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2016-12-21 13:15 - 2016-12-21 23:12 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-12-13 22:36 - 2016-12-13 22:36 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2016-12-13 22:36 - 2016-12-13 22:36 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2016-12-13 22:36 - 2016-12-13 22:36 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL 2016-12-13 22:36 - 2016-12-13 22:36 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-12-13 22:36 - 2016-12-13 22:36 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-12-13 22:36 - 2016-12-13 22:36 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys 2016-12-13 22:36 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2016-12-13 22:36 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\system32\locale.nls 2016-12-13 22:36 - 2016-09-27 15:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml 2016-12-12 11:33 - 2016-12-12 11:33 - 00721726 _____ C:\Users\r\Desktop\004.jpg 2016-12-11 22:05 - 2016-12-11 22:05 - 00066140 _____ C:\Users\r\Desktop\ipad.JPG 2016-12-11 11:35 - 2016-12-11 11:35 - 00061682 _____ C:\Users\r\Desktop\miles tablet.jpg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-07 15:11 - 2015-07-22 21:46 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-01-07 15:10 - 2015-06-23 18:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4097768012-1274822476-2557327463-1001 2017-01-07 15:09 - 2014-11-20 23:42 - 01162822 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-07 15:09 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2017-01-07 15:08 - 2016-11-28 16:50 - 00000000 ____D C:\Users\r\AppData\LocalLow\Mozilla 2017-01-07 15:08 - 2015-07-21 19:54 - 00000000 ____D C:\Users\r\AppData\LocalLow\LastPass 2017-01-07 15:05 - 2015-06-23 18:38 - 00000000 __RDO C:\Users\r\OneDrive 2017-01-07 15:04 - 2015-07-22 21:46 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-01-07 15:04 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-07 15:03 - 2016-02-06 10:09 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2017-01-07 15:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-07 15:02 - 2016-01-09 16:04 - 00000000 ____D C:\ProgramData\Oracle 2017-01-07 15:01 - 2016-04-14 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-07 15:00 - 2016-04-14 19:30 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-07 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-07 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-07 14:59 - 2015-06-24 15:12 - 00000000 ____D C:\Users\r\AppData\Local\Adobe 2017-01-07 14:59 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Resources 2017-01-07 14:56 - 2016-02-04 23:14 - 00000388 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2017-01-07 14:35 - 2015-06-24 14:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-07 14:17 - 2016-11-22 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-01-07 14:17 - 2015-06-23 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-06 17:26 - 2015-07-15 15:05 - 00000000 ____D C:\Users\r\Desktop\Random pics 2017-01-06 17:26 - 2015-06-23 19:55 - 00000000 ____D C:\Users\r\Desktop\Chase ETC 2017-01-06 17:25 - 2015-07-11 16:50 - 00718336 ___SH C:\Users\r\Downloads\Thumbs.db 2016-12-30 12:55 - 2015-06-24 16:34 - 00000000 ____D C:\Users\r\AppData\Roaming\Azureus 2016-12-30 12:50 - 2016-10-31 19:35 - 00000000 ____D C:\Users\r\Desktop\Robo form password backup moms old pc 2016-12-29 18:07 - 2015-06-23 18:34 - 00000000 ____D C:\Users\r\AppData\Roaming 2016-12-26 04:54 - 2014-12-19 03:53 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000001.regtrans-ms 2016-12-26 04:54 - 2014-12-19 03:53 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TM.blf 2016-12-26 04:51 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\catroot2 2016-12-25 14:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache 2016-12-25 14:08 - 2015-09-08 20:05 - 00003604 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2016-12-25 14:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Tasks 2016-12-25 14:07 - 2013-08-22 10:31 - 00000000 ____D C:\Windows\system32\DriverStore 2016-12-25 14:07 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinSxS 2016-12-25 14:06 - 2016-11-20 10:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-25 14:06 - 2013-08-22 09:44 - 00377720 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-25 14:04 - 2015-05-14 00:54 - 00524288 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 14:04 - 2015-05-14 00:54 - 00065536 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf 2016-12-25 14:04 - 2014-11-20 22:50 - 00000000 ____D C:\Windows\system32\Drivers\en-US 2016-12-25 14:04 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\en-US 2016-12-25 14:04 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\en-US 2016-12-25 14:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\wbem 2016-12-25 14:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe 2016-12-23 19:15 - 2015-05-14 01:15 - 00000000 ____D C:\Windows\System32\Tasks\Dell 2016-12-23 19:15 - 2015-05-14 01:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-12-23 16:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-12-21 23:13 - 2015-05-14 01:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-12-16 16:04 - 2015-06-24 17:27 - 00000000 ____D C:\Users\r\AppData\Local\CrashDumps 2016-12-16 15:24 - 2015-07-17 20:44 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 15:24 - 2015-07-17 20:44 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 11:08 - 2016-11-22 13:00 - 00000000 ____D C:\Users\r\Desktop\OLD PC 2016-12-14 18:20 - 2016-01-09 15:02 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-14 11:34 - 2013-08-22 10:36 - 00000000 __RSD C:\Windows\assembly 2016-12-14 02:09 - 2015-06-26 04:39 - 00000000 ____D C:\Windows\system32\MRT 2016-12-14 02:09 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2016-12-14 02:07 - 2015-06-26 04:39 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-12-14 02:07 - 2014-11-21 07:47 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-14 02:07 - 2014-11-21 07:47 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-13 15:22 - 2016-05-26 09:54 - 00000000 ____D C:\Users\r\Desktop\New folder 2016-12-12 11:33 - 2016-07-01 14:42 - 00241152 ___SH C:\Users\r\Desktop\Thumbs.db Some files in TEMP: ==================== C:\Users\r\AppData\Local\Temp\FoxitUpdater.exe C:\Users\r\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\r\AppData\Local\Temp\jre-8u111-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-04 02:57 ==================== End of FRST.txt ============================ ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2017 Ran by r (07-01-2017 15:13:24) Running from C:\Users\r\Desktop Windows 8.1 (Update) (X64) (2015-06-23 23:35:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4097768012-1274822476-2557327463-500 - Administrator - Disabled) Guest (S-1-5-21-4097768012-1274822476-2557327463-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4097768012-1274822476-2557327463-1003 - Limited - Enabled) r (S-1-5-21-4097768012-1274822476-2557327463-1001 - Administrator - Enabled) => C:\Users\r ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware (x32 Version: 8.1.0 - Lavasoft) Hidden Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell System Detect (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Foxit PhantomPDF Business (HKLM-x32\...\{BC99D091-67DA-419D-BB72-D64B94203917}) (Version: 7.1.5.425 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\HP Photo Creations) (Version: 1.0.0.19662 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 4.0.3.312816 - Linden Research, Inc.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.41 - Stardock Software, Inc.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.) WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E507543-4357-4716-9AAE-37840AE4473C} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2016-12-23] (Aviata Inc) Task: {1643E503-4DE0-4202-88CD-8271097295F2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {24D46A20-BE5E-4B12-8C01-78673A3E7EAD} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {24FBA04A-AF47-4E9C-A72E-BB14800B0B69} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {2A918867-3906-4CDF-B292-7EA5B8E86722} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {2C004B25-8748-4F20-9515-4CD8AD9F8FAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {30D4018B-AE40-4E25-A98A-5ADC2B4D1837} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-18] (Siber Systems) Task: {42DA5CD5-047F-4A41-8227-8C8A4FE7E7A2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-11-14] (COMODO) Task: {4C1FD6B8-5A19-4BE4-A268-DBBE7BE070A5} - System32\Tasks\{4FD0F0C5-AB4E-47A8-AA42-A27F5368C875} => pcalua.exe -a C:\Users\r\Downloads\cpro32_623_1364.exe -d C:\Users\r\Downloads Task: {5D57F43B-7960-4092-BACD-938CB3388355} - System32\Tasks\{6396FF8E-6879-411C-8094-3FFCD3DAD884} => pcalua.exe -a F:\cpro32.exe -d F:\ Task: {6116556D-AEB7-4EA4-85E3-926D740FE87E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-07] (Adobe Systems Incorporated) Task: {6757E3B3-3D06-4056-B4CF-E2F90994B113} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {683B1A8D-8E9A-40E2-B139-42F57816B276} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"] Task: {69C297FA-1C6F-4885-AECF-8F431570BBA2} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2016-12-23] (Aviata Inc) Task: {83622306-3EE2-44C2-83A2-EDBD46338387} - System32\Tasks\HP Photo Creations Communicator => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-02-04] () Task: {8D107A8E-CBF8-405E-AD5F-E0BD93C9A9D3} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {9526B327-6E62-474B-AB98-DDF47DBDD66B} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNOMCNMMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNIJNKJCMJNNICMJNDJCMKJBJ" Task: {A5A0DB84-208A-4601-AB62-D0B94CC2E4BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {AD344072-E3DA-4E9E-9F91-E6016708E2AD} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {C70BE064-CECB-4858-A648-41F0AD76846B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {CBDAC909-72D8-4E64-B33F-7D0B12424851} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {D1E6C94B-2B23-439A-B5B2-6628001CA107} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {D35618E4-E825-4BAB-9CBA-5D5E0312DBD7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMHMKMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMJMMMFMPMJNFI (the data entry has 31 more characters). Task: {E1283E54-716C-4AE9-BF2C-B486187F5D38} - System32\Tasks\{EC08A0C7-52EA-4871-AF66-D75A55D1E04B} => pcalua.exe -a C:\Users\r\Downloads\cpic32_623_1364.exe -d C:\Users\r\Downloads Task: {E5D12C1A-E446-4143-A4BD-19C36CD2B882} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) Task: {E939FBDE-A9D3-440A-8AF2-733816C015BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {EB175765-C915-4DD9-BC1D-7EF7538B1954} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-11-14] (COMODO) Task: {F2E68F9B-0736-44E2-8481-34EF8506D317} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2016-12-23] (Lavasoft) Task: {F6B34F00-5D20-4CF0-A130-11AEBFB78972} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-11-14] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\r\Desktop\OLD PC\moms folders\Desktop\Desktop\desktop\Favorites\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============== 2009-09-23 08:19 - 2015-09-08 20:05 - 00398568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll 2015-01-08 22:02 - 2016-03-16 05:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-05-14 01:07 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2016-12-16 09:13 - 2016-12-16 09:13 - 01114136 _____ () C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DbxSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GPhotos.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-canary.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-dev.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dbx-stable.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\parport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serial.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifibus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwififlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifimp.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\004.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\DDA-Director-Job-Posting.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\r\Desktop\ND-14-0008.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\Sophos Virus Removal Tool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\r\Desktop\Sophos Virus Removal Tool.exe:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-06-16 10:43 - 00000834 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\r\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Dell Customer Connect => 2 MSCONFIG\Services: Dell Help & Support => 2 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McAWFwk => 3 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McNaiAnn => 3 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 3 MSCONFIG\Services: McProxy => 3 MSCONFIG\Services: MSK80Service => 2 MSCONFIG\Services: PDFsam Enhanced => 3 MSCONFIG\Services: PDFsam Enhanced CrashHandler => 3 MSCONFIG\Services: PDFsam Enhanced Creator => 2 MSCONFIG\Services: PDFsam Manager => 2 MSCONFIG\Services: SupportAssistAgent => 2 HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "BingSvc" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{51EC3F36-4DA8-4800-891C-A7E7CC4299F2}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B6F98FB6-4031-4B18-A2E6-EDFCA5A1E36F}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{14CE3398-5E0C-41AB-87BB-8FE5913DE604}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1A159B7A-432F-4977-BD55-87A91BDF56D6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{962AB04C-32DC-47D6-8B46-8DEEB96DFD0F}] => C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{18468981-E613-47A0-9482-51D505876D16}] => C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{D524603D-9537-4D47-8885-7566815E61AF}] => C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{1AFE0555-9DE8-48E3-8DF4-2ACADC3B28E8}] => C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{DF2CA2A6-6A53-4A4B-85EC-DF3366B7A0BE}] => F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4E263ADD-65BB-4E28-951D-09745179424D}] => F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4621F2FB-8F49-4D61-A902-112865183ADC}] => C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{36980A12-564C-4ED0-A4CA-FFBD79FECB90}] => C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{B8B98331-1B5E-43B7-B77F-939908B56BA4}] => C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{52C5160C-7D6A-4D4C-84C4-9F7C4B6C6C97}] => C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CD1B66F-2BA9-4F76-9920-44DA432E206C}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{6065F500-5656-42BB-8C04-1AA619B951D1}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{742EB319-36F0-4ABD-8AAA-5F00E02C1A23}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{451CA570-BA0C-4F5C-AE53-EEADEB4652ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{538806D6-21D9-43B2-983C-E3A08AD4251C}] => F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{3EE1F596-C231-41F8-8819-E528CF387F1B}] => F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{C09C2E43-E5CE-445A-B032-8339D4B59136}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{91B567EA-C830-4AAB-A94C-781EE9C3F149}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{05BB8AEB-34E2-4AF9-862D-4C5CCC02AAA2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C5AF79D6-3B07-42A0-9F26-86F868444374}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{784F7048-47F0-4902-9CF3-BE698307C7A9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{5584567F-977F-4CCF-AFE7-E069757F5989}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{7A03AD63-794A-466C-8F2C-1192D54AC1AA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D104FD7B-1A76-4D9B-9539-0441CE358E83}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A9D16E73-EB8E-4574-B73E-DDE292EFA012}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{E9F16F9B-FF68-4942-A57F-461614EB59F4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6B9B7A6E-6084-49B1-828D-EAF96ACD88E5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{915A4BBE-8E5E-4087-A7FE-10C47F826ECA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{859E69F7-D379-4939-A9B3-583EB8DAB425}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{7D5C1A27-932D-47A6-A41D-244494807489}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{111DEF6A-B7EE-4B7F-983A-B7001DB43B97}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{6EDEBC10-0BCE-4D10-9942-03AA44BB079C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{E2054E47-AAF9-492F-9F0B-3F494E1DD409}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FC963E38-8F6B-42E8-A3A8-90FC7FF6168F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{860ABC0D-E6F6-49CA-918F-B16F2559D06F}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{95317AEE-4BC1-4976-8375-4833288CE313}] => C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{1F882AA3-C887-44BC-AA3C-D33FF266ED4B}] => C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{5D7A6E51-7B29-4128-A948-21B57D709104}] => C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{AB000502-FA76-480E-AA85-D042554F3087}] => C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{5CD88139-3643-4050-B645-5FDB5A60ADB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{2F13BEFE-B126-4774-9944-29244D94A1F4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [TCP Query User{0D9CE2E7-0B74-4A0A-A6CE-F22BB8D4CB9E}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{D7F13FF1-AFB8-44CA-A606-4936ADB24972}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{880A395B-9A24-49CC-8C90-4D4732DB7BD0}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C4D547DB-64DC-40F4-80DD-4CD2E619ECA8}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 14-12-2016 02:05:48 Windows Update 28-12-2016 16:17:01 Scheduled Checkpoint 07-01-2017 14:48:41 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2017 03:14:22 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfDisk" in the "C:\Windows\System32\perfdisk.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/23/2016 02:31:01 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfDisk" in the "C:\Windows\System32\perfdisk.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/21/2016 11:13:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DbxSvc.exe, version: 1.0.19.0, time stamp: 0x582e3478 Faulting module name: Unknown!wine_get_version, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000139 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x2398 Faulting application start time: 0x01d25c09c2758bd6 Faulting application path: C:\Windows\system32\DbxSvc.exe Faulting module path: Unknown Report Id: 0037d592-c7fd-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:43:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1df4 Start Time: 01d257e003108229 Termination Time: 42 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 9ca58401-c3d8-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:04:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 50.0.2.6177 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fec Start Time: 01d24ef83ab1a6d0 Termination Time: 53 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 36da5595-c3d3-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/16/2016 04:04:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 50.0.2.6177, time stamp: 0x583e5197 Faulting module name: mozglue.dll, version: 50.0.2.6177, time stamp: 0x583e4b91 Exception code: 0x80000003 Fault offset: 0x0000ed43 Faulting process id: 0x11b4 Faulting application start time: 0x01d251702af7c721 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 397fb185-c3d3-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/15/2016 10:12:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DbxSvc.exe, version: 1.0.19.0, time stamp: 0x582e3478 Faulting module name: Unknown!wine_get_version, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000139 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x2184 Faulting application start time: 0x01d2574a4c0e7a88 Faulting application path: C:\Windows\system32\DbxSvc.exe Faulting module path: Unknown Report Id: 89d6430c-c33d-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: Error: (12/13/2016 04:32:29 AM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfProc" in the "C:\Windows\System32\perfproc.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/12/2016 02:22:55 AM) (Source: Perflib) (EventID: 1015) (User: ) Description: The performance data collection function "PerfProc" in the "C:\Windows\System32\perfproc.dll" library did not complete in the allowed time. There may be a problem with this extensible counter, the service from which the counter is collecting data, or the system may have been very busy when this call was attempted. Error: (12/03/2016 08:13:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DbxSvc.exe, version: 1.0.18.0, time stamp: 0x57fffa05 Faulting module name: Unknown!wine_get_version, version: 6.3.9600.18438, time stamp: 0x57ae642e Exception code: 0xc0000139 Fault offset: 0x00000000000ecdd0 Faulting process id: 0x310 Faulting application start time: 0x01d24dcb96204062 Faulting application path: C:\Windows\system32\DbxSvc.exe Faulting module path: Unknown Report Id: d3df7d6a-b9be-11e6-82b2-4cbb58a33244 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (01/07/2017 03:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DbxSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/07/2017 03:04:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect. Error: (01/07/2017 02:59:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Foxit Reader Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/07/2017 02:18:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DbxSvc service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (01/07/2017 02:18:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect. Error: (01/07/2017 01:55:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20. Error: (12/30/2016 05:08:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DbxSvc service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (12/30/2016 05:08:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect. Error: (12/29/2016 03:34:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DbxSvc service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (12/29/2016 03:34:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect. CodeIntegrity: =================================== Date: 2017-01-07 15:09:36.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 14:58:46.812 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 14:27:03.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 14:07:07.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 13:40:00.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-07 12:46:18.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-04 20:59:41.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-03 16:33:09.752 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-03 10:19:38.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-30 17:09:59.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz Percentage of memory in use: 27% Total physical RAM: 8108.94 MB Available physical RAM: 5881.1 MB Total Virtual: 9388.94 MB Available Virtual: 7222.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.39 GB) (Free:824.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 753CDF2B) Partition: GPT. ==================== End of Addition.txt ============================
  13. My laptop seems to be running better now! Malwarebytes is opening at boot up again. Thanks! # DelFix v1.013 - Logfile created 11/09/2016 at 11:46:36 # Updated 17/04/2016 by Xplode # Username : Dan - DAN-PC # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Dan\Desktop\FRST64.exe Deleted : C:\Users\Dan\Desktop\FSS.exe Deleted : C:\Users\Dan\Desktop\SecurityCheck.exe Deleted : HKLM\SOFTWARE\OldTimer Tools ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #1 [Windows Update | 09/09/2016 01:46:28] Deleted : RP #3 [Removed Sophos Virus Removal Tool. | 09/11/2016 03:24:38] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  14. Ok all finished, thank you. Sophos scanned clean so no log was produced. Here is logs: Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 101 Java version 32-bit out of Date! Adobe Flash Player 22.0.0.209 Mozilla Firefox (48.0.2) Google Chrome (51.0.2704.103) Google Chrome (52.0.2743.116) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Comodo Firewall cmdagent.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------------ Farbar Service Scanner Version: 27-01-2016 Ran by Dan (administrator) on 10-09-2016 at 23:53:02 Running from "C:\Users\Dan\Desktop" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  15. Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dan (10-09-2016 19:24:02) Run:1 Running from C:\Users\Dan\Desktop Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found 2016-09-08 16:13 - 2016-09-08 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll C:\Users\Dan\AppData\Local\Temp\libeay32.dll C:\Users\Dan\AppData\Local\Temp\msvcr120.dll C:\Users\Dan\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dan\AppData\Local\Temp\sqlite3.dll CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esxcwiad.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmnetbridge.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vnetinst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnat.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnetdhcp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vsocklib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnet.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetadapter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetbridge.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-1.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-2.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-3.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\ipscan-win64-3.4.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\JRT.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\SweevaBot v1.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\WinFlashTool.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Bitmessage.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\camfrog coin getter.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\cjoverkill.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\faucetinabox-r63.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\freebitcodotintricks.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\google play services.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\HitLeap Viewer.msi:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\index(2).php:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\JavaSetup8u91.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\LineInst.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\Pwi_ArcSetup.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\readme.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\uthgard.setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdZnID [26] ***************** HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com => value removed successfully C:\ProgramData\DP45977C.lfl => moved successfully C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\Dan\AppData\Local\Temp\sqlite3.dll => moved successfully "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully "C:\WINDOWS\system32\aclui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXApplicabilityBlob.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\bcastdvr.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CastLaunch.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\cdd.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakra.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakradiag.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakrathunk.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ClipboardServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ClipUp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CloudExperienceHostUser.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\clusapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\combase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CredProvDataModel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\C_G18030.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\c_GSM7.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\C_IS2022.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3D12.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dcsx_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dcsx_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx11_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx11_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\delegatorprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\DscCore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\DscCoreConfProv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\dwmcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\edgehtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\encapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\esxcwiad.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\facecredentialprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\FrameServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\FSClient.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\fveapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\fveapibase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\GamePanel.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvax64.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvix64.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvloader.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvloader.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\indexeddbserver.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\InstallAgent.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\InstallAgentUserBroker.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\kdhvcom.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\KnobsCore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\KnobsCsp.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\LicenseManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\LicenseManagerSvc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MaxxAudioAPO4064.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MaxxVoiceAPO3064.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MCRecvSrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfksproxy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfnetcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfnetsrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfps.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfsensorgroup.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mispace.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\msctf.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mstsc.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MusNotification.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MusUpdateHandlers.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\NetworkMobileSettings.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\NFCProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ntdll.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\nvhdagenco6420103.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\nvhdap64.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provdatastore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provengine.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provhandlers.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provisioningcsp.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provops.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ProvPluginEng.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provtool.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\schannel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\SettingsHandlers_nt.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\shell32.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\shutdownux.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\smphost.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\storagewmi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\storagewmi_passthru.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\StoreAgent.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\twinui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\updatepolicy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\usocore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\vmnetbridge.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\vnetinst.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\win32kfull.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wincorlib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Editing.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Speech.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\windows.storage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Logon.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Search.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winload.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winload.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winresume.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winresume.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\WinTypes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wsp_fs.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wsp_health.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuauclt.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuaueng.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wups2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuuhext.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\WWAHost.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wwanprotdim.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wwansvc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XblAuthManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\aclui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\bcastdvr.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\BcastDVRHelper.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakra.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakradiag.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakrathunk.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ClipboardServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\clusapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\combase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\CredProvDataModel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\C_G18030.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\c_GSM7.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\C_IS2022.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3D12.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dcsx_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dcsx_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx11_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx11_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\delegatorprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\DscCoreConfProv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\dwmcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\edgehtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\encapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FSClient.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\GamePanel.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\indexeddbserver.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\InstallAgent.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\LicenseManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\MCRecvSrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfksproxy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfnetcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfnetsrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfsensorgroup.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mispace.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\msctf.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mstsc.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ntdll.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\smphost.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\storagewmi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\storagewmi_passthru.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\StoreAgent.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\twinui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\updatepolicy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vmnat.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vmnetdhcp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vsocklib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\win32kfull.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wincorlib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\windows.storage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\WinTypes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wsp_fs.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wsp_health.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\WWAHost.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\ClipSp.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dtlitescsibus.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgkrnl.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgmms1.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgmms2.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\hvservice.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\ntfs.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\nvhda64v.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\pdc.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\VBoxDrv.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmci.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnet.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnetadapter.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnetbridge.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\xinputhid.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\XQHDrv.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\adwcleaner_6.010.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\adwcleaner_6.010.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-1.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-2.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-3.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\ipscan-win64-3.4.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\setup.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\setup.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\SweevaBot v1.1.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\WinFlashTool.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\3152159" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\3152159 => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\Bitmessage.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\camfrog coin getter.apk" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\cjoverkill.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3 => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\faucetinabox-r63.zip" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\freebitcodotintricks.txt" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\google play services.apk" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\HitLeap Viewer.msi" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\index(2).php" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\JavaSetup8u91.exe => ":$CmdZnID" ADS removed successfully. C:\Users\Dan\Downloads\LineInst.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\planets vs zombies 2.apk" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\planets vs zombies 2.apk => ":$CmdZnID" ADS removed successfully. C:\Users\Dan\Downloads\Pwi_ArcSetup.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\readme.txt" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\uthgard.setup.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt" => ":$CmdTcID" ADS not found. "C:\Users\Public\SwapMagic_v3.6.rar" => ":$CmdTcID" ADS not found. "C:\Users\Public\SwapMagic_v3.6.rar" => ":$CmdZnID" ADS not found. ==== End of Fixlog 19:24:04 ====