November 28th, 2017, 12:41 AM
#31
I was waiting to hear whether to do another restart or not. I didn't want to do one until I heard back from you
in case it could screw something up.
Well, the reboot seemed to work just fine. I tested a bunch of Programs and files and they check out ok.
I feel better now. I thought I was going to have to run a recovery disk.
This is all that was in the ComboFix.txt
ComboFix 17-11-14.01 - Mark 11/26/2017 19:00:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1471 [GMT -5:00]
Running from: C:\Users\Mark\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: COMODO Firewall *Disabled* {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: COMODO Advanced Protection *Enabled/Updated* {B730BF64-C56F-6633-0EF5-9E639E46CC40}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Spybot - Search and Destroy *Disabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
One thing that I've never seen before is a popup that says
Nmap has stopped working
A problem caused the program to stop working correctly. Windows will
close the program and notify you if a solution is available.
So I clicked Close program about 5 x's which came up every 5 or 10 sec. It stopped popping up now.
It's 11:42 pm, got to hit the sack....will check tomorrow for your response.
Thanks so far for the help, much appreciated.
BTW, my orig problem with Opera still exists, so I think I'll just uninstall it tomorrow.
Last edited by COPO; November 28th, 2017 at 12:45 AM .
Reason: add more info
November 28th, 2017, 02:00 PM
#32
You may tru to reinstall it when we're done.
We're just checking if your computer is clean.
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Double click to run it. Make sure you checkmark Addition.txt box. Press Scan button. Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
November 28th, 2017, 03:03 PM
#33
Ok.
Besides uninstalling Opera, I uninstalled Comodo firewall which also loaded their browser and virus security which ended me seeing Nmap has stopped working pop ups.
November 28th, 2017, 05:10 PM
#34
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
Ran by Mark (administrator) on MARK-PC (28-11-2017 14:09:28)
Running from C:\Users\Mark\Downloads
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(Bitdefender LLC) C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
(Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - -> No File
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{CC07C2DC-CF04-4099-844D-6CCA965F6ECF}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {20FBB4B0-33BF-49B9-A3C8-154A5CCA676F} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-18] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
Toolbar: HKLM-x32 - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
Toolbar: HKU\.DEFAULT -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - No CLSID Value
Handler: vipresg - No CLSID Value
FireFox:
========
FF DefaultProfile: px2us03v.default-1438862973166-1505776534346
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346 [2017-11-23]
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\user.js [2017-11-23]
FF Homepage: Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346 -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-09-22]
FF Extension: (Avast Online Security) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\wrc@avast.com.xpi [2017-11-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-11-19]
FF Extension: (No Name) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2017-10-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-19] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2016-09-22] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [vdultimate@link64] - C:\ProgramData\VideoDownloaderUltimate\Firefox\videodownloaderultimate.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Mark\AppData\Roaming\Move Networks
FF Extension: (Move Media Player) - C:\Users\Mark\AppData\Roaming\Move Networks [2010-01-11] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-21] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-09-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-09-22] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1757856145-4072474172-4118854403-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Mark\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll [2010-01-11] (Move Networks)
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-11-28]
CHR Extension: (Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-22]
CHR Extension: (Flash Video Downloader) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-09-24]
CHR Extension: (Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-22]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-24]
CHR Extension: (IBM Security Rapport) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-11-22]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-22]
CHR Extension: (Video Downloader professional) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-09-24]
CHR Extension: (Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-22]
CHR Extension: (FBDown Video Downloader) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-26]
CHR Extension: (Avast Online Security) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-22]
CHR Extension: (Ghostery) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]
CHR Extension: (Video Downloader Pro) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcgiflmicieegobmapobiohjeokdbcd [2017-09-24]
CHR Extension: (Photobucket Embedded Image Fix) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogipgokcopooepeipngiikdkpmcpkaon [2017-11-22]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-22]
CHR HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-03-09] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-18] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-18] (AVAST Software)
S3 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2016-12-30] (AOMEI Tech Co., Ltd.)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-22] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-22] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2016-12-22] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-18] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-18] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-18] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-18] (AVAST Software)
S3 csravrcp; C:\Windows\System32\DRIVERS\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CsrBthAudioHF; C:\Windows\System32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrhfgcc; C:\Windows\System32\DRIVERS\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\System32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csr_bthav; C:\Windows\System32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-03-17] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-01-15] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-07] (REALiX(tm))
S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [138752 2009-05-26] (Intel(R) Corporation) [File not signed]
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2016-12-21] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-25] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39504 2013-04-03] (IObit Information Technology)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384312 2017-09-28] (IBM Corp.)
R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804077.sys [1271448 2017-10-03] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585432 2017-09-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [253912 2017-09-28] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [507960 2017-09-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610616 2017-09-28] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) [File not signed]
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz140; \??\C:\Users\Mark\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U4 eabfiltr; no ImagePath
November 28th, 2017, 05:11 PM
#35
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 14:09 - 2017-11-28 14:16 - 000028740 _____ C:\Users\Mark\Downloads\FRST.txt
2017-11-28 14:07 - 2017-11-28 14:08 - 002391552 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe
2017-11-28 13:48 - 2017-11-28 13:48 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-28 11:16 - 2017-11-28 09:14 - 000121304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-11-28 11:04 - 2017-11-28 13:19 - 000003104 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask
2017-11-28 09:57 - 2017-11-28 09:58 - 127606032 _____ (Microsoft Corporation) C:\Users\Mark\Downloads\msert.exe
2017-11-28 09:25 - 2017-11-28 09:25 - 000001150 _____ C:\Users\Mark\Downloads\w7-wscsvc.zip
2017-11-26 23:35 - 2017-11-26 23:35 - 000000000 ____D C:\$AV_ASW
2017-11-26 18:46 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2017-11-26 18:46 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2017-11-26 18:46 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-11-26 18:46 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-11-26 18:46 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-11-26 18:46 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2017-11-26 18:46 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2017-11-26 18:46 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2017-11-26 18:43 - 2017-11-26 23:36 - 000000000 ____D C:\ComboFix
2017-11-26 18:17 - 2017-11-26 18:44 - 000000000 ____D C:\Qoobox
2017-11-26 18:04 - 2017-11-26 21:55 - 000000000 ____D C:\Windows\erdnt
2017-11-26 17:09 - 2017-11-26 17:09 - 005659763 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2017-11-26 10:59 - 2017-11-28 13:18 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-11-26 10:11 - 2017-11-26 10:11 - 000006592 _____ C:\Users\Mark\Downloads\AdwCleaner[C0].txt
2017-11-26 09:11 - 2017-11-26 09:12 - 008261584 _____ (Malwarebytes) C:\Users\Mark\Downloads\AdwCleaner.exe
2017-11-26 09:00 - 2017-11-26 09:00 - 000002099 _____ C:\Users\Mark\Downloads\malwarebytes2.txt
2017-11-26 08:59 - 2017-11-26 08:59 - 000002099 _____ C:\Users\Mark\Downloads\malwarebytes.txt
2017-11-26 08:01 - 2017-11-26 08:01 - 000035458 _____ C:\Users\Mark\Downloads\RKreport.txt
2017-11-25 20:31 - 2017-11-25 20:32 - 036141704 _____ (Adlice Software ) C:\Users\Mark\Downloads\RogueKiller_setup (1).exe
2017-11-25 10:01 - 2017-11-25 10:06 - 000081451 _____ C:\Users\Mark\Documents\Addition.txt
2017-11-25 09:54 - 2017-11-28 14:09 - 000000000 ____D C:\FRST
2017-11-25 09:54 - 2017-11-25 10:06 - 000071935 _____ C:\Users\Mark\Documents\FRST.txt
2017-11-25 09:50 - 2017-11-25 09:51 - 002393088 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2017-11-23 23:18 - 2017-11-26 09:37 - 000000000 ____D C:\AdwCleaner
2017-11-23 15:54 - 2017-11-25 23:34 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-23 15:52 - 2017-11-23 23:14 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-23 15:52 - 2017-11-23 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-23 15:52 - 2017-11-23 15:52 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-23 11:30 - 2017-11-26 11:17 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-23 11:30 - 2017-11-25 23:28 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-23 11:22 - 2017-11-28 13:52 - 001428808 _____ C:\Windows\ntbtlog.txt
2017-11-23 10:51 - 2017-11-23 10:51 - 000003046 _____ C:\Windows\System32\Tasks\ASC_ASCTray_Auto
2017-11-23 10:31 - 2017-10-17 11:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-11-23 09:38 - 2017-11-23 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-23 09:38 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-23 09:32 - 2017-11-23 09:34 - 078346672 _____ (Malwarebytes ) C:\Users\Mark\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-23 00:20 - 2017-11-28 09:45 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Opera Software
2017-11-22 23:50 - 2017-11-23 00:16 - 000001377 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-22 20:52 - 2017-11-22 20:52 - 001529288 _____ C:\Users\Mark\Downloads\opera bookmarks_11_22_17.html
2017-11-19 19:57 - 2017-11-19 19:57 - 000000000 ____D C:\Users\Mark\AppData\Local\{E3662224-D4C6-48CF-AD1A-6CA4BFE57D39}
2017-11-19 16:07 - 2017-11-26 23:32 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForMark.job
2017-11-19 16:07 - 2017-11-26 15:25 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMark
2017-11-19 15:58 - 2017-11-19 15:58 - 000000000 ____D C:\Program Files\HP
2017-11-19 08:41 - 2017-11-23 10:27 - 000000000 ____D C:\Users\Mark\Documents\Bkup Registry
2017-11-18 15:53 - 2017-11-18 15:52 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-18 15:52 - 2017-11-18 15:52 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-15 14:50 - 2017-11-15 14:50 - 010849904 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup537.exe
2017-11-15 09:51 - 2017-11-15 09:51 - 000000000 ____D C:\Users\Mark\AppData\Local\{9F1CD44F-1046-44AE-85CF-EF87EA5A8D13}
2017-11-14 22:29 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 22:29 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 22:29 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-14 22:29 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-14 22:29 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 22:29 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 22:29 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 22:29 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 22:29 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-14 22:29 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-14 22:29 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 22:29 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-14 22:29 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 22:29 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-14 22:29 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-14 22:29 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-14 22:29 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 22:29 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-14 22:29 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-14 22:29 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-14 22:29 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 22:29 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-14 22:29 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-14 22:29 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-14 22:29 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-14 22:29 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-14 22:29 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-14 22:29 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-14 22:29 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-14 22:29 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-14 22:29 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-14 22:29 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-14 22:29 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-14 22:29 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 22:29 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 22:29 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 22:29 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 22:29 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-14 22:29 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 22:29 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 22:29 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 22:29 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 22:29 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-14 22:29 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 22:29 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 22:29 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-14 22:29 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-14 22:29 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-14 22:29 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-14 22:29 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 22:29 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-14 22:29 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-14 22:29 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-14 22:29 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 22:29 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-14 22:29 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-14 22:29 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-14 22:29 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-14 22:29 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-14 22:29 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-14 22:29 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 22:29 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-14 22:29 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-14 22:29 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-14 22:29 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-14 22:29 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 22:29 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 22:29 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 22:29 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 22:29 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-14 22:29 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 22:29 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 22:29 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 22:29 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-14 22:29 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-14 22:29 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-14 22:29 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-14 22:29 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-14 22:29 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-14 22:29 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-14 22:29 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-14 22:29 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-14 22:29 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-14 22:29 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-14 22:29 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-14 22:29 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-14 22:29 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-14 22:29 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-14 22:29 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-14 22:29 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-14 22:29 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-14 22:29 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 22:29 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 22:29 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-14 21:59 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 21:59 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 21:59 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 21:59 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 21:59 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-12 15:09 - 2017-11-27 22:03 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-12 15:07 - 2017-11-12 15:07 - 010427120 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup536.exe
2017-11-04 22:31 - 2017-11-04 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-04 22:28 - 2017-11-04 22:28 - 000001707 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-04 22:28 - 2017-11-04 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-03 09:33 - 2017-11-26 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-11-03 09:33 - 2017-11-03 09:33 - 000000000 ____D C:\Users\Mark\AppData\Local\Lavasoft
2017-11-03 09:32 - 2017-11-26 07:59 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-11-03 09:32 - 2017-11-26 07:58 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Lavasoft
2017-11-03 09:32 - 2017-11-26 07:58 - 000000000 ____D C:\ProgramData\Lavasoft
2017-11-02 14:29 - 2017-11-02 14:30 - 142780468 _____ C:\Users\Mark\Downloads\2017_Chevrolet_Performance_Catalog-Med.pdf
2017-10-31 08:23 - 2017-10-31 08:23 - 000001413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-10-31 08:23 - 2017-10-31 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-10-31 08:22 - 2017-05-23 08:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-10-31 08:15 - 2017-10-31 08:15 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.6.46.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 13:57 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-28 13:57 - 2009-07-13 23:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-28 13:49 - 2014-11-15 10:22 - 000000000 ____D C:\ProgramData\Comodo
2017-11-28 13:46 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-28 13:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-28 13:13 - 2010-02-03 10:55 - 000000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2017-11-28 09:56 - 2010-05-03 10:33 - 000000000 ____D C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2017-11-28 09:45 - 2015-10-02 20:06 - 000000000 ____D C:\Users\Mark\AppData\Local\Opera Software
2017-11-28 09:45 - 2013-12-07 11:28 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\ADSRemoval
2017-11-28 09:18 - 2009-11-19 16:49 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8973F2BD-762D-44DD-AECE-A259F72FE680}
2017-11-27 23:33 - 2017-05-20 11:13 - 000000000 ____D C:\Users\Mark\Documents\Backup My Outlook
2017-11-27 22:00 - 2017-06-28 21:30 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-26 23:36 - 2009-07-13 21:34 - 000000215 _____ C:\Windows\system.ini
2017-11-26 09:37 - 2013-01-12 12:03 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\IObit
2017-11-26 09:37 - 2013-01-11 13:09 - 000000000 ____D C:\Users\Mark\AppData\Roaming\IObit
2017-11-26 09:37 - 2013-01-11 13:09 - 000000000 ____D C:\ProgramData\IObit
2017-11-26 09:36 - 2013-10-11 21:00 - 000000000 ____D C:\IObit
2017-11-26 09:05 - 2009-11-17 21:06 - 000000000 ____D C:\Users\Mark
2017-11-24 00:14 - 2017-10-11 15:17 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-24 00:14 - 2009-11-17 14:50 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-23 20:20 - 2016-11-30 18:10 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
2017-11-23 14:55 - 2017-06-04 10:45 - 000000000 ___RD C:\Users\Mark\iCloudDrive
2017-11-23 13:35 - 2009-07-14 00:13 - 000913706 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-23 11:30 - 2016-03-17 22:01 - 000000000 ____D C:\Users\Mark\AppData\Local\FSDART
2017-11-23 10:51 - 2013-12-09 21:46 - 000000000 ____D C:\ProgramData\ProductData
2017-11-23 10:49 - 2013-01-11 13:09 - 000000000 ____D C:\Program Files (x86)\IObit
2017-11-23 09:38 - 2017-01-15 17:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-23 00:23 - 2017-02-06 10:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2017-11-22 23:35 - 2017-05-06 10:56 - 000001024 ____H C:\SYSTAG.BIN
2017-11-22 23:35 - 2017-02-06 10:11 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
2017-11-22 17:09 - 2009-07-13 22:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-21 10:25 - 2015-02-09 21:03 - 003078082 _____ C:\Users\Mark\AppData\Local\census.cache
2017-11-21 10:24 - 2015-02-09 21:03 - 000124448 _____ C:\Users\Mark\AppData\Local\ars.cache
2017-11-21 09:51 - 2015-02-09 21:02 - 000000010 _____ C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2017-11-21 08:57 - 2016-04-09 20:46 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-21 08:57 - 2016-04-09 20:46 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-21 08:57 - 2016-04-09 20:46 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-21 08:57 - 2011-11-18 09:23 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-21 08:57 - 2009-08-17 14:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-20 12:30 - 2012-04-26 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-19 15:59 - 2009-12-19 02:06 - 000000000 ____D C:\ProgramData\HP
2017-11-19 10:33 - 2015-12-16 18:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-19 10:33 - 2011-10-11 10:46 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Mozilla
2017-11-18 18:43 - 2016-04-09 20:46 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-18 18:43 - 2014-06-16 22:25 - 000000000 ____D C:\Users\Mark\AppData\Local\Adobe
2017-11-18 15:54 - 2017-06-28 21:30 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151103844051203
2017-11-18 15:52 - 2017-06-28 21:30 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-18 15:52 - 2017-06-28 21:30 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-18 15:51 - 2017-06-28 21:30 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-18 15:51 - 2017-06-28 21:30 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-18 15:51 - 2017-06-28 21:30 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-18 15:51 - 2017-06-28 21:30 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-18 15:51 - 2017-06-28 21:29 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-16 09:48 - 2015-08-11 14:51 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 09:46 - 2015-08-11 14:50 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 11:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 08:59 - 2017-09-24 21:54 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 23:42 - 2009-07-13 23:45 - 000447792 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-14 23:37 - 2014-12-10 10:58 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-14 23:14 - 2013-03-29 09:05 - 000906320 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-13 15:00 - 2017-09-24 21:53 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 15:00 - 2017-09-24 21:53 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 15:11 - 2010-09-13 13:01 - 000000000 ____D C:\Windows\Minidump
2017-11-12 15:09 - 2016-03-26 14:45 - 000000000 ____D C:\Program Files\CCleaner
2017-11-06 12:36 - 2017-06-04 10:49 - 000000000 ____D C:\Users\Mark\AppData\Local\B9ED4CE5-3058-436B-A43E-52ABC65F544E.aplzod
2017-11-04 22:28 - 2015-08-18 20:21 - 000000000 ____D C:\Program Files\iTunes
2017-11-04 22:28 - 2014-07-23 19:18 - 000000000 ____D C:\Program Files\iPod
2017-11-03 09:31 - 2017-05-20 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-11-03 09:31 - 2017-01-03 11:48 - 000001376 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-11-03 09:31 - 2015-12-07 11:29 - 000001388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-11-01 22:48 - 2017-03-11 14:54 - 000036599 _____ C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR
2017-10-31 20:12 - 2015-10-23 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-31 20:11 - 2015-10-23 11:09 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-31 20:11 - 2009-08-17 15:56 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-31 11:16 - 2016-01-10 10:19 - 000000168 _____ C:\Windows\wininit.ini
2017-10-31 11:16 - 2014-01-23 23:56 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-10-31 08:24 - 2014-01-23 23:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories =======
2016-02-16 00:03 - 2016-02-16 00:03 - 000003448 _____ () C:\Users\Mark\backup 02 16 2016.reg
2011-05-05 09:31 - 2011-05-05 09:31 - 000000654 _____ () C:\Program Files (x86)\RejoinCommandLine.txt
2015-09-08 23:02 - 2015-09-09 08:21 - 000000626 _____ () C:\Users\Mark\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000067 _____ () C:\Users\Mark\AppData\Roaming\Camdata.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamLayout.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamShapes.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000004416 _____ () C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2017-03-11 14:54 - 2017-11-01 22:48 - 000036599 _____ () C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-01-21 09:26 - 2011-09-16 08:37 - 000001854 _____ () C:\Users\Mark\AppData\Roaming\GhostObjGAFix.xml
2017-10-22 20:12 - 2017-10-22 20:24 - 000000166 _____ () C:\Users\Mark\AppData\Roaming\PLGComp.ini
2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-15 21:59 - 2016-02-28 17:20 - 000002889 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-09 19:25 - 2014-02-09 19:31 - 000000106 _____ () C:\Users\Mark\AppData\Roaming\SBAMWsc.log
2013-08-19 17:48 - 2016-09-12 20:11 - 000000600 _____ () C:\Users\Mark\AppData\Roaming\winscp.rnd
2015-02-09 21:03 - 2017-11-21 10:24 - 000124448 _____ () C:\Users\Mark\AppData\Local\ars.cache
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\AtStart.txt
2015-02-09 21:03 - 2017-11-21 10:25 - 003078082 _____ () C:\Users\Mark\AppData\Local\census.cache
2011-09-07 08:33 - 2015-08-19 09:47 - 000205312 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\DSwitch.txt
2014-01-24 15:55 - 2014-01-24 15:55 - 000000036 _____ () C:\Users\Mark\AppData\Local\housecall.guid.cache
2015-01-12 14:11 - 2015-01-12 14:11 - 000000001 _____ () C:\Users\Mark\AppData\Local\llftool.4.25.agreement
2015-02-07 10:01 - 2016-05-01 17:44 - 000000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\QSwitch.txt
2012-11-29 22:54 - 2017-06-27 21:56 - 000007628 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2015-02-09 21:02 - 2017-11-21 09:51 - 000000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2016-12-14 16:27 - 2016-12-14 16:27 - 000000000 _____ () C:\Users\Mark\AppData\Local\{4083F7BF-1E4D-4F00-9501-72D09D94508F}
2016-12-18 08:12 - 2016-12-18 08:12 - 000000000 _____ () C:\Users\Mark\AppData\Local\{599D0F20-6DC7-4E7A-B94B-B8FDBF8D8898}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-19 12:56
==================== End of FRST.txt ============================
November 28th, 2017, 05:12 PM
#36
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Mark (28-11-2017 14:18:23)
Running from C:\Users\Mark\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-18 02:06:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1757856145-4072474172-4118854403-500 - Administrator - Disabled)
Guest (S-1-5-21-1757856145-4072474172-4118854403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1757856145-4072474172-4118854403-1002 - Limited - Enabled)
Mark (S-1-5-21-1757856145-4072474172-4118854403-1000 - Administrator - Enabled) => C:\Users\Mark
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
AnalogX POW! (HKLM-x32\...\AnalogX POW!) (Version: - AnalogX)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.05 - Avanquest Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.151 - Bitdefender)
Blacks (HKLM-x32\...\Blacks) (Version: 4.8.8 - CEWE Stiftung u Co. KGaA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Connect (HKLM-x32\...\Connect) (Version: 1.4.14232.0 - Cisco Consumer Products LLC)
CRG First Gen Camaro Decoder (HKLM-x32\...\CRG First Gen Camaro Decoder) (Version: - )
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
Focus Magic 4.02a (HKLM-x32\...\Focus Magic_is1) (Version: 4.02a - Acclaim Software Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 2.1.1175 - Trend Micro Inc.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.37.11 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
MailWasher (HKLM-x32\...\{6274A6B6-DF02-48A4-940D-F18775909906}) (Version: 7.11 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version: - )
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.0.4a 11-22-2005 - Avanquest Software)
Move Media Player (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.7.1 - UNKNOWN)
PixBuilder Studio 2.2.0 (HKLM-x32\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version: - WnSoft)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version: - IObit)
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
ScopeView (HKLM-x32\...\{E292525D-F43E-4295-A708-B4D6A7DF75ED}) (Version: 1.1.0.0 - ScopeView-Setup)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SP45990 - Wallpaper Picture Position Enabler for Windows 7 (HKLM-x32\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VideoDownloaderUltimate for Firefox (HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\VideoDownloaderUltimate_Firefox) (Version: - Link64)
VIPRE Internet Security (HKLM-x32\...\{8F943FD1-CC89-47DF-A972-DC602B52A047}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Web Companion (HKLM-x32\...\{364541e3-18aa-46f1-85ec-373f934ca940}) (Version: 3.2.1708.3237 - Lavasoft)
WebFerret (HKLM-x32\...\WebFerret) (Version: - CNET Networks)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinSCP 5.1.6 (HKLM-x32\...\winscp3_is1) (Version: 5.1.6 - Martin Prikryl)
WinZip 11.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B3}) (Version: 11.0.7313 - WinZip International LLC)
WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
WOT for Internet Explorer (HKLM-x32\...\{DB6BD5D5-8482-45C0-99CF-745C5B924497}) (Version: 9.4.14.0 - Against Intuition Oy)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\System32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-11] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2013-04-03] (IObit)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2006-11-10] (WinZip Computing LP)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A721E70-039D-4EF2-96B1-2062C1432C39} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1757856145-4072474172-4118854403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0B29E420-80E2-45F4-8C97-37D58EF56389} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
Task: {0E128513-BA5D-4D6A-8ED0-85FF8DB4CDA8} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [2017-08-25] (Trend Micro Inc.)
Task: {0FB37E43-451A-4D00-B56B-B5046739257C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {14C95FDC-EF19-4F99-8187-4B74C5C69701} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {15859EAE-FB44-40BE-8716-B0735B087586} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {178C2715-30B6-4C85-9350-C00BCB32A2D4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {22E79A28-88E5-4992-A657-8F5E849DA229} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {22EFE924-1E39-440E-A474-B720FBFE6FDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {29418111-CA72-42C6-86C6-CABFA891E142} - System32\Tasks\Uninstaller_SkipUac_Mark => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
Task: {387C7256-399F-466A-8AA3-DBC6750AB813} - System32\Tasks\{23BE6878-DB76-47BE-944F-61513EC9F84D} => C:\Windows\system32\pcalua.exe -a C:\Users\Mark\Downloads\powi(1).exe
Task: {3B564F36-C780-4D00-B555-72634EBD19C9} - \ASC11_PerformanceMonitor -> No File <==== ATTENTION
Task: {3EC78E14-DEBC-4BA5-8C7B-D5F486B67C0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {4453C87C-FDD8-4836-832A-A12B731450F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {4C38CC12-3A7E-409E-85B4-663DDDEA28FB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-18] (Adobe Systems Incorporated)
Task: {528C4BB4-B35C-4DA8-AFF4-2BE7FF50A887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {52F9DAA3-3410-4D61-B8D9-7B36D0C42887} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-18] (AVAST Software)
Task: {5C357C87-9883-45C1-9FB5-C68A97C70647} - System32\Tasks\ASC_ASCTray_Auto => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
Task: {64E0076C-0C28-4912-874A-28149C8CCED3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-21] (Adobe Systems Incorporated)
Task: {6562C1B8-48EC-445A-826B-1088066C8469} - \ASC11_SkipUac_Mark -> No File <==== ATTENTION
Task: {68C34D39-7863-4431-84C9-CB2965FC112A} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {793BD101-9641-4511-AD2F-8F31B4F18596} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
Task: {8B08866E-ED15-4E35-8FA6-D0A922F9905D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {97F51D74-02B4-4435-9F74-BDA5B44905A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
Task: {B0327B53-8E59-40E5-B4CA-6D416820F16D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {B095ED15-D903-415D-A9F1-3D20F09379CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {B1F2FF49-3670-436A-B3E5-ADF614C57C89} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {BB3ED22B-4C64-4A26-8BE3-4C70FB75A634} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-24] (Google Inc.)
Task: {C90F9721-AD5C-4DFE-A6B6-AE790DB99759} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757856145-4072474172-4118854403-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CC505B3A-34D6-4181-8FF1-D9DC19674B72} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {D9A9034D-9D28-4701-A299-4825C0051047} - System32\Tasks\{9FE35329-297B-4309-B5DC-DF6E584C8F50} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AnalogX\POW\powu.exe" -d "C:\Program Files (x86)\AnalogX\POW\" -c -Update
Task: {EC76ED2C-1495-4979-8458-010676D3B874} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F0F4DD39-E362-414E-A91B-45E9986A9324} - System32\Tasks\SafeZone scheduled Autoupdate 1498703693 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {FC696DA4-F25F-4CEC-BA5B-FEA1B12B0F01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {FE71892F-6222-4533-BABB-A24F9D739864} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2017-01-23] (Bitdefender LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 05:32 - 2017-09-29 05:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-06-28 23:50 - 2016-08-16 09:21 - 000091648 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-18 15:51 - 2017-11-18 15:51 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-11-19 15:59 - 2017-11-21 15:18 - 000935864 _____ () C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe
2017-11-18 15:51 - 2017-11-18 15:51 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-18 15:51 - 2017-11-18 15:51 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-28 13:02 - 2017-11-28 13:02 - 005881920 _____ () C:\Program Files\AVAST Software\Avast\defs\17112802\algo.dll
2017-11-18 15:52 - 2017-11-18 15:52 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-18 15:51 - 2017-11-18 15:51 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-08-24 15:22 - 2017-08-24 15:22 - 003068560 _____ () C:\Program Files (x86)\Trend Micro\DRScanner\sdk\DrsSDK.dll
2017-09-29 05:32 - 2017-09-29 05:32 - 000073384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-06-28 21:28 - 2017-06-28 21:28 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-18 15:51 - 2017-11-18 15:51 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-03 09:30 - 2017-05-22 10:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-11-03 09:30 - 2017-05-22 10:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-11-03 09:30 - 2017-05-22 10:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-11-03 09:31 - 2017-05-22 10:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-11-03 09:30 - 2017-05-23 17:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-11-03 09:30 - 2017-05-22 10:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
AlternateDataStreams: C:\ProgramData\Temp 1B5B4F1 [112]
AlternateDataStreams: C:\Users\Mark\Downloads\wiztree_2_01_setup.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
November 28th, 2017, 05:12 PM
#37
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
There are 11403 more sites.
IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\virtualdr.com -> hxxp://discussions.virtualdr.com
IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\yahoo.com -> hxxps://downloads.yahoo.com
IE trusted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\youtube.com -> hxxp://www.youtube.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\...\1-2005-search.com -> www.1-2005-search.com
There are 12725 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-11-15 10:38 - 2017-11-26 23:36 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gfi_lanss11_attservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk => C:\Windows\pss\Printkey2000.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk => C:\Windows\pss\MailWasher.lnk.Startup
MSCONFIG\startupreg: ABNotify => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: Advanced SystemCare 10 =>
MSCONFIG\startupreg: Advanced SystemCare 11 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: Advanced SystemCare 8 =>
MSCONFIG\startupreg: Advanced SystemCare 9 =>
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Automatically Log WiFi Signal Strength Over Time Software.exe =>
MSCONFIG\startupreg: Bitdefender Wallet Agent =>
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: COMODO Internet Security =>
MSCONFIG\startupreg: CsrAudioguiCtrl => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
MSCONFIG\startupreg: CSRHarmonySkypePlugin => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
MSCONFIG\startupreg: CsrHCRPServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
MSCONFIG\startupreg: CsrSyncMLServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
MSCONFIG\startupreg: DW6 =>
MSCONFIG\startupreg: DW7 =>
MSCONFIG\startupreg: Google Update =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HarmonyUserStartup => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe
MSCONFIG\startupreg: HP Update 3400C => c:\sj652\hpupdate.exe 3400c
MSCONFIG\startupreg: HP Update 4300C =>
MSCONFIG\startupreg: HPADVISOR => c:\program files (x86)\hewlett-packard\hp advisor\hpadvisor.exe view=dockview
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe -hidden
MSCONFIG\startupreg: Malwarebytes TrayApp =>
MSCONFIG\startupreg: msnmsgr => "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder =>
MSCONFIG\startupreg: OneDrive => "C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: QlbCtrl.exe => c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe /start
MSCONFIG\startupreg: QPService => c:\program files (x86)\hp\quickplay\qpservice.exe
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => c:\program files (x86)\common files\research in motion\usb drivers\rimbblaunchagent.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchSettings =>
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
MSCONFIG\startupreg: Speccy => "c:\program files\speccy\speccy64.exe" /totray
MSCONFIG\startupreg: Spotify => "C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TrayApplication => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
MSCONFIG\startupreg: tvncontrol =>
MSCONFIG\startupreg: UCam_Menu => c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0
MSCONFIG\startupreg: UpdatePRCShortCut => c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\powerrecover
MSCONFIG\startupreg: vdultimate_firefox => C:\ProgramData\VideoDownloaderUltimate\Firefox\vdultimate.exe /checkforupdate
MSCONFIG\startupreg: vksts => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: WirelessAssistant => c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{ADB86070-EBFF-4C56-8403-B721F2C325B9}C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe
FirewallRules: [UDP Query User{2744C2AB-B90A-4BD4-9FF8-78CF2D366F82}C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\sdk\tmdrmon.exe
FirewallRules: [TCP Query User{92D709FA-1482-4FC5-81BC-A30015770B31}C:\program files (x86)\trend micro\drscanner\drscanner.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\drscanner.exe
FirewallRules: [UDP Query User{406C501F-BCD8-4FDE-A94C-E5AB4CC02B74}C:\program files (x86)\trend micro\drscanner\drscanner.exe] => (Allow) C:\program files (x86)\trend micro\drscanner\drscanner.exe
FirewallRules: [TCP Query User{29DB04A0-27E9-473E-B650-741F4A2BE700}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
FirewallRules: [UDP Query User{0D3B99D2-DA93-4895-AA05-2D5812156BB8}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
FirewallRules: [TCP Query User{9AE7C6A3-38C1-46CA-81EE-EFB6CBDFE7A8}C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe
FirewallRules: [UDP Query User{82079B88-8132-4436-B655-9CFE25E2B9CA}C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe] => (Allow) C:\program files (x86)\erclab\phototransferapp\phototransferapp\phototransferapp.exe
FirewallRules: [{2A9B1413-40FF-49F3-A6FC-B4D6795622B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{55F01777-0FCC-4A83-9F5F-D8C411F20EE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4886392D-70EF-442E-B428-EDC05EABB175}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABC22E1C-7E2D-4165-A499-9B1E2226AA48}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C0D6A792-9430-4A79-BBE6-D0A2A2416CB6}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
FirewallRules: [UDP Query User{41167AC4-15B9-4E0B-BBDA-08AF7935450D}C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe] => (Block) C:\program files (x86)\trend micro\drscanner\sdk\nmap\nmap.exe
FirewallRules: [{6041D3DF-FAF2-4BD2-8D35-D1A6FCB63416}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
31-10-2017 08:17:43 Before installing spybot
06-11-2017 14:37:53 Windows Backup
06-11-2017 23:45:18 Windows Backup
14-11-2017 22:39:06 Windows Update
22-11-2017 13:13:39 Scheduled Checkpoint
22-11-2017 18:46:43 Restore Operation
26-11-2017 11:01:29 Installing COMODO Firewall
26-11-2017 11:05:23 Device Driver Package Install: COMODO Network Service
26-11-2017 17:49:12 Before installing running ComboFix
28-11-2017 10:59:53 COMODO Firewall Binary update
28-11-2017 13:33:23 Removing COMODO Client - Security
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/28/2017 01:43:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Exception code: 0xc0000005
Fault offset: 0x0000000000006f58
Faulting process id: 0x584
Faulting application start time: 0x01d3687662c6ea12
Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Report Id: ff8ef463-d46b-11e7-bec8-001f16ed4bf8
Error: (11/28/2017 01:20:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b
Exception code: 0xc0000005
Fault offset: 0x0000000000006f58
Faulting process id: 0x558
Faulting application start time: 0x01d368726c2109fc
Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Report Id: c68df0e1-d468-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x155c
Faulting application start time: 0x01d368748a84b4f7
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: e19f9364-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:13:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x1990
Faulting application start time: 0x01d368745a8c59d1
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: d474f6e0-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:13:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x1950
Faulting application start time: 0x01d3687458cf387e
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: c9c12705-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x1944
Faulting application start time: 0x01d36874585370f0
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: bfded042-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x18e0
Faulting application start time: 0x01d3687457b8b77e
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 99437ed0-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x1a5c
Faulting application start time: 0x01d368741045e9c5
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 54986c89-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0xb00
Faulting application start time: 0x01d36873ce00fa84
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 512c7224-d467-11e7-8ddf-001f16ed4bf8
Error: (11/28/2017 01:07:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nmap.exe, version: 7.0.12.0, time stamp: 0x56faa177
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x1470
Faulting application start time: 0x01d36873c8953844
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 0cb5be22-d467-11e7-8ddf-001f16ed4bf8
System errors:
=============
Error: (11/28/2017 01:46:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/28/2017 01:46:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
Error: (11/28/2017 01:43:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSR OBEX Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/28/2017 01:39:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/28/2017 01:39:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/28/2017 01:39:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/28/2017 01:39:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/28/2017 01:39:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/28/2017 01:32:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (11/28/2017 01:29:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
CodeIntegrity:
===================================
Date: 2017-11-28 13:45:48.718
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 13:45:47.346
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 13:25:29.356
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 13:25:27.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 12:56:57.808
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 12:56:56.342
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 11:07:37.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 11:07:36.048
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 09:34:11.951
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 09:34:10.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcHdmi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 3003.19 MB
Available physical RAM: 1325.55 MB
Total Virtual: 6004.38 MB
Available Virtual: 4252.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:286.03 GB) (Free:136.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 135C058F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
November 28th, 2017, 06:13 PM
#38
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
November 28th, 2017, 07:04 PM
#39
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Mark (28-11-2017 17:51:45) Run:1
Running from C:\Users\Mark\Contacts\Favorites\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
Toolbar: HKLM-x32 - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
Toolbar: HKU\.DEFAULT -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1757856145-4072474172-4118854403-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Handler: skypec2c - No CLSID Value
Handler: vipresg - No CLSID Value
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz140; \??\C:\Users\Mark\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U4 eabfiltr; no ImagePath
2016-02-16 00:03 - 2016-02-16 00:03 - 000003448 _____ () C:\Users\Mark\backup 02 16 2016.reg
2011-05-05 09:31 - 2011-05-05 09:31 - 000000654 _____ () C:\Program Files (x86)\RejoinCommandLine.txt
2015-09-08 23:02 - 2015-09-09 08:21 - 000000626 _____ () C:\Users\Mark\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000067 _____ () C:\Users\Mark\AppData\Roaming\Camdata.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamLayout.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamShapes.ini
2013-10-26 19:48 - 2013-10-26 19:48 - 000004416 _____ () C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2017-03-11 14:54 - 2017-11-01 22:48 - 000036599 _____ () C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-01-21 09:26 - 2011-09-16 08:37 - 000001854 _____ () C:\Users\Mark\AppData\Roaming\GhostObjGAFix.xml
2017-10-22 20:12 - 2017-10-22 20:24 - 000000166 _____ () C:\Users\Mark\AppData\Roaming\PLGComp.ini
2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-15 21:59 - 2016-02-28 17:20 - 000002889 _____ () C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-15 22:01 - 2014-11-16 19:34 - 000001078 _____ () C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-09 19:25 - 2014-02-09 19:31 - 000000106 _____ () C:\Users\Mark\AppData\Roaming\SBAMWsc.log
2013-08-19 17:48 - 2016-09-12 20:11 - 000000600 _____ () C:\Users\Mark\AppData\Roaming\winscp.rnd
2015-02-09 21:03 - 2017-11-21 10:24 - 000124448 _____ () C:\Users\Mark\AppData\Local\ars.cache
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\AtStart.txt
2015-02-09 21:03 - 2017-11-21 10:25 - 003078082 _____ () C:\Users\Mark\AppData\Local\census.cache
2011-09-07 08:33 - 2015-08-19 09:47 - 000205312 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\DSwitch.txt
2014-01-24 15:55 - 2014-01-24 15:55 - 000000036 _____ () C:\Users\Mark\AppData\Local\housecall.guid.cache
2015-01-12 14:11 - 2015-01-12 14:11 - 000000001 _____ () C:\Users\Mark\AppData\Local\llftool.4.25.agreement
2015-02-07 10:01 - 2016-05-01 17:44 - 000000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND
2009-11-17 21:18 - 2009-11-17 21:18 - 000000000 _____ () C:\Users\Mark\AppData\Local\QSwitch.txt
2012-11-29 22:54 - 2017-06-27 21:56 - 000007628 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2015-02-09 21:02 - 2017-11-21 09:51 - 000000010 _____ () C:\Users\Mark\AppData\Local\sponge.last.runtime.cache
2016-12-14 16:27 - 2016-12-14 16:27 - 000000000 _____ () C:\Users\Mark\AppData\Local\{4083F7BF-1E4D-4F00-9501-72D09D94508F}
2016-12-18 08:12 - 2016-12-18 08:12 - 000000000 _____ () C:\Users\Mark\AppData\Local\{599D0F20-6DC7-4E7A-B94B-B8FDBF8D8898}
ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => -> No File
ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
Task: {3B564F36-C780-4D00-B555-72634EBD19C9} - \ASC11_PerformanceMonitor -> No File <==== ATTENTION
Task: {6562C1B8-48EC-445A-826B-1088066C8469} - \ASC11_SkipUac_Mark -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
AlternateDataStreams: C:\ProgramData\Temp1B5B4F1 [112]
AlternateDataStreams: C:\Users\Mark\Downloads\wiztree_2_01_setup.exe:BDU [0]
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38} => key removed successfully
HKLM\Software\Classes\CLSID\{397CFBAF-01FE-4A0D-950E-041F4905DC38} => key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A58686ED-FC46-44C3-95C6-4A812AB776F1} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A58686ED-FC46-44C3-95C6-4A812AB776F1} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => key not found
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A58686ED-FC46-44C3-95C6-4A812AB776F1} => value removed successfully
HKLM\Software\Classes\CLSID\{A58686ED-FC46-44C3-95C6-4A812AB776F1} => key not found
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found
HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found
HKLM\Software\Classes\PROTOCOLS\Handler\skypec2c => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\vipresg => key removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz140 => key removed successfully
cpuz140 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => key removed successfully
cpuz143 => service removed successfully
HKLM\System\CurrentControlSet\Services\eabfiltr => key removed successfully
eabfiltr => service removed successfully
C:\Users\Mark\backup 02 16 2016.reg => moved successfully
C:\Program Files (x86)\RejoinCommandLine.txt => moved successfully
C:\Users\Mark\AppData\Roaming\All CPU MeterV3_Settings.ini => moved successfully
C:\Users\Mark\AppData\Roaming\Camdata.ini => moved successfully
C:\Users\Mark\AppData\Roaming\CamLayout.ini => moved successfully
C:\Users\Mark\AppData\Roaming\CamShapes.ini => moved successfully
C:\Users\Mark\AppData\Roaming\CamStudio.cfg => moved successfully
C:\Users\Mark\AppData\Roaming\Comma Separated Values (Windows).ADR => moved successfully
C:\Users\Mark\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\Mark\AppData\Roaming\PLGComp.ini => moved successfully
C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log => moved successfully
C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully
C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log => moved successfully
C:\Users\Mark\AppData\Roaming\SBAMWsc.log => moved successfully
C:\Users\Mark\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Mark\AppData\Local\ars.cache => moved successfully
C:\Users\Mark\AppData\Local\AtStart.txt => moved successfully
C:\Users\Mark\AppData\Local\census.cache => moved successfully
C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Mark\AppData\Local\DSwitch.txt => moved successfully
C:\Users\Mark\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Mark\AppData\Local\llftool.4.25.agreement => moved successfully
C:\Users\Mark\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Mark\AppData\Local\QSwitch.txt => moved successfully
C:\Users\Mark\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Mark\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\Users\Mark\AppData\Local\{4083F7BF-1E4D-4F00-9501-72D09D94508F} => moved successfully
C:\Users\Mark\AppData\Local\{599D0F20-6DC7-4E7A-B94B-B8FDBF8D8898} => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\FileEraserShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{D29FEC44-36A2-4865-AE5E-175C61587F1D} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SBAMScanShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{D47F1671-0EAA-4c02-8AC9-960BB08DB951} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B564F36-C780-4D00-B555-72634EBD19C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B564F36-C780-4D00-B555-72634EBD19C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6562C1B8-48EC-445A-826B-1088066C8469} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6562C1B8-48EC-445A-826B-1088066C8469} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_SkipUac_Mark => key removed successfully
C:\Windows\system32\D3DCompiler_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_41.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dcsx_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dcsx_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_41.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx10_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx11_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_25.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_26.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_27.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_30.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\d3dx9_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_41.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\D3DX9_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\X3DAudio1_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_10.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_8.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine2_9.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xactengine3_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAPOFX1_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\XAudio2_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xinput1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xinput1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\xinput1_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dcsx_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dcsx_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx10_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx11_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_25.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_26.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_27.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_30.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_33.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_34.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_35.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\d3dx9_36.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_37.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_38.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_39.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_40.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_41.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\D3DX9_43.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\X3DAudio1_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_10.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_8.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine2_9.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xactengine3_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAPOFX1_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_0.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_3.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_4.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_5.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_6.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\XAudio2_7.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xinput1_1.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xinput1_2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\xinput1_3.dll => ":$CmdTcID" ADS removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
"AlternateDataStreams: C:\ProgramData\Temp1B5B4F1 [112]" => "AlternateDataStreams: C:\ProgramData\Temp1B5B4F1 [112]" ADS not found.
C:\Users\Mark\Downloads\wiztree_2_01_setup.exe => ":BDU" ADS removed successfully
The system needed a reboot.
==== End of Fixlog 17:53:23 ====
November 28th, 2017, 07:58 PM
#40
Last scans..
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
November 28th, 2017, 10:18 PM
#41
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Malwarebytes
Antivirus up to date! (On Access scanning disabled !)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 121
Java 8 Update 131
Java 8 Update 144
Java 8 Update 151
Java version 32-bit out of Date!
Adobe Flash Player 27.0.0.187
Google Chrome (62.0.3202.94)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Tools BDAntiRansomware BDAntiRansomware.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast x64 aswidsagenta.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
November 28th, 2017, 10:25 PM
#42
Farbar Service Scanner Version: 27-01-2016
Ran by Mark (administrator) on 28-11-2017 at 21:22:55
Running from "C:\Users\Mark\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
November 28th, 2017, 10:35 PM
#43
TFC
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mark
->Temp folder emptied: 1658 bytes
->Temporary Internet Files folder emptied: 6603372 bytes
->Java cache emptied: 1675323 bytes
->FireFox cache emptied: 28139964 bytes
->Google Chrome cache emptied: 416818948 bytes
->Flash cache emptied: 316831 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 281600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 429933 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60203 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 2132 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 18978261 bytes
Process complete!
Total Files Cleaned = 451.00 mb
November 29th, 2017, 09:53 AM
#44
2017-11-29 03:59:32.570 Sophos Virus Removal Tool version 2.6.1
2017-11-29 03:59:32.570 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.
2017-11-29 03:59:32.570 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2017-11-29 03:59:32.570 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-11-29 03:59:32.742 Checking for updates...
2017-11-29 03:59:34.395 Update progress: proxy server not available
2017-11-29 04:00:08.107 Downloading updates...
2017-11-29 04:00:08.107 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-11-29 04:00:08.107 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-29 04:00:08.107 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-29 04:00:08.107 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-11-29 04:00:08.107 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-11-29 04:00:08.107 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-11-29 04:00:08.107 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-11-29 04:00:08.107 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-11-29 04:00:08.107 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-11-29 04:00:08.123 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-11-29 04:00:08.123 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-11-29 04:00:08.123 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-29 04:00:12.615 Option all = no
2017-11-29 04:00:12.615 Option recurse = yes
2017-11-29 04:00:12.615 Option archive = no
2017-11-29 04:00:12.615 Option service = yes
2017-11-29 04:00:12.615 Option confirm = yes
2017-11-29 04:00:12.615 Option sxl = yes
2017-11-29 04:00:12.631 Option max-data-age = 35
2017-11-29 04:00:12.631 Option vdl-logging = yes
2017-11-29 04:00:12.693 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-11-29 04:00:12.693 Machine ID: b4885b0a54f444248c9275e7ca42dba7
2017-11-29 04:00:12.693 Component SVRTcli.exe version 2.6.1
2017-11-29 04:00:12.709 Component control.dll version 2.6.1
2017-11-29 04:00:12.709 Component SVRTservice.exe version 2.6.1
2017-11-29 04:00:12.709 Component engine\osdp.dll version 1.44.1.2286
2017-11-29 04:00:12.709 Component engine\veex.dll version 3.68.6.2286
2017-11-29 04:00:12.709 Component engine\savi.dll version 9.0.7.2286
2017-11-29 04:00:12.709 Component rkdisk.dll version 1.5.31.1
2017-11-29 04:00:12.709 Version info: Product version 2.6.1
2017-11-29 04:00:12.725 Version info: Detection engine 3.68.6
2017-11-29 04:00:12.725 Version info: Detection data 5.44
2017-11-29 04:00:12.725 Version info: Build date 9/19/2017
2017-11-29 04:00:12.725 Version info: Data files added 467
2017-11-29 04:00:12.725 Version info: Last successful update (not yet updated)
2017-11-29 04:00:17.124 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-11-29 04:00:17.124 Update progress: [I19463] Product download size 174235198 bytes
2017-11-29 04:01:34.625 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-11-29 04:01:34.625 Update progress: [I19463] Product download size 2585002 bytes
2017-11-29 04:01:38.618 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-11-29 04:01:38.618 Update progress: [I19463] Product download size 3165416 bytes
2017-11-29 04:01:43.673 Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-11-29 04:01:43.673 Update progress: [I19463] Product download size 3698252 bytes
2017-11-29 04:01:47.152 Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-11-29 04:01:48.509 Installing updates...
2017-11-29 04:01:50.131 Error level 1
2017-11-29 04:03:54.713 Update successful
2017-11-29 04:04:36.287 Option all = no
2017-11-29 04:04:36.287 Option recurse = yes
2017-11-29 04:04:36.287 Option archive = no
2017-11-29 04:04:36.287 Option service = yes
2017-11-29 04:04:36.287 Option confirm = yes
2017-11-29 04:04:36.287 Option sxl = yes
2017-11-29 04:04:36.287 Option max-data-age = 35
2017-11-29 04:04:36.287 Option vdl-logging = yes
2017-11-29 04:04:36.318 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-11-29 04:04:36.318 Machine ID: b4885b0a54f444248c9275e7ca42dba7
2017-11-29 04:04:36.318 Component SVRTcli.exe version 2.6.1
2017-11-29 04:04:36.318 Component control.dll version 2.6.1
2017-11-29 04:04:36.318 Component SVRTservice.exe version 2.6.1
2017-11-29 04:04:36.318 Component engine\osdp.dll version 1.44.1.2286
2017-11-29 04:04:36.334 Component engine\veex.dll version 3.68.6.2286
2017-11-29 04:04:36.334 Component engine\savi.dll version 9.0.7.2286
2017-11-29 04:04:36.334 Component rkdisk.dll version 1.5.31.1
2017-11-29 04:04:36.334 Version info: Product version 2.6.1
2017-11-29 04:04:36.334 Version info: Detection engine 3.68.6
2017-11-29 04:04:36.334 Version info: Detection data 5.44
2017-11-29 04:04:36.334 Version info: Build date 9/19/2017
2017-11-29 04:04:36.334 Version info: Data files added 470
2017-11-29 04:04:36.334 Version info: Last successful update 11/28/2017 11:03:54 PM
2017-11-29 06:54:24.562 >>> Virus 'Mal/Generic-S' found in file C:\System Volume Information\SystemRestore\FRStaging\Users\Mark\Downloads\namebench-1.3.1-RC5-Windows(7418).exe
2017-11-29 06:54:24.562 >>> Virus 'Mal/Generic-S' found in file C:\System Volume Information\SystemRestore\FRStaging\Users\Mark\Downloads\namebench-1.3.1-RC5-Windows(7418).exe
2017-11-29 06:54:24.562 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-11-29 06:54:24.562 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-11-29 06:54:24.578 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-11-29 06:54:24.578 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-11-29 06:54:24.578 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-11-29 06:54:24.578 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-11-29 06:58:21.792 Could not open C:\System Volume Information\{0a15eea4-d449-11e7-8125-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.807 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.807 Could not open C:\System Volume Information\{48250485-c9ad-11e7-8c34-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.807 Could not open C:\System Volume Information\{5c468145-c36f-11e7-8bf4-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.807 Could not open C:\System Volume Information\{641c3da2-cf8d-11e7-8c8b-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.807 Could not open C:\System Volume Information\{705226b9-be37-11e7-8a59-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.823 Could not open C:\System Volume Information\{80e9d07b-d4b7-11e7-85e2-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.823 Could not open C:\System Volume Information\{9a7722b5-d48f-11e7-8088-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.823 Could not open C:\System Volume Information\{9a7722d8-d48f-11e7-8088-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.839 Could not open C:\System Volume Information\{a7411db1-d2b7-11e7-8c13-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.839 Could not open C:\System Volume Information\{a7411db8-d2b7-11e7-8c13-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.839 Could not open C:\System Volume Information\{c7c3a567-d2c4-11e7-87ec-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.839 Could not open C:\System Volume Information\{d1d233a5-c316-11e7-ba57-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.854 Could not open C:\System Volume Information\{e121d390-cfda-11e7-8258-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 06:58:21.854 Could not open C:\System Volume Information\{f0849f19-d468-11e7-bec8-001f16ed4bf8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-29 07:34:31.506 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-11-29 07:34:31.522 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-11-29 07:34:46.279 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-11-29 07:34:46.295 Could not open C:\Windows\System32\config\RegBack\SAM
2017-11-29 07:34:46.295 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-11-29 07:34:46.310 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-11-29 07:34:46.326 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-11-29 09:12:11.360 Could not open LOGICAL:0004:00000000
2017-11-29 09:12:11.391 Could not open E:\
2017-11-29 09:12:18.489 The following items will be cleaned up:
2017-11-29 09:12:18.489 Mal/Generic-S
November 29th, 2017, 01:52 PM
#45
Uninstall older Java versions:
Java 8 Update 121
Java 8 Update 131
Java 8 Update 144
=====================================
Your computer is clean
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create registry backup Purge System Restore Reset system settings
Now click "Run " and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately !
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
7. Download and install Secunia Personal Software Inspector (PSI) : http://secunia.com/vulnerability_scanning/personal/ . The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker .
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware ), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
10. Read:
How did I get infected?, With steps so it does not happen again! : http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet : http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings : http://www.bleepingcomputer.com/foru.../#entry3187642
11. Please, let me know, how your computer is doing.
Thread Information
Users Browsing this Thread
There are currently 4 users browsing this thread. (0 members and 4 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules