Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe Windows cannot access the specified path


  • This topic is locked This topic is locked
8 replies to this topic

#1 drdream

drdream

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 13 December 2015 - 07:10 PM

Hello I am a software developer, repair, installations, and build my own computers but this one I need help with. No virus program was able to detect anything but it appeared on a 2yo Win7 Installation.

Symptoms:

  1. Explorer (Envelope Icon) will not open "Windows cannot access the specified path"
  2. Remote desktop connections fail
  3. Screensaver fails
  4. Network Icon shows red x

Tried:

  1. Reset all windows permissions
  2. grant Administratiors, and User permission to \windows, etc
  3. Ran MalwareAntibytes in safe mode (found nothing)
  4. Ran Windows defende (found nothing)
  5. Ran Avast (found nothing)
  6. Ran Combofix (Fixed Issue until restart)

 

Combofix Log Below (though this is the second pass, the first pass deleted something like ntuser.? which that log was overwritten when I restarted my computer and had to run it again because the problem came back after restart.

ComboFix 15-12-12.01 - Justice 12/13/2015  18:26:43.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8076.5543 [GMT -5:00]
Running from: f:\users\Justice\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-13 to 2015-12-13  )))))))))))))))))))))))))))))))
.
.
2015-12-13 23:35 . 2015-12-13 23:35    --------    d-----w-    f:\appdata\Local\temp
2015-12-13 23:35 . 2015-12-13 23:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-12-13 23:15 . 2015-12-13 23:15    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB1B167-2AAF-48B0-8316-C8082F18B237}\offreg.6020.dll
2015-12-13 23:06 . 2015-12-13 23:06    --------    d-----w-    c:\program files\AVAST Software
2015-12-13 23:06 . 2015-12-13 23:06    --------    d-----w-    c:\programdata\AVAST Software
2015-12-13 22:47 . 2015-12-13 22:47    --------    d-----w-    c:\programdata\Kaspersky Lab Setup Files
2015-12-13 22:42 . 2015-12-13 22:42    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB1B167-2AAF-48B0-8316-C8082F18B237}\offreg.5512.dll
2015-12-12 00:24 . 2015-12-12 00:24    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB1B167-2AAF-48B0-8316-C8082F18B237}\offreg.1272.dll
2015-12-11 13:43 . 2015-12-11 14:00    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-11 06:59 . 2015-10-29 09:28    11138400    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB1B167-2AAF-48B0-8316-C8082F18B237}\mpengine.dll
2015-12-11 01:20 . 2015-12-11 01:20    901288    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuuc55.dll
2015-12-11 01:20 . 2015-12-11 01:20    59560    ----a-w-    c:\program files (x86)\Mozilla Firefox\lgpllibs.dll
2015-12-11 01:20 . 2015-12-11 01:20    1287848    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuin55.dll
2015-12-11 01:20 . 2015-12-11 01:20    10592424    ----a-w-    c:\program files (x86)\Mozilla Firefox\icudt55.dll
2015-12-08 23:32 . 2015-12-08 23:32    9498816    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-11-30 07:28 . 2015-12-08 00:35    --------    d-----w-    c:\users\Justice\AppData\Local\CrashDumps
2015-11-24 03:22 . 2015-11-24 03:29    --------    d-----w-    c:\program files (x86)\MP3Gain
2015-11-20 09:51 . 2015-11-20 09:51    1707160    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-11-20 09:50 . 2015-11-20 09:50    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-11-20 09:50 . 2015-11-20 09:50    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-11-20 02:48 . 2015-11-20 02:48    --------    d-----w-    c:\program files (x86)\Plex
2015-11-15 19:16 . 2015-11-15 19:16    --------    d-----w-    c:\program files (x86)\Point-N-Click
2015-11-14 03:18 . 2015-11-14 03:18    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-11-14 03:18 . 2015-11-14 03:18    1707160    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-11-14 03:18 . 2015-11-14 03:18    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-11-14 03:18 . 2015-11-14 03:18    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-11 13:43 . 2015-04-03 06:03    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-12-11 01:43 . 2015-04-03 06:03    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-08 23:32 . 2014-11-30 09:18    796864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-08 23:32 . 2014-11-30 09:18    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 18:18 . 2010-11-21 03:27    301728    ------w-    c:\windows\system32\MpSigStub.exe
2015-10-20 01:12 . 2015-11-10 22:44    5570496    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-10 22:44    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-10 22:44    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-10 22:44    1730496    ----a-w-    c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-10 22:44    362496    ----a-w-    c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-10 22:44    243712    ----a-w-    c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-10 22:44    215040    ----a-w-    c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-10 22:44    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-10 22:44    210944    ----a-w-    c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-10 22:44    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-10 22:44    503808    ----a-w-    c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-10 22:44    50176    ----a-w-    c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-10 22:44    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-10 22:44    136192    ----a-w-    c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-10 22:44    28160    ----a-w-    c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-10 22:44    344064    ----a-w-    c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-10 22:44    1216512    ----a-w-    c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-10 22:44    312320    ----a-w-    c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-10 22:44    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-10 22:44    315392    ----a-w-    c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-10 22:44    729600    ----a-w-    c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-10 22:44    1461760    ----a-w-    c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-10 22:44    1164800    ----a-w-    c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-10 22:44    424960    ----a-w-    c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-10 22:44    44032    ----a-w-    c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-10 22:44    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-10 22:44    22016    ----a-w-    c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-10 22:44    112640    ----a-w-    c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-10 22:44    296960    ----a-w-    c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-10 22:44    31232    ----a-w-    c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-10 22:44    338432    ----a-w-    c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-10 22:44    64000    ----a-w-    c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-10 22:44    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-10 22:44    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-10 22:44    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-10 22:44    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 22:44    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:52 . 2015-11-10 22:44    3991488    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-10 22:44    3935680    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-10 22:44    1311768    ----a-w-    c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-10 22:44    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-10 22:44    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-10 22:44    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-10 22:44    251392    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-10 22:44    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-10 22:44    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-10 22:44    223232    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-10 22:44    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-10 22:44    552960    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-10 22:44    36864    ----a-w-    c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-10 22:44    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-10 22:44    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-10 22:44    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2015-10-20 00:44 . 2015-11-10 22:44    50176    ----a-w-    c:\windows\SysWow64\auditpol.exe
2015-10-20 00:44 . 2015-11-10 22:44    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2015-10-20 00:44 . 2015-11-10 22:44    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-10-20 00:44 . 2015-11-10 22:44    665088    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2015-10-20 00:44 . 2015-11-10 22:44    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2015-10-20 00:39 . 2015-11-10 22:44    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-10-20 00:39 . 2015-11-10 22:44    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-10-20 00:35 . 2015-11-10 22:44    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2015-10-20 00:35 . 2015-11-10 22:44    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 22:44    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay-cbfs5]
@="{A9C5677D-70EF-4D28-8B72-2819A4FA5FE3}"
[HKEY_CLASSES_ROOT\CLSID\{A9C5677D-70EF-4D28-8B72-2819A4FA5FE3}]
2015-08-24 17:03    159528    ----a-w-    c:\windows\SysWOW64\cbfsMntNtf5.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2EldosIconOverlay-cbfs5]
@="{74500D38-B71D-4555-AAC4-05C0E95E79C1}"
[HKEY_CLASSES_ROOT\CLSID\{74500D38-B71D-4555-AAC4-05C0E95E79C1}]
2015-08-24 17:03    159528    ----a-w-    c:\windows\SysWOW64\cbfsMntNtf5.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs5]
@="{35C82A8C-F154-4E30-B265-7D5330252619}"
[HKEY_CLASSES_ROOT\CLSID\{35C82A8C-F154-4E30-B265-7D5330252619}]
2015-08-24 17:03    159528    ----a-w-    c:\windows\SysWOW64\cbfsMntNtf5.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Justice\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-10 2026520]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"BitTorrent Sync"="c:\program files\BitTorrent Sync\BTSync.exe" [2015-04-15 6783840]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2014-02-21 1553688]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2015-11-06 6302856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2012-01-25 237872]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2014-11-28 296520]
"RealDownloader"="c:\program files (x86)\RealNetworks\RealDownloader\downloader2.exe" [2014-10-30 560192]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2014-10-30 2452480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-13 7021880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
f:\appdata\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-12-17 1115144]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2015-3-4 1054520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-11-28 1024608]
USBKVM Switcher.lnk - c:\program files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe [2014-12-24 585728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{7F90E47B-D6C3-4F9F-A458-F4370D8997DD}"= "c:\windows\SysWOW64\cbfsMntNtf5.dll" [2015-08-24 159528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs5"= {7F90E47B-D6C3-4F9F-A458-F4370D8997DD} - c:\windows\SysWOW64\cbfsMntNtf5.dll [2015-08-24 159528]
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\Justice\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\Justice\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys;c:\windows\SYSNATIVE\DRIVERS\iLokDrvr.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ngvss;ngvss; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs5;cbfs5;c:\windows\system32\drivers\cbfs5.sys;c:\windows\SYSNATIVE\drivers\cbfs5.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioDelta.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys;c:\windows\SYSNATIVE\DRIVERS\teVirtualMIDI64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-09 22:13    1000264    ----a-w-    c:\program files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-30 23:32]
.
2015-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01 03:52]
.
2015-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01 03:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!BTSync2.0.105Done]
@="{581FFA04-FC33-0069-0002-95003A5CDE89}"
[HKEY_CLASSES_ROOT\CLSID\{581FFA04-FC33-0069-0002-95003A5CDE89}]
2015-04-15 14:15    359936    ----a-w-    c:\program files\BitTorrent Sync\SyncShellExtension_33554537.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!BTSync2.0.105RO]
@="{581FFA03-FC33-0069-0002-95003A5CDE89}"
[HKEY_CLASSES_ROOT\CLSID\{581FFA03-FC33-0069-0002-95003A5CDE89}]
2015-04-15 14:15    359936    ----a-w-    c:\program files\BitTorrent Sync\SyncShellExtension_33554537.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!BTSync2.0.105RW]
@="{581FFA02-FC33-0069-0002-95003A5CDE89}"
[HKEY_CLASSES_ROOT\CLSID\{581FFA02-FC33-0069-0002-95003A5CDE89}]
2015-04-15 14:15    359936    ----a-w-    c:\program files\BitTorrent Sync\SyncShellExtension_33554537.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-13 23:07    873304    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay-cbfs5]
@="{A9C5677D-70EF-4D28-8B72-2819A4FA5FE3}"
[HKEY_CLASSES_ROOT\CLSID\{A9C5677D-70EF-4D28-8B72-2819A4FA5FE3}]
2015-08-24 17:03    185640    ----a-w-    c:\windows\System32\cbfsMntNtf5.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2015-03-23 15:40    89600    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_3945a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2015-03-23 15:40    89088    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_3945a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2015-03-23 15:40    84992    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon_3945a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2015-03-23 15:40    86528    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_3945a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2EldosIconOverlay-cbfs5]
@="{74500D38-B71D-4555-AAC4-05C0E95E79C1}"
[HKEY_CLASSES_ROOT\CLSID\{74500D38-B71D-4555-AAC4-05C0E95E79C1}]
2015-08-24 17:03    185640    ----a-w-    c:\windows\System32\cbfsMntNtf5.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaBadFileOverlay]
@="{EC168C82-5053-422A-BB08-3CD9ACA22E85}"
[HKEY_CLASSES_ROOT\CLSID\{EC168C82-5053-422A-BB08-3CD9ACA22E85}]
2015-10-31 11:51    238672    ----a-w-    c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2015-10-31 11:51    238672    ----a-w-    c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaMirrorOverlay]
@="{8C403C00-4544-4A53-879B-1949390CDE13}"
[HKEY_CLASSES_ROOT\CLSID\{8C403C00-4544-4A53-879B-1949390CDE13}]
2015-10-31 11:51    238672    ----a-w-    c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaNotMirrored]
@="{775CDDED-E6D2-4DD8-8C1F-158BEF44B62A}"
[HKEY_CLASSES_ROOT\CLSID\{775CDDED-E6D2-4DD8-8C1F-158BEF44B62A}]
2015-10-31 11:51    238672    ----a-w-    c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2015-10-31 11:51    238672    ----a-w-    c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs5]
@="{35C82A8C-F154-4E30-B265-7D5330252619}"
[HKEY_CLASSES_ROOT\CLSID\{35C82A8C-F154-4E30-B265-7D5330252619}]
2015-08-24 17:03    185640    ----a-w-    c:\windows\System32\cbfsMntNtf5.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2015-03-23 15:40    84992    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_3945a.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Bitcasa"="c:\program files\Bitcasa\appstart.exe" [2015-03-16 517632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{7F90E47B-D6C3-4F9F-A458-F4370D8997DD}"= "c:\windows\system32\cbfsMntNtf5.dll" [2015-08-24 185640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
TCP: Interfaces\{60D801EA-F4F9-4DAD-954B-3037610465C4}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B3946E6C-4694-41C1-B7A6-B39281AAAC30}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - f:\appdata\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
SSODL-EldosMountNotificator-cbfs5    REG_SZ    {7F90E47B-D6C3-4F9F-A458-F4370D8997DD}- - (no file)
AddRemove-MediaFire Desktop 1.4.26.10815 - c:\users\Justice\AppData\Local\MediaFire Desktop\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PaceLicenseDServices]
"ImagePath"="\"c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-13  18:36:29
ComboFix-quarantined-files.txt  2015-12-13 23:36
ComboFix2.txt  2015-12-13 23:05
.
Pre-Run: 3,768,741,888 bytes free
Post-Run: 3,794,583,552 bytes free
.
- - End Of File - - CB7930D9C4B92C7336FDDC779B93F71A
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 15 December 2015 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Wait for further instructions.

#3 drdream

drdream
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 December 2015 - 08:03 PM

Thanks for your help..

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by Justice (administrator) on JUSTICE-PC (15-12-2015 19:59:00)
Running from C:\Users\Justice\Desktop
Loaded Profiles: Justice (Available Profiles: Justice)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avid, Inc. All rights reserved.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Users\Justice\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Tobias Erichsen) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files\Bitcasa\Bitcasa.exe
(BitTorrent Inc.) C:\Users\Justice\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent, Inc.) C:\Program Files\BitTorrent Sync\BTSync.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(UNICLASS) C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Windows\SysWOW64\DeltaIITray.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(BitTorrent Inc.) C:\Users\Justice\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Justice\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
() C:\Users\Justice\AppData\Local\Temp\Rar$EXa0.553\Explorer++.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [8230480 2015-10-31] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\DeltaIITray.exe [237872 2012-01-25] ()
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-11-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2452480 2014-10-30] (FileZilla Project)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\...\Run: [uTorrent] => C:\Users\Justice\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-09] (BitTorrent Inc.)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\...\Run: [BitTorrent Sync] => C:\Program Files\BitTorrent Sync\BTSync.exe [6783840 2015-04-15] (BitTorrent, Inc.)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6302856 2015-11-06] (Plex, Inc.)
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> MARINE~1.SCR
SSODL: EldosMountNotificator-cbfs5 - {7F90E47B-D6C3-4F9F-A458-F4370D8997DD} - C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {7F90E47B-D6C3-4F9F-A458-F4370D8997DD} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [!BTSync2.0.105Done] -> {581FFA04-FC33-0069-0002-95003A5CDE89} => C:\Program Files\BitTorrent Sync\SyncShellExtension_33554537.dll [2015-04-15] ()
ShellIconOverlayIdentifiers: [!BTSync2.0.105RO] -> {581FFA03-FC33-0069-0002-95003A5CDE89} => C:\Program Files\BitTorrent Sync\SyncShellExtension_33554537.dll [2015-04-15] ()
ShellIconOverlayIdentifiers: [!BTSync2.0.105RW] -> {581FFA02-FC33-0069-0002-95003A5CDE89} => C:\Program Files\BitTorrent Sync\SyncShellExtension_33554537.dll [2015-04-15] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay-cbfs5] -> {A9C5677D-70EF-4D28-8B72-2819A4FA5FE3} => C:\Windows\system32\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_3945a.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_3945a.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_3945a.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_3945a.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2EldosIconOverlay-cbfs5] -> {74500D38-B71D-4555-AAC4-05C0E95E79C1} => C:\Windows\system32\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2015-10-31] ()
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2015-10-31] ()
ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2015-10-31] ()
ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2015-10-31] ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2015-10-31] ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {35C82A8C-F154-4E30-B265-7D5330252619} => C:\Windows\system32\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_3945a.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay-cbfs5] -> {A9C5677D-70EF-4D28-8B72-2819A4FA5FE3} => C:\Windows\SysWOW64\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [2EldosIconOverlay-cbfs5] -> {74500D38-B71D-4555-AAC4-05C0E95E79C1} => C:\Windows\SysWOW64\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {35C82A8C-F154-4E30-B265-7D5330252619} => C:\Windows\SysWOW64\cbfsMntNtf5.dll [2015-08-24] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-28]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USBKVM Switcher.lnk [2014-12-31]
ShortcutTarget: USBKVM Switcher.lnk -> C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe (UNICLASS)
Startup: F:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-01-25]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: F:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-03-04]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{60D801EA-F4F9-4DAD-954B-3037610465C4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B3946E6C-4694-41C1-B7A6-B39281AAAC30}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F9E61C56-001A-4FD4-A6E2-D032A4B900C4}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1827160731-4041404994-1486764324-1000 -> DefaultScope {1ED84925-BCA2-403D-8FD9-C2A69F25A01E} URL =
SearchScopes: HKU\S-1-5-21-1827160731-4041404994-1486764324-1000 -> {1ED84925-BCA2-403D-8FD9-C2A69F25A01E} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> F:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-17] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-11-02] ( )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-11-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-11-28] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF user.js: detected! => F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\user.js [2015-12-13]
FF SearchPlugin: F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\searchplugins\game-development-stack-exchange.xml [2015-09-22]
FF Extension: Firebug - F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\Extensions\firebug@software.joehewitt.com.xpi [2015-10-26]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-05-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13]

Chrome:
=======
CHR Profile: F:\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-29]
CHR Extension: (Google Docs) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29]
CHR Extension: (Google Drive) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Sheets) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-29]
CHR Extension: (Google Docs Offline) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-29]
CHR Extension: (Gmail) - F:\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2015-12-13] (Avast Software)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [777728 2014-10-30] (FileZilla Project) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MF NTFS Monitor; C:\Users\Justice\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-03-23] ()
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88712 2014-09-26] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-07-14] (Microsoft)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-28] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [1142272 2012-08-24] (Tobias Erichsen) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2015-11-02] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [421568 2015-08-24] (EldoS Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2014-11-21] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-03-23] (Windows ® Win 7 DDK provider)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-12-13] (AVAST Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-15] (Tobias Erichsen)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-12-13] (Avast Software)
S3 VSPerfDrv110; F:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 19:59 - 2015-12-15 19:59 - 00029150 _____ C:\Users\Justice\Desktop\FRST.txt
2015-12-15 19:58 - 2015-12-15 19:59 - 00000000 ____D C:\FRST
2015-12-15 19:57 - 2015-12-15 19:57 - 02369536 _____ (Farbar) C:\Users\Justice\Desktop\FRST64.exe
2015-12-13 21:19 - 2015-12-14 10:45 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-12-13 21:19 - 2015-12-14 10:45 - 00000000 ____D C:\Windows\system32\vbox
2015-12-13 18:36 - 2015-12-13 18:36 - 00039027 _____ C:\ComboFix.txt
2015-12-13 18:11 - 2015-12-13 18:11 - 00000000 ____D C:\Users\Justice\AppData\LocalLow\Oracle
2015-12-13 18:07 - 2015-12-13 18:08 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-13 18:07 - 2015-12-13 18:07 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-13 18:07 - 2015-12-13 18:07 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-13 18:07 - 2015-12-13 18:07 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-13 18:07 - 2015-12-13 18:07 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-13 18:07 - 2015-12-13 18:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-13 18:07 - 2015-12-13 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-13 18:07 - 2015-12-13 18:07 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-13 18:06 - 2015-12-13 18:06 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-13 18:06 - 2015-12-13 18:06 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-13 17:56 - 2015-12-13 18:36 - 00000000 ____D C:\Qoobox
2015-12-13 17:56 - 2015-12-13 18:04 - 00000000 ____D C:\Windows\erdnt
2015-12-13 17:56 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-13 17:56 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-13 17:56 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-13 17:56 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-13 17:56 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-13 17:56 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-13 17:56 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-13 17:56 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-13 17:47 - 2015-12-13 17:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-12-13 17:41 - 2015-12-13 17:41 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2015-12-11 19:58 - 2015-12-15 19:56 - 00000000 ____D C:\Users\Justice\AppData\LocalLow\uTorrent
2015-12-11 19:53 - 2015-12-11 19:53 - 00000000 ____D C:\Users\Justice\Desktop\hhh
2015-12-11 19:23 - 2015-12-11 19:23 - 00024369 _____ C:\Users\Justice\Desktop\attach.txt
2015-12-11 19:23 - 2015-12-11 19:22 - 00028846 _____ C:\Users\Justice\Desktop\dds.txt
2015-12-11 08:43 - 2015-12-11 09:00 - 00000000 ____D C:\Users\Justice\Desktop\mbar
2015-12-11 08:43 - 2015-12-11 09:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-10 20:20 - 2015-12-11 19:43 - 00517828 _____ C:\Windows\ntbtlog.txt
2015-12-08 18:32 - 2015-12-08 18:32 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-08 16:43 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 16:43 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 16:43 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 16:43 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 16:43 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 16:43 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 16:43 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 16:43 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 16:43 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 16:43 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 16:43 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 16:43 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 16:43 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 16:43 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 16:43 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 16:43 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 16:43 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 16:43 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 16:43 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 16:43 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 16:43 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 16:43 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 16:43 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 16:43 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 16:43 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 16:43 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 16:43 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 16:43 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 16:43 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 16:43 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 16:43 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 16:43 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 16:43 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 16:43 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 16:43 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 16:43 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 16:43 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 16:43 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 16:43 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 16:43 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 16:43 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 16:43 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 16:43 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 16:43 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 16:43 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 16:43 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 16:43 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 16:43 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 16:43 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 16:43 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 16:43 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 16:43 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 16:43 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 16:43 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 16:43 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 16:43 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 16:43 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 16:43 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 16:43 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 16:43 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 16:43 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 16:43 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 16:43 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 16:43 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 16:43 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 16:43 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 16:43 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 16:43 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 16:43 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 16:43 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 16:43 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 16:43 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 16:43 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 16:43 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 16:43 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 16:43 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 16:43 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 16:43 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 16:43 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 16:43 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 16:43 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 16:43 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 16:43 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 16:43 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 16:43 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 16:43 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 16:43 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 16:43 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 16:43 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 16:43 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-11-30 02:28 - 2015-12-07 19:35 - 00000000 ____D C:\Users\Justice\AppData\Local\CrashDumps
2015-11-27 12:38 - 2015-11-29 12:38 - 00003500 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Justice
2015-11-27 12:38 - 2015-11-29 11:38 - 00003506 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Justice
2015-11-27 12:38 - 2015-11-27 12:38 - 00003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Justice
2015-11-27 12:38 - 2015-11-27 12:38 - 00003218 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Justice
2015-11-23 22:22 - 2015-11-23 22:29 - 00000000 ____D C:\Program Files (x86)\MP3Gain
2015-11-23 22:22 - 2015-11-23 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-11-23 21:10 - 2015-08-24 12:04 - 00123688 _____ (EldoS Corporation) C:\Windows\system32\cbfsNetRdr5.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-11-23 21:10 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-11-22 19:32 - 2015-11-22 19:33 - 00224966 _____ C:\TDSSKiller.3.1.0.6_22.11.2015_19.32.50_log.txt
2015-11-19 21:48 - 2015-11-19 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-11-19 21:48 - 2015-11-19 21:48 - 00000000 ____D C:\Program Files (x86)\Plex
2015-11-15 14:16 - 2015-11-15 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Point-N-Click
2015-11-15 14:16 - 2015-11-15 14:16 - 00000000 ____D C:\Program Files (x86)\Point-N-Click

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 19:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-15 19:56 - 2015-01-01 00:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 19:55 - 2014-12-21 20:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-15 19:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 19:32 - 2014-11-30 04:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 19:13 - 2015-01-01 00:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-14 06:54 - 2009-07-13 23:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 06:54 - 2009-07-13 23:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 20:45 - 2014-12-22 00:02 - 00013079 _____ C:\Users\Justice\Desktop\X-Plane Installer Log.txt
2015-12-13 19:32 - 2009-07-14 00:13 - 00874534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 19:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-13 18:45 - 2014-11-27 01:04 - 00000000 ____D C:\Temp
2015-12-13 18:45 - 2009-07-13 21:34 - 00000542 _____ C:\Windows\win.ini
2015-12-13 18:45 - 2009-07-13 21:34 - 00000257 _____ C:\Windows\system.ini
2015-12-13 18:25 - 2014-11-24 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-13 18:25 - 2014-11-24 21:52 - 00000000 ____D C:\Program Files\WinRAR
2015-12-13 18:11 - 2014-11-21 04:17 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-11 08:43 - 2015-04-03 01:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 20:43 - 2015-04-03 01:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 20:41 - 2014-11-21 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-10 20:20 - 2014-11-21 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 17:13 - 2014-11-21 01:48 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-09 03:19 - 2009-07-13 23:45 - 05237872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 03:18 - 2014-11-27 03:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:18 - 2014-11-27 03:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 03:03 - 2015-02-24 23:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 03:02 - 2014-11-27 03:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 18:32 - 2014-11-30 04:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 18:32 - 2014-11-30 04:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 18:32 - 2014-11-30 04:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-02 13:18 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 10:08 - 2015-01-01 00:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 10:08 - 2014-11-21 01:47 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 02:44 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 20:07 - 2015-03-31 23:13 - 00000000 ____D C:\Users\Justice\AppData\Local\MediaFire Desktop
2015-11-29 20:01 - 2014-12-21 20:20 - 00000000 ____D C:\Users\Justice\AppData\Local\NVIDIA
2015-11-25 00:45 - 2014-11-26 21:07 - 00000000 ____D C:\Program Files (x86)\Digidesign
2015-11-23 21:46 - 2014-11-26 22:02 - 00000000 ____D C:\Users\Justice\Documents\Full Session
2015-11-23 21:41 - 2014-11-26 21:59 - 00000000 ____D C:\Users\Justice\AvidLogFiles
2015-11-23 21:40 - 2015-03-31 23:16 - 00000000 ___HD C:\Users\Justice\.mediafire
2015-11-23 21:10 - 2015-03-22 19:55 - 00001660 _____ C:\Users\Public\Desktop\Bitcasa Drive.lnk
2015-11-23 21:10 - 2015-03-22 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa
2015-11-23 21:10 - 2015-03-22 19:55 - 00000000 ____D C:\Program Files\Bitcasa
2015-11-23 21:10 - 2014-11-21 02:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-22 19:34 - 2015-04-03 01:03 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 19:34 - 2015-04-03 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 19:34 - 2015-04-03 01:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-21 23:08 - 2014-12-05 22:19 - 00002008 ____H C:\Users\Justice\Documents\Default.rdp
2015-11-15 13:35 - 2015-11-07 15:42 - 00000000 ____D C:\Users\Justice\Desktop\CLsearch

==================== Files in the root of some directories =======

2015-04-03 01:09 - 2015-04-03 01:09 - 6103040 _____ () C:\Program Files (x86)\GUT830D.tmp
2015-11-29 19:53 - 2014-11-25 22:08 - 0000000 _____ () F:\AppData\Roaming\1.txt
2015-11-29 19:53 - 2014-12-28 15:16 - 0000291 _____ () F:\AppData\Roaming\OpenSceneryX Installer.plist
2015-02-26 22:48 - 2015-10-20 00:42 - 0001456 _____ () F:\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-22 13:24 - 2015-12-13 20:45 - 0000028 _____ () F:\AppData\Local\X-Plane Installer.prf
2014-12-22 12:55 - 2015-12-13 20:47 - 0000073 _____ () F:\AppData\Local\X-Plane_drm.prf
2014-12-21 20:57 - 2015-10-14 22:38 - 0000197 _____ () F:\AppData\Local\x-plane_install_10.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 05:51

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 16 December 2015 - 09:28 AM

This program is located in a temporary folder. If you want to keep it I suggest you move it to a permanent folder of you choice.
2013-02-03 05:14 - 2013-02-03 05:14 - 01864704 _____ () C:\Users\Justice\AppData\Local\Temp\Rar$EXa0.553\Explorer++.exe

If this is your default browser it may not be seen by the operating system because it's in the Rar$EXa0.553\ folder.
===

Do you know what this is?

FirewallRules: [{CE7F2C4A-02EE-44D9-B849-A3B1888A70CE}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
FirewallRules: [{E2208991-763F-493B-BAA4-8956ACD4222B}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe


If not I suggest you add these lines in bold to text in the fix below before you save the Fixlist.txt file.

FirewallRules: [{CE7F2C4A-02EE-44D9-B849-A3B1888A70CE}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
FirewallRules: [{E2208991-763F-493B-BAA4-8956ACD4222B}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\user.js [2015-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B2C07BDD-8BD7-4F9B-9BF8-3A7748CCBFA1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:9tkHWNoyIXd1nHrgtE3Rps537
AlternateDataStreams: C:\ProgramData\Microsoft:fHdObIhcRpiKDojEQk4Va1N
AlternateDataStreams: C:\ProgramData\Microsoft:xZvQlz8dfiSe8O6ZRA
AlternateDataStreams: C:\ProgramData\Microsoft:zVoQJRu12GaJD3WhgpKIwx
AlternateDataStreams: C:\Users\Justice\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Justice\Cookies:iriLYudKp0tV1ErHsbv
AlternateDataStreams: C:\Users\Justice\Cookies:SHlFrLA9EIZwJJkET8c2zvprR
AlternateDataStreams: C:\Users\Justice\Local Settings:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\Local Settings:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\Local Settings:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\Local Settings:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\AppData\Local:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\AppData\Local:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\AppData\Local:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local\Temporary Internet Files:SKiwh4aPRaMxItUrTMSPjeLUS
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
C:\Program Files (x86)\GUT830D.tmp
C:\Program Files (x86)\MyPC Backup

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
You can do this when all is well.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.

Java 8 Update 40
===

Please let me know what problem persists.

#5 drdream

drdream
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 16 December 2015 - 10:50 AM

Hello.. Thanks again so much for your help.. Problem remains after restart.

 

C:\Users\Justice\AppData\Local\Temp\Rar$EXa0.553\Explorer++.exe

 

This is a file explorer im using because the windows file explorer has the original issue. I understand it should be moved to a permanent place. But it is not a web browser.

 

FirewallRules: [{CE7F2C4A-02EE-44D9-B849-A3B1888A70CE}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
FirewallRules: [{E2208991-763F-493B-BAA4-8956ACD4222B}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe

 

Do not recognize these files and have added them to the fixlist.txt file

 

Results of fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 02
Ran by Justice (2015-12-16 10:40:56) Run:1
Running from C:\Users\Justice\Desktop
Loaded Profiles: Justice (Available Profiles: Justice)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\user.js [2015-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B2C07BDD-8BD7-4F9B-9BF8-3A7748CCBFA1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:9tkHWNoyIXd1nHrgtE3Rps537
AlternateDataStreams: C:\ProgramData\Microsoft:fHdObIhcRpiKDojEQk4Va1N
AlternateDataStreams: C:\ProgramData\Microsoft:xZvQlz8dfiSe8O6ZRA
AlternateDataStreams: C:\ProgramData\Microsoft:zVoQJRu12GaJD3WhgpKIwx
AlternateDataStreams: C:\Users\Justice\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Justice\Cookies:iriLYudKp0tV1ErHsbv
AlternateDataStreams: C:\Users\Justice\Cookies:SHlFrLA9EIZwJJkET8c2zvprR
AlternateDataStreams: C:\Users\Justice\Local Settings:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\Local Settings:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\Local Settings:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\Local Settings:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\AppData\Local:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\AppData\Local:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\AppData\Local:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:gHqlesu6wEotBMUY7u9YAI
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:Nb9ockKrblhU27LTyP51h
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:pNs7f2hKDLLTMl8LJ9nybue
AlternateDataStreams: C:\Users\Justice\AppData\Local\Application Data:q53sR4AZPYdlaSlzu
AlternateDataStreams: C:\Users\Justice\AppData\Local\Temporary Internet Files:SKiwh4aPRaMxItUrTMSPjeLUS
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
C:\Program Files (x86)\GUT830D.tmp
C:\Program Files (x86)\MyPC Backup
FirewallRules: [{CE7F2C4A-02EE-44D9-B849-A3B1888A70CE}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
FirewallRules: [{E2208991-763F-493B-BAA4-8956ACD4222B}] => (Allow) C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp\CnetInstaller-10060498.exe
C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1827160731-4041404994-1486764324-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
F:\AppData\Roaming\Mozilla\Firefox\Profiles\0fv53544.default\user.js => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
catchme => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2C07BDD-8BD7-4F9B-9BF8-3A7748CCBFA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2C07BDD-8BD7-4F9B-9BF8-3A7748CCBFA1}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
C:\ProgramData\Microsoft => ":9tkHWNoyIXd1nHrgtE3Rps537" ADS removed successfully.
C:\ProgramData\Microsoft => ":fHdObIhcRpiKDojEQk4Va1N" ADS removed successfully.
C:\ProgramData\Microsoft => ":xZvQlz8dfiSe8O6ZRA" ADS removed successfully.
C:\ProgramData\Microsoft => ":zVoQJRu12GaJD3WhgpKIwx" ADS removed successfully.
C:\Users\Justice\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
"C:\Users\Justice\Cookies" => ":iriLYudKp0tV1ErHsbv" ADS not found.
"C:\Users\Justice\Cookies" => ":SHlFrLA9EIZwJJkET8c2zvprR" ADS not found.
"C:\Users\Justice\Local Settings" => ":gHqlesu6wEotBMUY7u9YAI" ADS not found.
"C:\Users\Justice\Local Settings" => ":Nb9ockKrblhU27LTyP51h" ADS not found.
"C:\Users\Justice\Local Settings" => ":pNs7f2hKDLLTMl8LJ9nybue" ADS not found.
"C:\Users\Justice\Local Settings" => ":q53sR4AZPYdlaSlzu" ADS not found.
C:\Users\Justice\AppData\Local => ":gHqlesu6wEotBMUY7u9YAI" ADS removed successfully.
C:\Users\Justice\AppData\Local => ":Nb9ockKrblhU27LTyP51h" ADS removed successfully.
C:\Users\Justice\AppData\Local => ":pNs7f2hKDLLTMl8LJ9nybue" ADS removed successfully.
C:\Users\Justice\AppData\Local => ":q53sR4AZPYdlaSlzu" ADS removed successfully.
"C:\Users\Justice\AppData\Local\Application Data" => ":gHqlesu6wEotBMUY7u9YAI" ADS not found.
"C:\Users\Justice\AppData\Local\Application Data" => ":Nb9ockKrblhU27LTyP51h" ADS not found.
"C:\Users\Justice\AppData\Local\Application Data" => ":pNs7f2hKDLLTMl8LJ9nybue" ADS not found.
"C:\Users\Justice\AppData\Local\Application Data" => ":q53sR4AZPYdlaSlzu" ADS not found.
"C:\Users\Justice\AppData\Local\Temporary Internet Files" => ":SKiwh4aPRaMxItUrTMSPjeLUS" ADS not found.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Program Files (x86)\GUT830D.tmp => moved successfully
"C:\Program Files (x86)\MyPC Backup" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE7F2C4A-02EE-44D9-B849-A3B1888A70CE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2208991-763F-493B-BAA4-8956ACD4222B} => value removed successfully
"C:\Users\Justice\AppData\Local\Temp\nsfF04B.tmp" => not found.
EmptyTemp: => 910.1 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-16 10:46:24)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 10:46:24 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 16 December 2015 - 11:21 AM




Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    .. 02.01 File Permissions C:\
    .. 02.02 File Permissions D:\
    03 - Reset Service permissions
    04 - Register System Files
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    13 - Repair Network (previously Repair Winsock & DNS Cache)
    23 - Repair File Associations (12)
    .. 23.01 - Repair bat Associations
    .. 23.02 - Repair cmd Associations
    .. 23.03 - Repair com Associations
    .. 23.04 - Repair Directory Associations
    .. 23.05 - Repair Drive Associations
    .. 23.06 - Repair exe Associations
    .. 23.07 - Repair Folder Associations
    .. 23.08 - Repair inf Associations
    .. 23.09 - Repair lnk (Shortcut) Associations
    .. 23.10 - Repair msc Associations
    .. 23.11 - Repair reg Associations
    .. 23.12 - Repair scr Associations
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================






#7 drdream

drdream
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 December 2015 - 02:01 PM

Yes It is working now! Thanks so much for your help. People like you taking the time to help people in great detail is more than most companies can offer.. You do a great service to the computing and world at large. Many thanks



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 18 December 2015 - 08:30 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 24 December 2015 - 10:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users