Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/Agent.ym.gen!.Eldorado Malicious Software


  • This topic is locked This topic is locked
30 replies to this topic

#1 Budnarrow

Budnarrow

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 31 December 2015 - 04:06 AM

Hello all,

              I have been getting these W32/Agent.YM.gen!Eldorado and W32/Symmi.AJ.gen!Eldorado Malicious software over and over again constantly.

 

I have System Mechanic's System Sheild and it found and removed these Virus's I am not sure how ever every thing has been fixed because I have a bunch of things wrong one thing in particular is the computer logs on slowly, then also the Windows .Msi Installer get corrupted, it only opens in notepad.

 

I should also note that I am currently having BSOD's with a Realtek audio driver atihdw76.sys. I ran a Sfc /scannow and it says that DDores.dll is corrupted. I have also added a new Memory and I am not sure things are working well with that.

 

 

Here is the Requested FRST.txt;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by Bill (administrator) on BILL-PC-II (31-12-2015 02:41:21)
Running from C:\Users\Bill\Downloads
Loaded Profiles: Bill (Available Profiles: Bill)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Realtek) C:\Program Files (x86)\TRENDnet\High Power 150Mbps Wireless N USB Adapter Utility\RtlService.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(Realtek) C:\Windows\SwUSB.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
() C:\Users\Bill\AppData\Local\Amazon Music\Amazon Music Helper.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\TRENDnet\High Power 150Mbps Wireless N USB Adapter Utility\RtWLan.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Bill\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\USB-AC56 WLAN Card Utilities\WlanMgr.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_267_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2015-12-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2015-12-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2015-10-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2015-10-25] (CANON INC.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2015-12-29] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\common\Lib\ioloLManager.exe [4537256 2015-12-29] (iolo technologies, LLC)
HKU\S-1-5-21-2023432799-3288899234-3202343938-1002\...\Run: [BingSvc] => C:\Users\Bill\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2023432799-3288899234-3202343938-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2023432799-3288899234-3202343938-1002\...\MountPoints2: {a1f417da-66cf-11e5-9c5f-00051b00b9f2} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-04-13]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\iavlsp.dll [118784 2015-10-03] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\Windows\SysWOW64\iavlsp.dll [118784 2015-10-03] (iolo technologies, LLC)
Winsock: Catalog9 14 C:\Windows\SysWOW64\iavlsp.dll [118784 2015-10-03] (iolo technologies, LLC)
Winsock: Catalog9-x64 01 C:\Windows\system32\iavlsp64.dll [160256 2015-12-29] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\iavlsp64.dll [160256 2015-12-29] ()
Winsock: Catalog9-x64 14 C:\Windows\system32\iavlsp64.dll [160256 2015-12-29] ()
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
Tcpip\..\Interfaces\{6C74E754-900F-4701-B256-61751C8C7308}: [NameServer] 24.220.0.10,24.220.0.11
Tcpip\..\Interfaces\{6C74E754-900F-4701-B256-61751C8C7308}: [DhcpNameServer] 24.220.0.10 24.220.0.11
Tcpip\..\Interfaces\{823412F9-23D6-4024-BD4B-6DFFB8FAFCB7}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ED6C37A9-F507-47C5-924A-460DCDB976EA}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKU\S-1-5-21-2023432799-3288899234-3202343938-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKU\S-1-5-21-2023432799-3288899234-3202343938-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2023432799-3288899234-3202343938-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2023432799-3288899234-3202343938-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2023432799-3288899234-3202343938-1002 -> {5C8B65BC-D5E4-411B-B019-CA1D72B1737A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US91025D20150414&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2023432799-3288899234-3202343938-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2023432799-3288899234-3202343938-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-11-10] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-11-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-11-10] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-17] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-12-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2015-09-29] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-12-29] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4681128 2015-12-29] (iolo technologies, LLC)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2015-10-25] (Trend Micro Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-11-16] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TEW-646UBG; C:\Program Files (x86)\TRENDnet\High Power 150Mbps Wireless N USB Adapter Utility\RtlService.exe [36864 2015-11-16] (Realtek) [File not signed]
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2015-12-29] (CYREN Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2015-09-29] (Broadcom Corporation.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-02] (McAfee, Inc.)
R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2015-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2015-03-23] (EldoS Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3045592 2015-11-16] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3045592 2015-11-16] (Realtek Semiconductor Corporation                           )
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 AX88772; system32\DRIVERS\ax88772.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 30BFEEE0DFFD5BD79D29157CF080DEED
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8A22BE3663C0A93F7E4C1A458FC0817A
C:\Windows\System32\DRIVERS\atikmpag.sys C0C27A1094F6EA978FB2CAACFDE0E594
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 321533578132C811EC834A1B741C994C
C:\Windows\System32\DRIVERS\amd_sata.sys CAEE7C1AFC9F1C9EE8DD11ACD18D22E7
C:\Windows\System32\DRIVERS\amd_xata.sys 23726116B4FBCC84FC45B95157C08F5F
C:\Windows\system32\Drivers\amp.sys C533D6D64B474FFC3169A0E0FC0A701A
C:\Windows\system32\Drivers\ampse.sys 13DD624B0C2E22971A652BA8000B5007
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\System32\DRIVERS\appexDrv.sys CF6E96336D3B247AB48F28CC570B83D8
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B4174564AD5834A1680610572477878C
C:\Windows\System32\drivers\AtihdW76.sys F270AFC3848C54C67E3BFB892CE9B9C6
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys D70CEC0C62FDC1772ACD42EEF467F491
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 96E22173FD0E2670A2A20C1EEECA162A
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys FB2B06F2FA6A51CEBAB148A998CBD5C4
C:\Windows\System32\DRIVERS\cmdguard.sys F70486A90296F60DD7264DE05C0CAA23
C:\Windows\System32\DRIVERS\cmdhlp.sys 12944DDE0FBE29DAE48B2FFE740F3C36
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 4C120D2B2EA269EAE7A5744794EB6DB1
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 0FFA95F1171F64F2A51F69A75B1EFF4A
C:\Windows\System32\drivers\RTKVHD64.sys F2744FD54BE1580BE05916D1C755C92A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys BCC83F22805F560C8A487F2F296A78FE
C:\Windows\System32\Drivers\ksecpkg.sys 33D52A96BEEE8AFCE9E07EEC9FE0C9DB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys 6DD47819221E535118EBC3C7572E386F
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 73ADDCC406B86E7DA4416691E8E74BDA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7C81098FBAF2EAF5B54B939F832B0F61
C:\Windows\System32\DRIVERS\mrxsmb20.sys ACB763673BCCE6C7B3B8F858C9FE4F1F
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\DRIVERS\NuidFltr.sys 96ACBF3DDC38A52FEE115F577F36568F
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 9F5E27C8B88A8DA1DC93E93A5C27BB9B
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\system32\drivers\rawdsk3.sys 1155DA631D185C65262D62DAA016A371
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\DRIVERS\Rt64win7.sys 16D4E350420BAA7E63E16E3FC033E1F5
C:\Windows\System32\DRIVERS\rtwlanu.sys E376A8FA2AD3888DACA23CFC0DE1AA54
C:\Windows\System32\DRIVERS\RTL8192su.sys B3F36B4B3F192EA87DDC119F3A0B3E45
C:\Windows\System32\DRIVERS\rtwlanu.sys E376A8FA2AD3888DACA23CFC0DE1AA54
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\System32\DRIVERS\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-31 02:41 - 2015-12-31 02:43 - 00040582 _____ C:\Users\Bill\Downloads\FRST.txt
2015-12-31 02:40 - 2015-12-31 02:41 - 00000000 ____D C:\FRST
2015-12-31 02:40 - 2015-12-31 02:40 - 02370560 _____ (Farbar) C:\Users\Bill\Downloads\FRST64.exe
2015-12-31 02:30 - 2015-12-31 02:30 - 00001392 _____ C:\Users\Bill\Desktop\TSA AdwareRemoval Tool.txt
2015-12-31 02:21 - 2015-12-31 02:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-12-31 02:21 - 2015-12-31 02:21 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2015-12-31 02:20 - 2015-12-31 02:20 - 00700584 _____ C:\Users\Bill\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-12-31 02:11 - 2015-12-31 02:14 - 00003082 _____ C:\Users\Bill\Desktop\Rkill.txt
2015-12-31 02:11 - 2015-12-31 02:11 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Bill\Downloads\rkill.exe
2015-12-31 02:09 - 2015-12-31 02:09 - 00002373 _____ C:\Users\Bill\Desktop\FSS.txt
2015-12-31 01:38 - 2015-12-31 01:39 - 00017702 _____ C:\Users\Bill\Desktop\MBRCheck_12.31.15_01.38.38.txt
2015-12-31 01:38 - 2015-12-31 01:38 - 00080384 _____ C:\Users\Bill\Downloads\MBRCheck.exe
2015-12-31 01:12 - 2015-12-31 01:12 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2015-12-31 01:12 - 2015-12-31 01:12 - 00000408 _____ C:\Windows\system32\iolo.ini
2015-12-30 22:11 - 2015-12-30 22:11 - 00043871 _____ C:\Users\Bill\Desktop\sfcdetails.txt
2015-12-30 19:57 - 2015-12-30 19:57 - 00000000 ____D C:\Users\Bill\Documents\Computer Tech
2015-12-30 17:12 - 2015-12-30 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-30 17:01 - 2015-12-30 17:02 - 14493188 _____ C:\Users\Bill\Downloads\Splendid_K43BY_K43TA_Win7_64_Z1020036.zip
2015-12-30 15:28 - 2015-12-30 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-12-30 13:39 - 2015-12-30 13:39 - 00275280 _____ C:\Windows\Minidump\123015-23228-01.dmp
2015-12-30 12:17 - 2015-12-30 12:18 - 00000000 ____D C:\Users\Bill\Desktop\Found virus's
2015-12-30 09:38 - 2015-12-30 09:38 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-12-30 09:38 - 2015-12-30 09:38 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-12-30 09:38 - 2015-12-30 09:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-12-30 09:38 - 2015-12-30 09:38 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-12-29 23:21 - 2015-12-29 23:21 - 00000000 ___HD C:\OneDriveTemp
2015-12-29 22:22 - 2015-12-29 22:22 - 00000000 ____D C:\ProgramData\Commtouch
2015-12-29 22:22 - 2015-12-29 22:22 - 00000000 ____D C:\Program Files\Common Files\Commtouch
2015-12-29 22:22 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\Windows\system32\Drivers\ampse.sys
2015-12-29 22:21 - 2015-12-29 22:21 - 02142120 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2015-12-29 22:21 - 2015-12-29 22:21 - 02084264 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2015-12-29 22:21 - 2015-12-29 22:21 - 01188272 _____ C:\Windows\isRS-000.tmp
2015-12-29 22:21 - 2015-12-29 22:21 - 00083224 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2015-12-29 22:21 - 2015-12-29 22:21 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2015-12-29 22:21 - 2015-12-29 22:21 - 00056744 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2015-12-29 22:21 - 2015-12-29 22:21 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2015-12-29 22:21 - 2015-12-29 22:21 - 00025512 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2015-12-29 22:21 - 2015-12-29 22:21 - 00003144 _____ C:\Windows\System32\Tasks\iolo Process Governor
2015-12-29 22:21 - 2015-12-29 22:21 - 00000000 ____D C:\Users\Bill\AppData\Roaming\ioloGovernor
2015-12-29 22:21 - 2015-12-29 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2015-12-29 22:21 - 2015-12-29 22:21 - 00000000 ____D C:\ProgramData\ioloGovernor
2015-12-29 22:21 - 2015-12-29 22:21 - 00000000 ____D C:\Program Files (x86)\iolo
2015-12-29 22:18 - 2015-12-29 22:18 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2015-12-29 21:45 - 2015-12-29 23:19 - 00000000 ____D C:\ProgramData\iolo
2015-12-29 21:45 - 2015-12-29 22:47 - 00000000 ____D C:\Users\Bill\AppData\Roaming\iolo
2015-12-29 21:28 - 2015-12-29 21:28 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-12-29 21:28 - 2015-12-29 21:28 - 00000000 ____D C:\Program Files\Realtek
2015-12-29 21:27 - 2015-12-29 21:27 - 03213928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 02957544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-12-29 21:27 - 2015-12-29 21:27 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 02528872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 01914472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-12-29 21:27 - 2015-12-29 21:27 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00180048 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00099432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00083792 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-12-29 21:27 - 2015-12-29 21:27 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-12-29 21:27 - 2011-10-18 16:41 - 00150996 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-29 21:27 - 2011-10-14 13:43 - 01873920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-12-29 21:26 - 2015-12-29 21:26 - 01698408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-12-29 21:04 - 2015-12-30 21:38 - 00000000 ____D C:\Program Files\WhoCrashed
2015-12-29 21:04 - 2015-12-29 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-12-29 20:54 - 2015-12-29 20:54 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD
2015-12-29 20:52 - 2015-12-29 20:52 - 00978173 _____ C:\Users\Bill\Downloads\System_Monitor_AMD_Win7_64_Z1008.zip
2015-12-29 20:48 - 2015-12-29 20:48 - 00000000 ____D C:\Users\Bill\Downloads\WDM
2015-12-29 20:48 - 2015-12-29 20:48 - 00000000 ____D C:\Users\Bill\Downloads\Vista64
2015-12-29 20:47 - 2015-12-29 20:48 - 00000000 ____D C:\Users\Bill\Downloads\Vista
2015-12-29 20:47 - 2015-12-29 20:47 - 00000000 ____D C:\Users\Bill\Downloads\MSHDQFE
2015-12-29 20:47 - 2015-12-29 20:47 - 00000000 ____D C:\Users\Bill\Downloads\ASF3GUI
2015-12-29 20:38 - 2015-12-29 20:57 - 139985476 _____ C:\Users\Bill\Downloads\Audio_Realtek_Compal_Win7_64_Z6016482 (1).zip
2015-12-29 20:06 - 2015-12-29 20:07 - 00275224 _____ C:\Windows\Minidump\122915-64740-01.dmp
2015-12-29 18:52 - 2015-12-29 18:52 - 00000000 ____D C:\inetpub
2015-12-29 17:26 - 2015-12-29 17:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-29 17:26 - 2015-12-29 17:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-29 17:26 - 2015-12-29 17:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-29 17:26 - 2015-12-29 17:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-29 17:26 - 2015-12-29 17:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-29 17:26 - 2015-12-29 17:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-29 17:26 - 2015-12-29 17:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-29 17:26 - 2015-12-29 17:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-29 17:26 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-29 17:26 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-29 17:09 - 2015-12-29 17:09 - 08847304 _____ (AppEx Networks ) C:\Users\Bill\Downloads\abc.exe
2015-12-29 16:44 - 2015-12-29 16:44 - 00057255 _____ C:\Users\Bill\Downloads\startuplist.txt
2015-12-29 16:05 - 2015-12-29 16:05 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 16:05 - 2015-12-29 16:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 16:02 - 2015-12-29 16:02 - 01163968 _____ (Adobe Systems Incorporated) C:\Users\Bill\Downloads\uninstall_flash_player.exe
2015-12-29 16:02 - 2015-12-29 16:02 - 00000000 _____ C:\Users\Bill\Downloads\uninstall_flash_player.exe.tw3wvry.partial
2015-12-29 15:20 - 2015-12-29 15:20 - 00000000 ____D C:\Users\Bill\Desktop\Virus Text files
2015-12-29 15:12 - 2015-12-29 15:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-29 15:12 - 2015-12-29 15:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-29 15:11 - 2015-12-29 15:11 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-29 15:11 - 2015-12-29 15:11 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-29 15:11 - 2015-12-29 15:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-29 15:11 - 2015-12-29 15:11 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-29 15:11 - 2015-12-29 15:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-29 15:11 - 2015-12-29 15:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-29 15:11 - 2015-11-06 04:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-29 15:11 - 2015-11-06 03:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-29 15:11 - 2015-11-06 03:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-29 15:10 - 2015-12-29 15:11 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-29 15:10 - 2015-12-29 15:10 - 19350528 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 15422976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 14269952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 13723648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 03806208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-29 15:10 - 2015-12-29 15:10 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00592384 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-29 15:10 - 2015-12-29 15:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-12-29 15:10 - 2015-12-29 15:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-29 15:10 - 2015-12-29 15:10 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-29 15:10 - 2015-11-06 04:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-29 15:09 - 2015-12-29 15:09 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-29 15:09 - 2015-12-29 15:09 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-29 15:09 - 2015-12-29 15:09 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-29 15:09 - 2015-12-29 15:09 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-29 15:09 - 2015-12-29 15:09 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-29 15:09 - 2015-12-29 15:09 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-29 15:09 - 2015-12-29 15:09 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-29 15:08 - 2015-12-29 15:08 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-29 15:08 - 2015-12-29 15:08 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-29 09:52 - 2015-12-29 09:52 - 00003122 _____ C:\Windows\System32\Tasks\{F0438A34-FBDC-471C-A15C-4184449B341B}
2015-12-29 09:47 - 2015-12-29 18:05 - 00000000 ____D C:\Users\Bill\Downloads\backups
2015-12-29 09:43 - 2015-12-29 09:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bill\Downloads\HijackThis.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-31 02:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-31 01:28 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-31 01:28 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-31 01:17 - 2015-09-19 21:15 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Skype
2015-12-31 01:16 - 2015-04-13 05:56 - 00000000 ___HD C:\ASUS.DAT
2015-12-31 01:12 - 2015-06-01 20:17 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-31 01:12 - 2015-04-14 10:42 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2015-12-31 01:12 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 20:56 - 2015-11-08 19:03 - 00003204 _____ C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Pandora.website
2015-12-30 20:24 - 2015-10-11 22:37 - 00007641 _____ C:\Users\Bill\AppData\Local\Resmon.ResmonCfg
2015-12-30 19:44 - 2009-07-13 21:20 - 00000000 ____D C:\PerfLogs
2015-12-30 17:36 - 2015-04-14 19:05 - 00000000 ____D C:\Users\Bill\Desktop\Program Links
2015-12-30 17:12 - 2015-09-19 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-30 17:12 - 2015-09-19 21:15 - 00000000 ____D C:\Users\Bill\AppData\Local\Skype
2015-12-30 17:12 - 2015-09-19 21:14 - 00000000 ____D C:\ProgramData\Skype
2015-12-30 17:03 - 2015-04-13 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-12-30 17:03 - 2011-02-03 08:17 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-30 17:00 - 2015-10-04 17:48 - 00000024 _____ C:\Windows\ATKPF.ini
2015-12-30 16:34 - 2009-07-13 23:13 - 01003156 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-30 16:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-30 16:10 - 2015-04-17 19:58 - 00000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2015-12-30 15:15 - 2015-09-07 17:11 - 00000000 ____D C:\Users\Bill\Documents\ASUS
2015-12-30 13:39 - 2015-11-18 20:50 - 914858955 _____ C:\Windows\MEMORY.DMP
2015-12-30 13:39 - 2015-04-17 18:51 - 00000000 ____D C:\Windows\Minidump
2015-12-30 13:16 - 2015-04-15 20:38 - 00000000 ___RD C:\Users\Bill\OneDrive
2015-12-30 12:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-30 12:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-12-30 12:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-12-30 11:58 - 2015-07-10 18:41 - 00000000 ____D C:\Users\Bill\AppData\Local\Amazon Music
2015-12-30 07:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-29 23:39 - 2011-02-03 07:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-29 23:36 - 2015-10-13 18:16 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-12-29 23:27 - 2015-04-13 18:50 - 00000000 ____D C:\Program Files\P4G
2015-12-29 23:17 - 2015-04-13 05:56 - 00000000 ____D C:\Users\Bill
2015-12-29 23:06 - 2015-04-17 19:41 - 00002248 _____ C:\Windows\SysWOW64\Netbooster_Log.txt
2015-12-29 22:25 - 2015-04-13 05:58 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-12-29 22:21 - 2015-10-03 14:57 - 00160256 _____ C:\Windows\system32\iavlsp64.dll
2015-12-29 22:21 - 2015-04-14 10:38 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-12-29 22:21 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2015-12-29 21:29 - 2015-04-13 18:38 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-12-29 21:28 - 2015-10-17 23:51 - 00000000 ____D C:\Users\Bill\AppData\Local\Downloaded Installations
2015-12-29 20:54 - 2015-08-06 18:45 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-29 20:48 - 2011-11-01 16:23 - 03098623 _____ C:\Users\Bill\Downloads\data1.cab
2015-12-29 20:48 - 2011-11-01 16:23 - 00456860 _____ C:\Users\Bill\Downloads\setup.ibt
2015-12-29 20:48 - 2011-11-01 16:23 - 00034152 _____ C:\Users\Bill\Downloads\data1.hdr
2015-12-29 20:48 - 2011-11-01 16:23 - 00000512 _____ C:\Users\Bill\Downloads\data2.cab
2015-12-29 20:48 - 2011-11-01 16:23 - 00000473 _____ C:\Users\Bill\Downloads\layout.bin
2015-12-29 20:48 - 2011-08-31 19:12 - 01698408 _____ (Realtek Semiconductor Corp.) C:\Users\Bill\Downloads\RtlExUpd.dll
2015-12-29 20:48 - 2011-05-23 16:57 - 00000028 _____ C:\Users\Bill\Downloads\Install.cmd
2015-12-29 20:48 - 2009-08-25 14:09 - 00553805 _____ C:\Users\Bill\Downloads\engine32.cab
2015-12-29 20:48 - 2005-11-14 16:24 - 00121064 _____ (Macrovision Corporation) C:\Users\Bill\Downloads\Setup.exe
2015-12-29 20:47 - 2011-11-04 11:08 - 00000167 _____ C:\Users\Bill\Downloads\UnInst_SMAP.bat
2015-12-29 20:47 - 2011-11-01 16:23 - 00410340 _____ C:\Users\Bill\Downloads\setup.inx
2015-12-29 20:47 - 2011-11-01 14:15 - 00001594 _____ C:\Users\Bill\Downloads\setup.ini
2015-12-29 20:47 - 2011-01-21 03:32 - 00000044 _____ C:\Users\Bill\Downloads\Uninstall.cmd
2015-12-29 20:47 - 2010-04-22 10:42 - 00000110 _____ C:\Users\Bill\Downloads\UnInst_SRSAP.bat
2015-12-29 20:47 - 2007-11-14 15:18 - 00000553 _____ C:\Users\Bill\Downloads\USetup.iss
2015-12-29 20:47 - 2005-11-15 07:54 - 00250296 _____ C:\Users\Bill\Downloads\setup.isn
2015-12-29 20:47 - 2005-05-31 15:01 - 00000551 _____ C:\Users\Bill\Downloads\setup.iss
2015-12-29 20:07 - 2009-07-13 22:45 - 00479664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-29 20:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-29 18:53 - 2015-04-17 18:19 - 00955192 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-29 18:34 - 2015-04-14 11:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-29 16:06 - 2015-04-14 10:51 - 00000000 ____D C:\Users\Bill\AppData\Local\Adobe
2015-12-29 15:39 - 2015-11-07 18:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-29 15:39 - 2015-11-07 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-29 15:31 - 2015-11-07 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-29 15:26 - 2015-04-13 07:31 - 00000000 ____D C:\Windows\system32\MRT
2015-12-29 15:17 - 2015-04-14 06:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-29 15:17 - 2015-04-14 06:34 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-29 15:17 - 2015-04-13 07:31 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-29 11:29 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-29 10:10 - 2015-04-17 20:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-29 10:07 - 2015-04-17 19:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-29 09:40 - 2015-08-22 00:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-05-06 21:06 - 2015-11-08 15:49 - 0000626 _____ () C:\Users\Bill\AppData\Roaming\All CPU MeterV3_Settings.ini
2015-10-18 00:21 - 2015-11-05 19:34 - 0000620 _____ () C:\Users\Bill\AppData\Roaming\BILL-PC.MTBF.txt
2015-07-05 15:26 - 2015-07-06 17:00 - 0000599 _____ () C:\Users\Bill\AppData\Roaming\Digital Clock_Settings.ini
2015-07-05 15:18 - 2015-10-12 18:51 - 0000841 _____ () C:\Users\Bill\AppData\Roaming\Drives Meter_Settings.ini
2015-05-30 20:03 - 2015-05-30 20:03 - 0000507 _____ () C:\Users\Bill\AppData\Roaming\Drives Monitor_Settings.ini
2015-07-05 15:16 - 2015-07-11 21:55 - 0000283 _____ () C:\Users\Bill\AppData\Roaming\GPU MeterV2_Settings.ini
2015-05-06 21:07 - 2015-05-06 21:07 - 0000720 _____ () C:\Users\Bill\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
2015-05-06 21:26 - 2015-05-30 20:04 - 0000723 _____ () C:\Users\Bill\AppData\Roaming\GPU Monitor_GPU1_Settings.ini
2015-07-05 15:15 - 2015-09-19 15:51 - 0001251 _____ () C:\Users\Bill\AppData\Roaming\Network Meter_Settings.ini
2015-07-08 15:06 - 2015-09-19 16:14 - 0000024 _____ () C:\Users\Bill\AppData\Roaming\Network Meter_Usage.ini
2015-05-06 21:06 - 2015-05-31 14:06 - 0000829 _____ () C:\Users\Bill\AppData\Roaming\Network Monitor II_#0_Settings.ini
2015-05-08 19:59 - 2015-06-24 14:51 - 0000136 _____ () C:\Users\Bill\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2015-07-05 15:28 - 2015-08-06 16:36 - 0000460 _____ () C:\Users\Bill\AppData\Roaming\Weather Meter_Settings.ini
2015-10-18 00:22 - 2015-11-05 21:18 - 0001061 _____ () C:\Users\Bill\AppData\Roaming\__AvidCloudManager.log
2015-10-18 00:22 - 2015-10-18 11:54 - 0000678 _____ () C:\Users\Bill\AppData\Roaming\__AvidCloudManagerPrevious.log
2015-09-19 14:42 - 2015-11-21 01:22 - 0012288 _____ () C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-25 11:03 - 2015-10-25 11:03 - 0000036 _____ () C:\Users\Bill\AppData\Local\housecall.guid.cache
2015-10-11 22:37 - 2015-12-30 20:24 - 0007641 _____ () C:\Users\Bill\AppData\Local\Resmon.ResmonCfg
2011-02-03 07:55 - 2011-02-03 07:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-03 07:55 - 2011-02-03 07:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Bill\.REG
C:\Users\Bill\IP_Log_Data.js
C:\Users\Bill\Network_Meter_Data.js

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi

 

LastRegBack: 2015-12-30 07:39

==================== End of FRST.txt ============================

 

 

Thank you much

Attached Files


Edited by Budnarrow, 31 December 2015 - 03:12 PM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,928 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 31 December 2015 - 11:31 AM

Hi Budnarrow :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 31 December 2015 - 02:48 PM

Thank you so much for responding Polskamachina!!  B)   ,

 

I have already run some scans like, Hijack this, Malware bytes, adware cleaner, TSA adware removal tool, MBRcheck, Rkill, Sfc /scannow, Eset, FRST, and then using my System mechanic System shield anti-virus. (system Mechanic works great). then others in the past with another computer with the same problem.

 

So now then here I am starting this Forum post. I have been battling this Malware for a couple, few years now. and am running out of options or knowing what I should do. I understand I am supposed to do what you recommend in the order you recommended it but I am sorry I have been searching forum post after post after post Etc. and have tried to do this myself and am afraid of the worst in that I have a Backdoor, because I have been transferring my documents etc from one computer to the next because of this malware. I am told that viruses only attack the system files. I think I have had this problem since 2010 I am not sure.

 

I have observed that one of the first things to go is the .Msi Installer it gets corrupted and only opens in notepad. I have a TechNet forum post on how to fix it via Regedit import from a good computer. I have been constantly having to fix it because it just reverts back to notepad. like a lot of other things because the original problem hasn't been fixed.

 

I have re-installed windows several, several times and I get the same result; Eldorado. at first the computer works great for awhile and then degrades. it takes a couple of months for it to degrade. the longest I've had a computer last was a year with 7 day uptimes. with my High performance Desktop with Windows 7 Professional. the above report is from my Asus K53ta Notebook computer with Windows 7 Home premium.

 

I am attaching a screenshot example of the Anti-virus results. it is from another computer with practically the same software. when I figure out how to do that.


Edited by Budnarrow, 31 December 2015 - 03:03 PM.


#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,928 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 01 January 2016 - 01:12 AM

Hi Budnarrow :)

I understand I am supposed to do what you recommend in the order you recommended it but I am sorry I have been searching forum post after post after post Etc. and have tried to do this myself and am afraid of the worst in that I have a Backdoor, because I have been transferring my documents etc from one computer to the next because of this malware. I am told that viruses only attack the system files. I think I have had this problem since 2010 I am not sure.

It is important to follow the Bleeping Computer rule of doing only what's recommended. There is a reason certain tools are used and they be used in a specific order. So please relax and give us a chance to help you. If you're really worried that a backdoor has infected your system, disconnect your computer from the internet until we get it squared away. Can you please tell me if this is the first time you've asked for and received assistance with this problem on any malware removal forum?

 

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,928 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 01 January 2016 - 04:18 PM

Hi Budnarrow smile.png

 

In order to get a good overview of the threats to your computer, can you please copy and paste the latest scan log from your antivirus software into your next reply to me?

 

Let me know if you have any questions.

 

polskamachina



#6 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 02 January 2016 - 06:44 PM

Hi Budnarrow :)

I understand I am supposed to do what you recommend in the order you recommended it but I am sorry I have been searching forum post after post after post Etc. and have tried to do this myself and am afraid of the worst in that I have a Backdoor, because I have been transferring my documents etc from one computer to the next because of this malware. I am told that viruses only attack the system files. I think I have had this problem since 2010 I am not sure.

It is important to follow the Bleeping Computer rule of doing only what's recommended. There is a reason certain tools are used and they be used in a specific order. So please relax and give us a chance to help you. If you're really worried that a backdoor has infected your system, disconnect your computer from the internet until we get it squared away. Can you please tell me if this is the first time you've asked for and received assistance with this problem on any malware removal forum?

 

polskamachina

Thank you for responding polskamachina,

I have been busy with the new year.

 

I understand what and why I must do what you recommend, its a process of elimination that we need to go through. I have lately been disconnecting my computer from the internet when I am away from the computer (asleep or away from home) and just leaving the computer on.

This is the first time I have received assistance from any forum posts anywhere. in other forum posts I have mentioned it but nobody responded to it. I have searched the internet and there is almost nothing about an Eldorado virus (four results came up on search engines) and so I am finally here.

 

Thanks.


Edited by Budnarrow, 02 January 2016 - 07:02 PM.


#7 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 02 January 2016 - 06:51 PM

Hi Budnarrow smile.png

 

In order to get a good overview of the threats to your computer, can you please copy and paste the latest scan log from your antivirus software into your next reply to me?

 

Let me know if you have any questions.

 

polskamachina

Hi polskamachina,

 

I will do that when I see this virus again, if my ant-virus does that. like I said System shield removed it. I will scan again. I am thinking of scanning with Eset right now but I think I will wait now.

I just went and un-installed video and graphics drivers and have been having problems with a video software program I think I can get that fixed. I have been needing to un-install and re-install the graphics driver. I had a school tech re-install windows and he put the wrong drivers on the system. so I am having to undo what the tech did, and battle this virus at the same time. I imported into the registry the .Msi Package and Patch and it has remained stable for now I have been trying to narrow that down with a process of elimination.

I also have a IE11 Memory leak that I am trying to fix. and I haven't been very successful at trying to fix it. I have tried to un-install IE11 and go back to the basics and then re-build/update back to IE11. the problem is still there. I am thinking this 'is' from the Eldorado because I have had this also happen before. where the Memory cache gets filled up until the computer crashes. I am thinking it is attacking the .sys, .dll files. because I have been using the WhoCrashed 5.5.1 (i like this program better the Blue screen view. more detailed information) and it has said it was the Audio driver once then it was the video driver. the reason i say this is i have installed windows on my own several times and have installed everything i was supposed to install. and then i get this Eldorado and my audio and video starts to go on the frits. usually the audio. amongst other things.

 

Thanks.


Edited by Budnarrow, 02 January 2016 - 07:02 PM.


#8 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 02 January 2016 - 08:44 PM

Here is my Current System Information as of 1-1-2016 

 

See Attached Attached File  1-1-2016 Sys Info.txt   4.32MB   2 downloads


Edited by Budnarrow, 02 January 2016 - 08:44 PM.


#9 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 02:05 AM

Hi Budnarrow smile.png

 

In order to get a good overview of the threats to your computer, can you please copy and paste the latest scan log from your antivirus software into your next reply to me?

 

Let me know if you have any questions.

 

polskamachina

 

Hi polskamachina,

        the best I can do it post a screen shot of the quarantine history of what System Mechanics System Shield found. I will do that in the next post.

 

Please help!! I just found this Antivirus5 on my Notebook computer. I have no idea how it got there. I have been doing a lot of changes to the computer. un-installing and re-installing drivers and software. and so I went into my C: drive and searched for folders and files that shouldn't be there and sure enough I found this Anti-virus5 folders and it is in my services and process. I searched the internet and found this on the first page of the search:

http://www.bleepingcomputer.com/forums/t/302192/authentiumantivirus5/page-1

in that post he also has system mechanic but apparently he didn't have the system shield also installed. he has the same thing in the same places as I do. with this Anti-virus5. it looks though he was also having crashes. I have gotten rid of the crashes by re-installing drivers and software, I think I have the Memory leak fixed because the memory and the cache are filling up and dropping. I think this is because I have un-installed the affecting programs. problem is, is that I think what ever virus is on the computer it is rearranging deleting and corrupting files. and so I have to keep up with it. (not an easy thing to do when there is a world happening outside). I should note that my computer is slowly becoming more responsive with each action I have been doing.

 

I am going to post screen shots next.


Edited by Budnarrow, 04 January 2016 - 02:45 AM.


#10 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 02:08 AM

Attached File  1-4-2016 Sys Mech Sys Sheild Eldorado virus.JPG   37.56KB   0 downloads

 

JPG]ok here is the screen shot of the System shield Anti-virus Quarantine;



#11 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 02:19 AM

Here is the screenshots of the Anti-virus5 software on my computer;

Attached File  Antivirus5 Services.JPG   40.82KB   0 downloads

Attached File  Anti-virus5 Services task manager.JPG   43.05KB   0 downloads

Attached File  Anti-virus5 c drive.JPG   87.9KB   0 downloads.

 

I disabled the Anti-virus5 Services in the Windows Services and with Msconfig. and I've got to say my computer just a little more responsive. still not done yet though. I would like some help with this please.


Edited by Budnarrow, 04 January 2016 - 02:24 AM.


#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,928 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 04 January 2016 - 02:33 AM

Hi Budnarrow :)

 

I am still working on a response for your latest scans. Thank you for your patience.

Please help!! I just found this Antivirus5 on my Notebook computer.

If your Notebook computer is different than the one that initiated this topic, then please start a new topic for it. I cannot troubleshoot two different computers in the same thread.

 

polskamachina



#13 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 02:40 AM

Hi Budnarrow :)

 

I am still working on a response for your latest scans. Thank you for your patience.

Please help!! I just found this Antivirus5 on my Notebook computer.

If your Notebook computer is different than the one that initiated this topic, then please start a new topic for it. I cannot troubleshoot two different computers in the same thread.

 

polskamachina

ok thank you for responding!

 

I am relieved to read that you are still working on the scans. Thank you much! :bananas:

 

All of what I have been writing about is on my Asus K53ta. it has AMD A6-3400M APU with Radeon graphics (6520g), 500gb HD, 8gb 1666mhz RAM. It has windows 7 Home Premium x64. to be specific. System mechanic professional for repairing and stream lining everything important it works Great!!! and the I have the Comodo firewall.

 

I am running another System shield scan as I write this.

 

I am going to go to sleep I will check up on this as soon as I get a chance.


Edited by Budnarrow, 04 January 2016 - 02:43 AM.


#14 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 01:35 PM

I have done a system shield scan and I know that there are some 150,000 files at least on my computer. this is leading me to believe that it is disabling my anti-virus. I have in the past had system shield get completely disabled and disappears. the notification icon goes MIA and when I open system mechanic it says that system shield has been disabled and then there is nothing I can do to enable it except re-install System mechanic.

Attached File  1-4-2016 Sys Mech Sys Sheild Complete too soon.JPG   69.56KB   0 downloads

 

I should also note that when I started this I has several Access Denied!!, pop ups when I try to open a file or folder. I got that same message when I tried to stop the Anti-virus5 service in task manager.

 

I haven't got much help from iolo the company that makes system mechanic. I have searched there database on viruses and there wasn't anything about it, but yet system mechanic found it O_o . I have in the past tried to contact them about this system mechanic Eldorado Trojan and I was just told to re-install system mechanic. I have just sent a support ticket to iolo. saying I have gotten very frustrated with the System Mechanic Eldorado Trojan. saying that System Mechanics sole purpose was to install the Eldorado Trojan onto my computer, if not is then System Mechanic itself the Eldorado Trojan? I don't really know if that is true. that is the only virus I have ever seen that system shield has found, though. It has been that frustrating.

 

I really want to believe and have faith in System Mechanic Professional I have said to System Mechanic. the reason is there is not other Program out there currently that has all the tools and combined scans that system mechanic does, that I need.


Edited by Budnarrow, 04 January 2016 - 01:47 PM.


#15 Budnarrow

Budnarrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:08:38 PM

Posted 04 January 2016 - 01:56 PM

I just did a sfc /scannow scan again and the same file is corrupted.

Attached File  Sfc -scannow 1-4-2106.JPG   54.88KB   0 downloads

 

here is the results of the scan.

 

Attached File  sfcdetails.txt   42.84KB   5 downloads

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users