Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log


  • This topic is locked This topic is locked
23 replies to this topic

#1 monetary1995

monetary1995

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 15 February 2016 - 09:47 PM

I have an infection that hacked my Facebook an I believe other accounts.  Many of my friends have text, called and emailed me that they are receiving weird message from me.  They may have hacked my customer database on my computer too!  I'm worried about a keylogger.  I have changed my password on all accounts using another computer.  I'm running windows 8.1 64bit
 
I have ran the following programs:
 
rKill
ccleaner
MalwareBytes (two times, first scan detected 371 files with PUP.Optional.MindSpark, I cleaned them up and reran MalwareBytes a second time and it came up clean.
TDSSKiller
JunkRemoval Tool
AdwCleaner
 
I thought I had it cleaned up but something are still quirky on my system therefore I ran HiJackThis.  Please advise, I don't know what else to check...
 
Below is the log file:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:49:16 PM, on 2/15/2016
Platform: Unknown Windows (WinNT 6.03.1408)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Safe mode with network support
Running processes:
c:\program files (x86)\teamviewer\version6\TeamViewer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Users\Deborah J Braich\Documents\zMicroVitalizeCom\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IDrive Background process] "C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe" min
O4 - HKLM\..\Run: [IDrive Tray] "C:\Program Files (x86)\IDriveWindows\id_tray.exe" min
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files (x86)\IDriveWindows\IDrvieEStartup.exe" Hide
O4 - Startup: IDrive Tray.lnk = C:\Program Files (x86)\IDriveWindows\IDriveEReg2ini.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @oem26.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe
O23 - Service: IDriveService - Prosoftnet - C:\Program Files (x86)\IDriveWindows\id_service.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: Sony Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12887 bytes

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 16 February 2016 - 09:03 AM

Hello

Welcome to Bleeping Computer.

My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the Post button in the lower right hand corner of your screen.

Do not start a new topic.

The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 16 February 2016 - 01:29 PM

FRST.txt scan results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016

 

Ran by Deborah J Braich (administrator) on DEBORAH (16-02-2016 13:13:51)

 

Running from C:\Users\Deborah J Braich\Documents\zMicroVitalizeCom\Farbar Recovery Scan Tool from Bleeping Computer

 

Loaded Profiles: Deborah J Braich (Available Profiles: Deborah J Braich)

 

Platform: Windows 8.1 Pro (X64) Language: English (United States)

 

Internet Explorer Version 11 (Default browser: IE)

 

Boot Mode: Normal

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 

() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe

 

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe

 

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

 

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

 

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

 

(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

 

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

 

(Pro Softnet Corporation) C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe

 

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

 

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

 

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

 

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

 

(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe

 

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

 

(Microsoft Corporation) C:\Windows\System32\alg.exe

 

( ) C:\Program Files (x86)\IDriveWindows\IDrivePlugin.exe

 

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

 

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

 

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

 

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

 

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

(Intel Corporation) C:\Windows\System32\igfxEM.exe

 

(Intel Corporation) C:\Windows\System32\igfxHK.exe

 

(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

 

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

 

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

 

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

 

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe

 

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

 

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe

 

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

 

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe

 

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

 

(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe

 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

 

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

 

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

 

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

 

(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe\Solitaire.exe

 

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe

 

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe

 

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)

 

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)

 

HKLM\...\Run: [HP LaserJet 500 color MFP M570 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2012-04-29] (Hewlett-Packard Company)

 

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)

 

HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [68128 2015-02-13] (Prosoftnet)

 

HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1973792 2015-02-13] (Prosoftnet)

 

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2725400 2015-02-05] (Sony Corporation)

 

HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1051168 2014-04-29] (SPAMfighter ApS)

 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)

 

HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)

 

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)

 

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

 

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

 

HKLM-x32\...\Run: [] => [X]

 

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

 

HKU\S-1-5-21-663958580-2713909961-3779307226-1001\...\Run: [IDriveE Startup] => C:\Program Files (x86)\IDriveWindows\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)

 

HKU\S-1-5-21-663958580-2713909961-3779307226-1001\...\MountPoints2: {398e9589-b302-11e4-824b-806e6f6e6963} - "D:\Bin\Assetup.exe"

 

HKU\S-1-5-21-663958580-2713909961-3779307226-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)

 

ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)

 

ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)

 

ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)

 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-02-14]

 

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

Startup: C:\Users\Deborah J Braich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk [2015-02-14]

 

ShortcutTarget: IDrive Tray.lnk -> C:\Program Files (x86)\IDriveWindows\IDriveEReg2ini.exe (Pro Softnet Corp.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 192.168.1.103 NPIA140C8

 

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1

 

Tcpip\..\Interfaces\{A0690B45-CA83-4653-AF78-3327B8619B93}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1

 

Internet Explorer:

 

==================

 

HKU\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-14] (Microsoft Corporation)

 

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-14] (Microsoft Corporation)

 

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-02-14] (Microsoft Corporation)

 

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-15] (Oracle Corporation)

 

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-14] (Microsoft Corporation)

 

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

 

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)

 

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

 

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)

 

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)

 

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)

 

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)

 

FireFox:

 

========

 

FF ProfilePath: C:\Users\Deborah J Braich\AppData\Roaming\Mozilla\Firefox\Profiles\c2c8kjlo.default

 

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

 

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

 

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)

 

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)

 

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)

 

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)

 

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-14] (Microsoft Corporation)

 

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

 

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-14] (Microsoft Corporation)

 

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

 

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

 

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

 

FF Extension: Avira Browser Safety - C:\Users\Deborah J Braich\AppData\Roaming\Mozilla\Firefox\Profiles\c2c8kjlo.default\Extensions\abs@avira.com [2015-02-14] [not signed]

 

 

Chrome:

 

=======

 

CHR StartupUrls: Default -> "hxxps://www.google.com/"

 

CHR Profile: C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default

 

CHR Extension: (Google Slides) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-15]

 

CHR Extension: (Google Docs) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]

 

CHR Extension: (Google Drive) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

 

CHR Extension: (YouTube) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

 

CHR Extension: (Google Search) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]

 

CHR Extension: (Google Sheets) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-15]

 

CHR Extension: (Avira Browser Safety) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-30]

 

CHR Extension: (Google Docs Offline) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]

 

CHR Extension: (Chrome Web Store Payments) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]

 

CHR Extension: (Gmail) - C:\Users\Deborah J Braich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]

 

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

 

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)

 

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()

 

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]

 

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)

 

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)

 

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)

 

R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)

 

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

 

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]

 

R2 IDriveE Service; C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe [158264 2013-05-20] (Pro Softnet Corporation)

 

R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [100896 2015-02-13] (Prosoftnet)

 

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)

 

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)

 

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)

 

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]

 

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)

 

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]

 

R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2014-04-29] (SPAMfighter ApS)

 

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

 

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

 

===================== Drivers (Whitelisted) ==========================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()

 

R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)

 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)

 

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)

 

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488688 2015-02-14] (Broadcom Corporation)

 

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)

 

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

 

S3 ltmodem5; C:\Windows\system32\DRIVERS\ltmdm64.sys [543744 2013-06-18] (Agere Systems)

 

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

 

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

 

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

 

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-16 13:12 - 2016-02-16 13:13 - 00000000 ____D C:\FRST

 

2016-02-15 22:41 - 2016-02-15 22:41 - 00001398 _____ C:\Users\Deborah J Braich\Desktop\New Auto.jpg - Shortcut.lnk

 

2016-02-15 22:40 - 2016-02-15 22:40 - 00001444 _____ C:\Users\Deborah J Braich\Desktop\Brokerage Agreement Home Mtg.pdf - Shortcut.lnk

 

2016-02-15 22:39 - 2016-02-15 22:39 - 00001475 _____ C:\Users\Deborah J Braich\Desktop\HomeMortgages.Com Info - Shortcut.lnk

 

2016-02-15 22:38 - 2016-02-15 22:38 - 00001208 _____ C:\Users\Deborah J Braich\Desktop\Bright Star Agreement.pdf - Shortcut.lnk

 

2016-02-15 17:40 - 2016-02-15 17:40 - 00001202 _____ C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk

 

2016-02-15 17:40 - 2016-02-15 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF

 

2016-02-15 17:40 - 2016-02-15 17:40 - 00000000 ____D C:\Program Files (x86)\Nitro PDF

 

2016-02-15 17:40 - 2015-09-01 08:41 - 00095008 _____ C:\Windows\system32\Primomonnt.dll

 

2016-02-15 09:29 - 2016-02-15 09:29 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Local\OfficeBSCache-MyComputer

 

2016-02-14 23:54 - 2016-02-14 23:58 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Local\Microsoft Help

 

2016-02-14 23:42 - 2016-02-15 12:15 - 00003116 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-663958580-2713909961-3779307226-1001

 

2016-02-14 23:42 - 2016-02-15 12:15 - 00000000 ___RD C:\Users\Deborah J Braich\OneDrive

 

2016-02-14 23:41 - 2016-02-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

 

2016-02-14 23:31 - 2016-02-14 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools

 

2016-02-14 23:27 - 2016-02-14 23:27 - 00000000 ____D C:\Program Files\Microsoft Office 15

 

2016-02-14 22:50 - 2016-02-14 22:51 - 00000000 ____D C:\AdwCleaner

 

2016-02-14 22:40 - 2016-02-14 22:41 - 00240326 _____ C:\TDSSKiller.3.1.0.9_14.02.2016_22.40.04_log.txt

 

2016-02-09 14:34 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

 

2016-02-09 14:34 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

 

2016-02-09 14:34 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

 

2016-02-09 14:34 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

 

2016-02-09 14:34 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

 

2016-02-09 14:34 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

 

2016-02-09 14:34 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

 

2016-02-09 14:34 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

 

2016-02-09 14:14 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll

 

2016-02-09 14:14 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll

 

2016-02-09 14:14 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

 

2016-02-09 14:14 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll

 

2016-02-09 14:14 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

 

2016-02-09 14:14 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll

 

2016-02-09 14:14 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll

 

2016-02-09 14:14 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll

 

2016-02-09 14:14 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll

 

2016-02-09 14:13 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

 

2016-02-09 14:13 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

 

2016-02-09 14:13 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

 

2016-02-09 14:13 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

 

2016-02-09 14:13 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

 

2016-02-09 14:13 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

 

2016-02-09 14:13 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

 

2016-02-09 14:13 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll

 

2016-02-09 14:13 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll

 

2016-02-09 14:13 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

 

2016-02-09 14:13 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

 

2016-02-09 14:13 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll

 

2016-02-09 14:13 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

 

2016-02-09 14:13 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll

 

2016-02-09 14:13 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll

 

2016-02-09 14:13 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

 

2016-02-09 14:13 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll

 

2016-02-09 14:13 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

 

2016-02-09 14:13 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

 

2016-02-09 14:13 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

2016-02-09 14:13 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

 

2016-02-09 14:13 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

 

2016-02-09 14:13 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

 

2016-02-09 14:13 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

 

2016-02-09 14:13 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

 

2016-02-09 14:13 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll

 

2016-02-09 14:13 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll

 

2016-02-09 14:12 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

 

2016-02-09 14:12 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

 

2016-02-09 14:12 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

 

2016-02-09 14:12 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

 

2016-02-09 14:12 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

 

2016-02-09 14:12 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

 

2016-02-09 14:12 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll

 

2016-02-09 14:12 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

 

2016-02-09 14:12 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

 

2016-02-09 14:12 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

 

2016-02-09 14:12 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

 

2016-02-09 14:12 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

 

2016-02-09 14:12 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

 

2016-02-09 14:12 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

 

2016-02-09 14:12 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

 

2016-02-09 14:12 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

 

2016-02-09 14:12 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

 

2016-02-09 14:12 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

 

2016-02-09 14:12 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

 

2016-02-09 14:12 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

 

2016-02-09 14:12 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

 

2016-02-09 14:12 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

 

2016-02-09 14:12 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

 

2016-02-09 14:12 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

 

2016-02-09 14:12 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

 

2016-02-09 14:12 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

 

2016-02-09 14:12 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

 

2016-02-09 14:12 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

 

2016-02-09 14:12 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

 

2016-02-09 14:12 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

 

2016-02-09 14:12 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

 

2016-02-09 14:12 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

 

2016-02-09 14:12 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

 

2016-02-09 14:12 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

 

2016-02-09 14:12 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

 

2016-02-09 14:12 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

 

2016-02-09 14:12 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

 

2016-02-09 14:12 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

 

2016-02-09 14:12 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

 

2016-02-09 14:12 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

 

2016-02-09 14:12 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

 

2016-02-09 14:12 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

 

2016-02-09 14:12 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

 

2016-02-09 14:12 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

 

2016-02-09 14:12 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

 

2016-02-09 14:12 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

 

2016-02-09 14:12 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

2016-02-09 14:12 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

 

2016-02-09 14:12 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll

 

2016-02-09 14:12 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll

 

2016-02-09 14:12 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

 

2016-02-09 14:12 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

 

2016-02-09 14:12 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

 

2016-02-05 01:35 - 2016-02-05 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

 

2016-02-05 01:35 - 2016-02-05 01:35 - 00000000 ____D C:\Program Files\7-Zip

 

2016-02-01 16:39 - 2016-02-01 16:39 - 00132099 _____ C:\Users\Deborah J Braich\Downloads\YearEndSummary.pdf

 

2016-01-30 13:51 - 2016-02-15 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

 

2016-01-30 13:51 - 2016-02-15 22:36 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

 

2016-01-23 17:51 - 2016-01-23 17:51 - 00205561 _____ C:\Users\Deborah J Braich\Downloads\statement (4).pdf

 

2016-01-23 17:35 - 2016-01-23 17:35 - 00210001 _____ C:\Users\Deborah J Braich\Downloads\statement (3).pdf

 

2016-01-18 14:19 - 2016-01-18 14:19 - 00210001 _____ C:\Users\Deborah J Braich\Downloads\statement (2).pdf

 

2016-01-18 14:19 - 2016-01-18 14:19 - 00210001 _____ C:\Users\Deborah J Braich\Downloads\statement (1).pdf

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-16 13:12 - 2015-02-15 07:39 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

2016-02-16 13:11 - 2015-02-14 20:48 - 00000000 ____D C:\Users\Deborah J Braich\Documents\zMicroVitalizeCom

 

2016-02-16 12:48 - 2015-02-12 17:06 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{962997F0-6FCA-489F-B53F-ABA7CE68B05A}

 

2016-02-16 09:17 - 2015-02-12 17:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-663958580-2713909961-3779307226-1001

 

2016-02-16 09:11 - 2015-11-08 15:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

 

2016-02-16 04:12 - 2015-02-15 07:39 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

2016-02-16 04:03 - 2015-02-14 11:49 - 00000000 ____D C:\Program Files (x86)\IDriveWindows

 

2016-02-15 22:44 - 2015-02-14 17:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

 

2016-02-15 22:41 - 2015-04-17 02:31 - 00158720 ___SH C:\Users\Deborah J Braich\Desktop\Thumbs.db

 

2016-02-15 22:37 - 2015-03-18 23:38 - 00000000 ____D C:\ProgramData\Oracle

 

2016-02-15 22:37 - 2015-03-18 23:38 - 00000000 ____D C:\Program Files (x86)\Java

 

2016-02-15 22:36 - 2015-08-29 14:02 - 00000000 ____D C:\Users\Deborah J Braich\.oracle_jre_usage

 

2016-02-15 22:29 - 2015-02-14 19:18 - 00000000 __SHD C:\Users\Deborah J Braich\IntelGraphicsProfiles

 

2016-02-15 22:28 - 2015-04-08 18:56 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics

 

2016-02-15 22:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

 

2016-02-15 22:27 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI

 

2016-02-15 19:39 - 2015-02-14 17:14 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Roaming\TeamViewer

 

2016-02-15 19:01 - 2013-08-22 09:44 - 00545680 _____ C:\Windows\system32\FNTCACHE.DAT

 

2016-02-15 17:40 - 2015-09-01 08:41 - 00000326 _____ C:\Windows\primopdf.ini

 

2016-02-15 11:35 - 2015-02-14 20:46 - 00000000 ____D C:\Users\Deborah J Braich\Documents\Diana's Info

 

2016-02-14 23:42 - 2015-02-12 17:02 - 00000000 ____D C:\Users\Deborah J Braich

 

2016-02-14 23:41 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

 

2016-02-14 23:41 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf

 

2016-02-14 23:27 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

 

2016-02-14 22:40 - 2015-02-12 17:05 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI

 

2016-02-14 20:54 - 2015-09-11 11:19 - 00000000 ____D C:\Windows\Minidump

 

2016-02-14 20:54 - 2015-02-14 18:21 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Local\CrashDumps

 

2016-02-14 20:54 - 2015-02-12 16:57 - 00000000 ____D C:\Windows\Panther

 

2016-02-14 20:37 - 2013-08-22 14:11 - 00000000 ____D C:\Windows\ShellNew

 

2016-02-14 20:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Help

 

2016-02-14 20:37 - 2013-08-22 08:25 - 00000111 _____ C:\Windows\win.ini

 

2016-02-13 04:01 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache

 

2016-02-12 17:37 - 2015-04-08 19:28 - 00000000 ____D C:\Windows\system32\appraiser

 

2016-02-12 17:36 - 2013-08-22 14:11 - 00000000 ____D C:\Program Files\Windows Journal

 

2016-02-12 17:36 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData

 

2016-02-10 16:13 - 2015-02-15 07:39 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

 

2016-02-10 05:31 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

 

2016-02-10 05:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness

 

2016-02-09 14:40 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp

 

2016-02-09 14:37 - 2015-02-14 19:32 - 00000000 ____D C:\Windows\system32\MRT

 

2016-02-09 14:35 - 2015-02-14 19:31 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

2016-02-09 14:11 - 2015-11-10 15:11 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

 

2016-02-09 14:11 - 2015-11-10 15:11 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

 

2016-02-05 17:06 - 2015-02-14 20:46 - 00000000 ____D C:\Users\Deborah J Braich\Documents\DJB

 

2016-02-05 11:25 - 2015-08-31 06:31 - 00001185 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

 

2016-02-05 11:25 - 2015-04-09 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

 

2016-02-05 11:25 - 2015-02-14 18:55 - 00000000 ____D C:\ProgramData\Package Cache

 

2016-02-05 03:10 - 2015-02-14 20:48 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Roaming\Apple Computer

 

2016-02-03 06:13 - 2015-05-14 00:10 - 00000000 ____D C:\Users\Deborah J Braich\AppData\Local\ClassicShell

 

2016-02-02 04:07 - 2015-02-15 07:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

 

2016-02-02 04:07 - 2015-02-15 07:39 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

2016-02-01 21:37 - 2013-08-22 10:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

 

2016-02-01 21:37 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

 

2016-01-18 13:19 - 2015-02-14 17:26 - 00000000 ____D C:\ProgramData\HP

 

 

==================== Files in the root of some directories =======

 

 

2015-02-14 18:57 - 2015-02-14 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

2015-02-14 17:31 - 2015-05-14 01:30 - 0027042 _____ () C:\ProgramData\hpzinstall.log

 

Some files in TEMP:

 

====================

 

C:\Users\Deborah J Braich\AppData\Local\Temp\avgnt.exe

 

C:\Users\Deborah J Braich\AppData\Local\Temp\jre-8u73-windows-au.exe

 

C:\Users\Deborah J Braich\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\system32\winlogon.exe => File is digitally signed

 

C:\Windows\system32\wininit.exe => File is digitally signed

 

C:\Windows\explorer.exe => File is digitally signed

 

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

 

C:\Windows\system32\svchost.exe => File is digitally signed

 

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

 

C:\Windows\system32\services.exe => File is digitally signed

 

C:\Windows\system32\User32.dll => File is digitally signed

 

C:\Windows\SysWOW64\User32.dll => File is digitally signed

 

C:\Windows\system32\userinit.exe => File is digitally signed

 

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

 

C:\Windows\system32\rpcss.dll => File is digitally signed

 

C:\Windows\system32\dnsapi.dll => File is digitally signed

 

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

 

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-12 03:57

 

==================== End of FRST.txt ============================

 

 

Additional.txt scan results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016

 

Ran by Deborah J Braich (2016-02-16 13:14:27)

 

Running from C:\Users\Deborah J Braich\Documents\zMicroVitalizeCom\Farbar Recovery Scan Tool from Bleeping Computer

 

Windows 8.1 Pro (X64) (2015-02-12 22:01:57)

 

Boot Mode: Normal

 

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-663958580-2713909961-3779307226-500 - Administrator - Disabled)

 

Deborah J Braich (S-1-5-21-663958580-2713909961-3779307226-1001 - Administrator - Enabled) => C:\Users\Deborah J Braich

 

Guest (S-1-5-21-663958580-2713909961-3779307226-501 - Limited - Disabled)

 

HomeGroupUser$ (S-1-5-21-663958580-2713909961-3779307226-1004 - Limited - Enabled)

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden

 

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)

 

Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)

 

Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)

 

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

 

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

 

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)

 

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0001 - Asmedia Technology)

 

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)

 

Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)

 

Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden

 

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)

 

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

 

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.33.223.1 - Broadcom Corporation)

 

DocMgr (x32 Version: 100.0.201.000 - Hewlett-Packard) Hidden

 

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)

 

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

 

HP LaserJet 500 color MFP M570 (HKLM-x32\...\{96e58861-a3c4-43cf-9a1a-c13d2cd69b5b}) (Version: 5.0.12229.597 - Hewlett-Packard)

 

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

 

hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden

 

hpbM570DSService (x32 Version: 001.001.07586 - Hewlett-Packard) Hidden

 

HPDXP (x32 Version: 4.5.41.23 - HP) Hidden

 

HPLJ500colorMFPM570 (HKLM-x32\...\{F05A8E43-041F-4066-ADC2-FA9F883B49D6}) (Version: 1.00.0000 - Hewlett-Packard)

 

HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden

 

hppCLJCM2320 (x32 Version: 003.001.00097 - Hewlett-Packard) Hidden

 

hppFaxDrvM570 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden

 

hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden

 

hppM570LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden

 

hppQFolderCM2320 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

 

hppScanToCM2320 (x32 Version: 003.001.00090 - Hewlett-Packard) Hidden

 

hppSendFaxM570 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden

 

hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden

 

hpStatusAlertsM570 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden

 

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

 

IDrive version 3.4.4 Dec 09, 2013 (HKLM-x32\...\IDrive_is1) (Version: 3.4.4 - ProSoftnet Corp)

 

Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden

 

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)

 

Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)

 

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)

 

iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)

 

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

 

LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden

 

MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden

 

MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden

 

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)

 

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)

 

Microsoft OneDrive (HKU\S-1-5-21-663958580-2713909961-3779307226-1001\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)

 

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

 

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden

 

Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden

 

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.4266.1003 - Microsoft Corporation) Hidden

 

PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)

 

PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden

 

PMB_ServiceUploader (x32 Version: 9.2.00 - Sony Corporation) Hidden

 

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

 

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

 

Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.6468 - I.R.I.S.)

 

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)

 

SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)

 

SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden

 

SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.104 - Spamfighter ApS)

 

SPAMfighter (x32 Version: 7.6.104 - Spamfighter ApS) Hidden

 

TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)

 

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)

 

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-663958580-2713909961-3779307226-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {12886438-09DD-4251-BD4F-90C905741BC6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)

 

Task: {2764A5C8-1473-4BA8-AC42-A12E5DE74997} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)

 

Task: {2F39CBE3-85FB-4CA5-BFBE-EA13CE456255} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-15] (Google Inc.)

 

Task: {3BB4F418-B989-4059-96CF-AD568371F472} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-15] (Google Inc.)

 

Task: {3F7AA7D4-AC39-4EE3-8113-EFCC14859BE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

 

Task: {427AD228-09CB-4D4F-BB93-4CEAFB2948B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-14] (Microsoft Corporation)

 

Task: {6EDAE0C7-7AD1-412F-BFF7-C285111D9E06} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

 

Task: {747E2459-1AF3-42E5-9916-BF5440948A37} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

 

Task: {84CDF3FA-83D4-4CDE-91F2-D407E0E571AF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

 

Task: {8774B64E-B7CF-4EA1-9FCC-27FAF11997DE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)

 

Task: {8B476583-D4DB-41DB-8B6E-FA53F8367197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-14] (Microsoft Corporation)

 

Task: {9E0E95BA-BE84-4EA1-B9F9-9CF6F8856330} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

 

Task: {A58F9DE3-F80B-4F25-B26B-2A3229003986} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

 

Task: {BAF48044-FE74-464D-A98C-47430C3D94FF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

 

Task: {BC971C49-1EBC-4E46-91D2-ECA781C0FDF5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

 

Task: {DD21F3BA-6D45-4C5B-8D68-CC8E87CFA3E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-09] (Microsoft Corporation)

 

Task: {E37E7A3E-6AEB-437F-996C-AACD2E6F059F} - System32\Tasks\{CD938E3D-D9A9-49EE-A14B-200A69C01C78} => pcalua.exe -a D:\setup\HPZscr01.exe -d D:\util\CCC -c  -datfile hposcr04.dat -unattended -showdisconnect -nocopytotemp -noreboot

 

Task: {E996C35B-CA78-4833-A39D-6274D6009977} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)

 

Task: {FAF83320-8429-40D9-8AA5-5707EC5AF896} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-663958580-2713909961-3779307226-1001 => C:\Users\Deborah J Braich\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-02-15] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

 

==================== Shortcuts =============================

 

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

 

2016-02-15 17:40 - 2015-09-01 08:41 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll

 

2015-01-21 01:35 - 2015-01-21 01:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

 

2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

 

2015-02-14 18:55 - 2014-01-27 22:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe

 

2015-02-14 18:56 - 2014-04-24 01:29 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe

 

2014-07-30 14:27 - 2014-02-18 23:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll

 

2016-02-14 23:27 - 2015-08-16 00:21 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

 

2016-02-14 23:31 - 2016-02-14 23:31 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

 

2015-02-14 11:49 - 2015-01-27 19:16 - 00582656 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll

 

2015-02-14 11:49 - 2015-01-27 19:18 - 00226816 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll

 

2015-02-14 18:55 - 2016-02-15 22:28 - 00040592 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll

 

2015-02-14 18:55 - 2014-01-27 22:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll

 

2014-04-29 23:38 - 2014-04-29 23:38 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll

 

2014-04-29 23:38 - 2014-04-29 23:38 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll

 

2014-03-20 14:43 - 2014-03-20 14:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

 

2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

2015-01-21 01:35 - 2015-01-21 01:35 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

 

2015-10-19 04:19 - 2015-10-19 04:19 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll

 

2016-02-14 04:02 - 2016-02-14 04:02 - 00352256 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\dc30b560fe0e17e1467a8eb144076a58\Arkadium.CdnModule.ni.dll

 

2015-10-18 08:20 - 2015-10-18 08:20 - 02122752 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\8a38c96b934253fd8c9153f98510198e\Arkadium.DailyChallengeModule.ni.dll

 

2015-10-18 08:20 - 2015-10-18 08:20 - 00971776 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi3ea2618e#\00b2805238e91672c834eb4c93396019\Arkadium.Win8.PuzzleMode.ni.dll

 

2015-10-18 08:20 - 2015-10-18 08:20 - 00351744 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\UpsellModule\6df1c8dcdd641d1f7385516b690249f4\UpsellModule.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 01131008 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\72dff8d45b73e9b02b3838d29765607a\Windows.ApplicationModel.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\8ddd8ad15fe3fb05a871ef0115fb84e2\Windows.UI.ni.dll

 

2015-10-18 08:21 - 2015-10-18 08:21 - 00038400 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi82189356#\d62a5250f0d53b33fa82b6d1774f145a\Arkadium.Win8.MediaPlayer.ni.dll

 

2015-10-18 08:20 - 2015-10-18 08:20 - 00122880 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\61b84faef5b1585aa53216fc7c1bbfdd\Arkadium.ApplicationFramework.ni.dll

 

2015-10-18 08:21 - 2015-10-18 08:21 - 00175104 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\947bc177d7d32ce0b9bd31941112aead\Arkadium.AchievementsModule.ni.dll

 

2015-10-18 08:21 - 2015-10-18 08:21 - 00264704 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\e2247bc1da20fe9074cbc771ffb2f1e4\Arkadium.AwardsModule.ni.dll

 

2015-10-18 08:21 - 2015-10-18 08:21 - 00375808 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\60adf427c9b46e9c4d54ada040726e6b\Arkadium.LeaderboardModule.ni.dll

 

2016-02-14 04:02 - 2016-02-14 04:02 - 00302592 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\365dc126895a3af0f62b7aa0b9038c53\Arkadium.WindowsStoreModule.ni.dll

 

2015-10-18 08:21 - 2015-10-18 08:21 - 00459776 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\0752b7be78a46a7da3727766c67c927d\Arkadium.Advertisement.ni.dll

 

2015-10-18 08:22 - 2015-10-18 08:22 - 00167936 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.NewsModule\56bd528344373df069bb3d7387c7feb6\Arkadium.NewsModule.ni.dll

 

2015-10-18 08:22 - 2015-10-18 08:22 - 00213504 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.A51f62115#\e871f66ad7d1f8ed8040b44dd39d0e21\Microsoft.Advertising.ni.dll

 

2015-10-18 08:22 - 2015-10-18 08:22 - 00128512 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\8b992ab2a468f57a2b5d74a24488d4cc\Arkadium.Xaml.Toolkit.ni.dll

 

2015-10-18 08:22 - 2015-10-18 08:22 - 00215040 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CustomProgr3d91ab4c#\02da9ad5255580a5f6e1b93d7395dc8c\CustomProgressControl.ni.dll

 

2015-09-17 03:18 - 2015-09-17 03:18 - 03725488 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe\UniversalXamlAdControl.Windows.dll

 

2015-10-18 08:22 - 2015-10-18 08:22 - 00483840 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\f0522b4201b915706b80d7aef964816b\Microsoft.Xbox.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\7abff64c7c1ea1fae5bd170c8238b73e\Windows.Storage.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00799232 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll

 

2015-10-18 08:23 - 2015-10-18 08:23 - 00196608 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MicroStudioe45cbf8f#\95ace85663a7cb2781b36e6205a67847\MicroStudios.HouseAdController.ni.dll

 

2016-02-14 04:02 - 2016-02-14 04:02 - 00337408 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\FlurryWin8SDK\9ade7e155931e912f527e0d20014aa85\FlurryWin8SDK.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00133120 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\c639835fe3da556a2cbe2e03540996c0\Windows.System.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00402432 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ae4a1bf110c1a12f619514bde2b27939\Windows.Security.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\4764145200fcd33a90ced1505892fce6\Windows.Devices.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00304128 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\eff020aac8737300c74dee47a69c9bbf\Windows.Graphics.ni.dll

 

2015-10-18 08:23 - 2015-10-18 08:23 - 00041984 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\fd81db4e0278d977a5d92f8ad39d6fb0\Microsoft.Games.Sentient.ni.dll

 

2015-02-14 18:48 - 2015-02-14 18:48 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\98644a649e9bf9e880f2e97889501b07\Windows.Data.ni.dll

 

2015-10-18 08:23 - 2015-10-18 08:23 - 00012800 _____ () C:\Users\Deborah J Braich\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\74f2e0752cef7470353124986dfc617e\Arkadium.SharpDXEngine.AudioLoader.ni.dll

 

2015-02-14 17:40 - 2015-02-14 17:40 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2015-03-02 17:04 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts

 

192.168.1.103 NPIA140C8

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-663958580-2713909961-3779307226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deborah J Braich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

 

DNS Servers: 71.10.216.1 - 71.10.216.2

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

 

Windows Firewall is enabled.

 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

(Currently there is no automatic fix for this section.)

 

 

HKLM\...\StartupApproved\Run: => "HP Color LaserJet CM2320 MFP Series Fax"

 

 

==================== FirewallRules (Whitelisted) ===============

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

 

FirewallRules: [{68CA1F56-880B-4598-B36F-5DC1606792B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

 

FirewallRules: [{CD4982B8-0945-469D-A066-1D79BAEE57FF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

 

FirewallRules: [{74982F1F-4E88-4340-B455-C4416A86E2D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

 

FirewallRules: [{F7817874-5663-4860-93CD-4136C6D42D92}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

 

FirewallRules: [{59C85E99-E755-4B9A-B546-016B7D3950D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

 

FirewallRules: [{AED04815-2291-4303-A09B-71B3F95E51E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

 

FirewallRules: [{1649AEF2-A5E8-4B6F-8BE1-3EBB10B56705}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

 

FirewallRules: [{058974F5-D61B-4037-97D1-AA376C5F64D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

 

FirewallRules: [{8A4B168A-AFFB-4CA3-88DB-D4F5D4EBD5E1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

 

FirewallRules: [{B7CF9371-D473-4660-B476-16C09D6D2A33}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

 

FirewallRules: [{E17B7931-1844-4B07-B98B-C24D27BDF5B8}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

 

FirewallRules: [{AC75A8D3-3E46-4749-9678-7DE107B449A3}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe

 

FirewallRules: [{A01F8895-35D9-4AB4-8DE9-A1215144DFE9}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe

 

FirewallRules: [{47AFA661-2A42-4A6B-9B73-8F661ECD899B}] => (Allow) %systemroot%\system32\alg.exe

 

FirewallRules: [{38DBC7D6-7542-4B97-A3D2-F4B14E6F9822}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 500 color MFP M570\bin\FaxApplications.exe

 

FirewallRules: [{7C5574F6-370B-40BC-86AF-650E48DDE6ED}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 500 color MFP M570\bin\DigitalWizards.exe

 

FirewallRules: [{3BE9C318-D0ED-4AC7-A23C-15BC99B94E2C}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 500 color MFP M570\Bin\HPNetworkCommunicator.exe

 

FirewallRules: [{043D4436-A6C4-4964-BB02-42071611AABF}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 500 color MFP M570\bin\EWSProxy.exe

 

FirewallRules: [{842BAD0C-C4DB-449B-8966-FB79D1175DB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

 

FirewallRules: [{5390E2A1-F5FB-4A7A-8B77-A7DB7185E56C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

 

FirewallRules: [{1B798AED-AADE-4075-8BFA-0E55EA8B8A90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

 

FirewallRules: [{E4CFAC0C-6C85-47E0-940F-57172DE1C76C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

 

FirewallRules: [{D0ECA842-D304-4B39-A701-1A15989966C7}] => (Allow) C:\Program Files\iTunes\iTunes.exe

 

FirewallRules: [{514021A5-FC32-42FC-9607-315BAE5B1357}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

FirewallRules: [{F9DDC34B-1380-4AF3-8CFE-6FA23EAC45D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

 

FirewallRules: [{0EE76190-4376-4B47-91C9-82DF4892BC9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

 

FirewallRules: [{D649B75E-5B12-4EA2-8152-B66B73139363}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

 

FirewallRules: [{CB22F6B8-0BF2-4BFE-A7D4-2464FA8E2280}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

 

FirewallRules: [{390931B8-607C-4C77-B24E-43C5B8A4CD69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

 

FirewallRules: [{E3DDF5BB-8678-429A-8FB2-EBC98FDF5AD3}] => (Allow) C:\Users\Deborah J Braich\AppData\Local\Microsoft\OneDrive\OneDrive.exe

 

 

==================== Restore Points =========================

 

 

05-02-2016 05:17:33 Scheduled Checkpoint

 

09-02-2016 14:32:13 Windows Update

 

14-02-2016 20:36:39 Removed Microsoft Office Professional Edition 2003

 

14-02-2016 22:41:40 JRT Pre-Junkware Removal

 

14-02-2016 23:06:41 JRT Pre-Junkware Removal

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

 

==================

 

Error: (02/16/2016 12:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

Error: (02/16/2016 10:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (02/16/2016 10:12:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.MicrosoftJigsaw_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

Error: (02/16/2016 09:11:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: Deborah)

 

Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (02/16/2016 08:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

Error: (02/16/2016 06:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (02/16/2016 04:53:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

Error: (02/16/2016 02:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (02/16/2016 12:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

Error: (02/15/2016 10:42:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deborah)

 

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

 

=============

 

Error: (02/16/2016 12:41:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

 

Error: (02/16/2016 08:23:20 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

 

 

Error: (02/16/2016 04:11:20 AM) (Source: DCOM) (EventID: 10010) (User: Deborah)

 

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (02/15/2016 10:27:10 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Error: (02/15/2016 10:26:51 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (02/15/2016 10:25:31 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Error: (02/15/2016 10:25:17 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (02/15/2016 10:22:32 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Error: (02/15/2016 10:14:56 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (02/15/2016 10:12:32 PM) (Source: DCOM) (EventID: 10005) (User: Deborah)

 

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

CodeIntegrity:

 

===================================

 

  Date: 2015-04-08 00:39:33.054

 

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

  Date: 2015-04-08 00:39:32.966

 

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-07 20:47:48.819

 

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

  Date: 2015-04-07 20:47:48.694

 

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-19 02:43:14.487

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2015-03-19 02:43:14.425

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-19 02:43:14.331

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2015-03-19 02:43:14.269

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-19 02:43:14.159

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2015-03-19 02:43:14.097

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

 

Processor: Intel® Core™ i3-4370 CPU @ 3.80GHz

 

Percentage of memory in use: 18%

 

Total physical RAM: 16259.68 MB

 

Available physical RAM: 13272.91 MB

 

Total Virtual: 18691.68 MB

 

Available Virtual: 14992.56 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:232.88 GB) (Free:155.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]

 

Drive e: () (Fixed) (Total:232.88 GB) (Free:173.08 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 6F736F73)

 

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

 

========================================================

 

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E4921AC5)

 

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

 

==================== End of Addition.txt ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 16 February 2016 - 01:41 PM

I see nothing left in your logs to indicate an existing infection. You may have already cleaned it out.

 

img=http://i.imgur.com/ZN3USrZ.png] Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 16 February 2016 - 02:38 PM

Great, I sure hope it's clean...

 

Here are the results:

 

Emsisoft Emergency Kit - Version 11.0

Last update: 2/16/2016 2:23:21 PM

User account: Deborah\Deborah J Braich

 

Scan settings:

 

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

 

Scan start: 2/16/2016 2:29:48 PM

 

Scanned 85330

Found 0

Scan end: 2/16/2016 2:35:55 PM

Scan time: 0:06:07



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 16 February 2016 - 04:34 PM

Please run Malwarebytes one more time and post the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 16 February 2016 - 07:58 PM

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2/16/2016

Scan Time: 6:24 PM

Logfile: 2-16-16.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.02.16.07

Rootkit Database: v2016.02.08.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Deborah J Braich

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 584226

Time Elapsed: 1 hr, 32 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 17 February 2016 - 01:34 PM

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 17 February 2016 - 02:28 PM

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Deborah J Braich [Administrator]
Started from : C:\Users\Deborah J Braich\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/17/2016 14:17:30
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] id_service.exe(1456) -- C:\Program Files (x86)\IDriveWindows\id_service.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 9 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Fighters -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet001\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet002\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\FIGHTERtools.lnk [LNK@] C:\PROGRA~2\Fighters\FIGHTE~1 -> Found
[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPAMfighter.lnk [LNK@] C:\PROGRA~2\Fighters\SPAMFI~1\spamcfg.exe -> Found
[PUP][Folder] C:\Program Files (x86)\Fighters -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS +++++
--- User ---
[MBR] 14ccc6e21060868146ae859ed76ae199
[BSP] 8877c675c15ea3667ca8f17c15c453b7 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3250620AS +++++
--- User ---
[MBR] 09b39656287f89f95fab4b06664f3b3a
[BSP] 95c80f5dc54320d1f977efe916bb0249 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


#10 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 17 February 2016 - 02:30 PM

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software

 

mail : http://www.adlice.com/contact/

 

Feedback : http://forum.adlice.com

 

Website : http://www.adlice.com/software/roguekiller/

 

Blog : http://www.adlice.com

 

 

Operating System : Windows 8.1 (6.3.9600) 64 bits version

 

Started in : Normal mode

 

User : Deborah J Braich [Administrator]

 

Started from : C:\Users\Deborah J Braich\Desktop\RogueKiller.exe

 

Mode : Scan -- Date : 02/17/2016 14:17:30

 

 

¤¤¤ Processes : 1 ¤¤¤

 

[VT.Unknown] id_service.exe(1456) -- C:\Program Files (x86)\IDriveWindows\id_service.exe[7] -> Killed [TermProc]

 

 

¤¤¤ Registry : 9 ¤¤¤

 

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Fighters -> Found

 

[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet001\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found

 

[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet002\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found

 

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

 

¤¤¤ Tasks : 0 ¤¤¤

 

 

¤¤¤ Files : 3 ¤¤¤

 

[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\FIGHTERtools.lnk [LNK@] C:\PROGRA~2\Fighters\FIGHTE~1 -> Found

 

[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPAMfighter.lnk [LNK@] C:\PROGRA~2\Fighters\SPAMFI~1\spamcfg.exe -> Found

 

[PUP][Folder] C:\Program Files (x86)\Fighters -> Found

 

 

¤¤¤ Hosts File : 0 ¤¤¤

 

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

 

 

¤¤¤ Web browsers : 0 ¤¤¤

 

 

¤¤¤ MBR Check : ¤¤¤

 

+++++ PhysicalDrive0: ST3250318AS +++++

 

--- User ---

 

[MBR] 14ccc6e21060868146ae859ed76ae199

 

[BSP] 8877c675c15ea3667ca8f17c15c453b7 : Windows XP|VT.Unknown MBR Code

 

Partition table:

 

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]

 

User = LL1 ... OK

 

User = LL2 ... OK

 

 

+++++ PhysicalDrive1: ST3250620AS +++++

 

--- User ---

 

[MBR] 09b39656287f89f95fab4b06664f3b3a

 

[BSP] 95c80f5dc54320d1f977efe916bb0249 : Windows Vista/7/8|VT.Unknown MBR Code

 

Partition table:

 

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

 

User = LL1 ... OK

 

Error reading LL2 MBR! ([1] Incorrect function. )



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 17 February 2016 - 04:22 PM

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the Delete button.
    • When the Status box shows "Deleting Finished", click the "Report" button to show the log.
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 17 February 2016 - 05:02 PM

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software

 

 

 

 

mail : http://www.adlice.com/contact/

 

 

 

 

Feedback : http://forum.adlice.com

 

 

 

 

Website : http://www.adlice.com/software/roguekiller/

 

 

 

 

Blog : http://www.adlice.com

 

 

 

 

 

 

Operating System : Windows 8.1 (6.3.9600) 64 bits version

 

 

 

 

Started in : Normal mode

 

 

 

 

User : Deborah J Braich [Administrator]

 

 

 

 

Started from : C:\Users\Deborah J Braich\Desktop\RogueKiller.exe

 

 

 

 

Mode : Scan -- Date : 02/17/2016 14:17:30

 

 

 

 

 

 

¤¤¤ Processes : 1 ¤¤¤

 

 

 

 

[VT.Unknown] id_service.exe(1456) -- C:\Program Files (x86)\IDriveWindows\id_service.exe[7] -> Killed [TermProc]

 

 

 

 

 

 

¤¤¤ Registry : 9 ¤¤¤

 

 

 

 

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Fighters -> Found

 

 

 

 

[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet001\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found

 

 

 

 

[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_9F74\ControlSet002\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Found

 

 

 

 

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

 

 

 

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

 

 

 

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

 

 

 

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

 

 

 

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

 

 

 

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

 

 

 

 

 

¤¤¤ Tasks : 0 ¤¤¤

 

 

 

 

 

 

¤¤¤ Files : 3 ¤¤¤

 

 

 

 

[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\FIGHTERtools.lnk [LNK@] C:\PROGRA~2\Fighters\FIGHTE~1 -> Found

 

 

 

 

[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPAMfighter.lnk [LNK@] C:\PROGRA~2\Fighters\SPAMFI~1\spamcfg.exe -> Found

 

 

 

 

[PUP][Folder] C:\Program Files (x86)\Fighters -> Found

 

 

 

 

 

 

¤¤¤ Hosts File : 0 ¤¤¤

 

 

 

 

 

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

 

 

 

 

 

 

¤¤¤ Web browsers : 0 ¤¤¤

 

 

 

 

 

 

¤¤¤ MBR Check : ¤¤¤

 

 

 

 

+++++ PhysicalDrive0: ST3250318AS +++++

 

 

 

 

--- User ---

 

 

 

 

[MBR] 14ccc6e21060868146ae859ed76ae199

 

 

 

 

[BSP] 8877c675c15ea3667ca8f17c15c453b7 : Windows XP|VT.Unknown MBR Code

 

 

 

 

Partition table:

 

 

 

 

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]

 

 

 

 

User = LL1 ... OK

 

 

 

 

User = LL2 ... OK

 

 

 

 

 

 

+++++ PhysicalDrive1: ST3250620AS +++++

 

 

 

 

--- User ---

 

 

 

 

[MBR] 09b39656287f89f95fab4b06664f3b3a

 

 

 

 

[BSP] 95c80f5dc54320d1f977efe916bb0249 : Windows Vista/7/8|VT.Unknown MBR Code

 

 

 

 

Partition table:

 

 

 

 

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

 

 

 

 

User = LL1 ... OK

 

 

 

 

Error reading LL2 MBR! ([1] Incorrect function. )


I posted the RougeKiller report info again...



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 17 February 2016 - 05:06 PM

Hello, When you ran Roguekiller again did you click the delete button after it did its initial scan? Im not seeing where you deleted those in this log?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 monetary1995

monetary1995
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 17 February 2016 - 06:26 PM

I reran the RougeKiller and deleted the items...

 

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Deborah J Braich [Administrator]
Started from : C:\Users\Deborah J Braich\Desktop\RogueKiller.exe
Mode : Delete -- Date : 02/17/2016 18:19:55

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Fighters -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6282\ControlSet001\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6282\ControlSet002\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\FIGHTERtools.lnk [LNK@] C:\PROGRA~2\Fighters\FIGHTE~1 -> Deleted
[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPAMfighter.lnk [LNK@] C:\PROGRA~2\Fighters\SPAMFI~1\spamcfg.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Fighters -> Removed at reboot [91]
[PUP][File] C:\Program Files (x86)\Fighters\FighterLauncher.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Fighters\FighterSuiteService.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Fighters\FIGHTERtools -> ERROR [5]
[PUP][Folder] C:\Program Files (x86)\Fighters\Languages -> ERROR [5]
[PUP][File] C:\Program Files (x86)\Fighters\LogFilesCollector.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Fighters\MachineId.exe -> Deleted
[PUP][File] C:\Program Files (x86)\Fighters\MachineIdGateway.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Fighters\sfhtml.dll -> Deleted
[PUP][File] C:\Program Files (x86)\Fighters\ShortcutLauncher.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\Fighters\SPAMfighter -> ERROR [5]
[PUP][Folder] C:\Program Files (x86)\Fighters\Tray -> ERROR [5]

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS +++++
--- User ---
[MBR] 14ccc6e21060868146ae859ed76ae199
[BSP] 8877c675c15ea3667ca8f17c15c453b7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3250620AS +++++
--- User ---
[MBR] 09b39656287f89f95fab4b06664f3b3a
[BSP] 95c80f5dc54320d1f977efe916bb0249 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

 



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:44 PM

Posted 19 February 2016 - 02:43 PM

 

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Fighters -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6282\ControlSet001\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6282\ControlSet002\Services\SPAMfighter Update Service ("C:\Program Files\Fighters\SPAMfighter\sfus.exe") -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-663958580-2713909961-3779307226-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected

I see these were not selected. please run Roguekiller again and delete those


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users