Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvcs.exe Alert - Looks to be a Trojan


  • Please log in to reply
17 replies to this topic

#1 Mathalete

Mathalete

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 19 October 2016 - 12:21 AM

A hacker accessed my e-mail and PayPal accounts.  I have since set up stronger passwords and double security protocols.

 

I want to make sure my computer is safe.  My computer runs Windows 10 Professional.  I am running Malwarebytes and ESET for security.

 

Here are the logs

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Brian (administrator) on BLACKBOX-PC (19-10-2016 00:08:59)
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Melissa & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Trend Micro Inc.) C:\Users\Brian\AppData\Local\Temp\HouseCall32\housecall.bin
(Trend Micro Inc.) C:\Users\Brian\AppData\Local\Temp\HouseCall32\HouseCallX_x86\HouseCallX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 

==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-16] (CANON INC.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE [136600 2010-03-11] (Corel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-07-24] (Glarysoft Ltd)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-17] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BootExecute: autocheck autochk * 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.100.254 142.161.2.155
Tcpip\..\Interfaces\{B238EB98-0343-4B51-8770-7D6D62E06A55}: [DhcpNameServer] 10.3.21.1
Tcpip\..\Interfaces\{fe6a2386-2199-45a6-aace-9222e069a817}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{fff48b7e-ab54-4c1b-9dea-982bee32449f}: [DhcpNameServer] 192.168.100.254 142.161.2.155
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: PDFsam Enhanced Helper -> {6401BC8F-9AD0-430B-BF2C-2A34B0E98466} -> C:\Program Files (x86)\PDFsam Enhanced\creator-ie-helper.dll [2015-11-11] (Andrea Vacondio)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-11-27] (SMART Technologies ULC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
Toolbar: HKLM-x32 - PDFsam Enhanced Toolbar - {AD42CFE2-C0AD-487E-8224-C2AEF09F4CEB} - C:\Program Files (x86)\PDFsam Enhanced\creator-ie-plugin.dll [2015-11-11] (Andrea Vacondio)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: cd9igrrc.default
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default [2016-10-17]
FF user.js: detected! => C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\user.js [2015-08-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cd9igrrc.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\cd9igrrc.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cd9igrrc.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\cd9igrrc.default -> about:home
FF Extension: (iCloud Bookmarks) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\firefoxdav@icloud.com [2015-06-08]
FF Extension: (leethax.net extension) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\leethax@leethax.net.xpi [2015-06-21] [not signed]
FF Extension: (Garmin Communicator) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-08]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-06-14]
FF Extension: (AddThis) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2016-01-16]
FF Extension: (Video DownloadHelper) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-10]
FF Extension: (Flash and Video Download) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-01-16]
FF HKLM\...\Firefox\Extensions: [pdfsam_enhanced_conv@pdfsam.com] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension
FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-05-01] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2015-11-11] (Andrea Vacondio)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-09-01]
 
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325882&octid=EB_ORIGINAL_CTID&ISID=34801A5D-0145-457B-9AE7-A80EEEFD88A8&SearchSource=55&CUI=&UM=6&UP=SPB1BA5502-0787-4FC7-AE72-DD3ADBD2AA8F&SSPV="
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (MagicScroll Web Reader) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecldhagehndokdmaiaigoaecbmbnmfkc [2015-10-29]
CHR Extension: (Video Downloader professional) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-24]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Readium) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-08-17]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn [2015-06-14]
CHR Extension: (iCloud Bookmarks) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SuperSorter) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-01-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-18]
CHR Extension: (Chrono Download Manager) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2016-09-04]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2016-09-29]
CHR Extension: (cookies.txt) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\njabckikapfpffapmjgojcnbfjonfjfg [2016-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Simple EPUB Reader) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2015-10-29]
CHR Extension: (FastestTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag [2016-03-30] [UpdateUrl: hxxp://kwizzu.com/fastesttube/chrome/update.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-20]
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-10-17]
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 bgsvcgen; C:\Windows\SysWOW64\bgsvcgen.exe [139264 2015-01-01] (SOURCENEXT) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2779136 2016-10-07] (ESET)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [23552 2016-09-20] (sonarr.tv) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-31] (Electronic Arts)
S4 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2318912 2015-11-11] (Andrea Vacondio)
S4 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2015-11-11] (Andrea Vacondio)
S4 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2015-11-11] (Andrea Vacondio)
S4 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
S3 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2013-11-22] (SMART Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [93184 2016-07-29] (Code Sector) [File not signed]
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [186368 2015-05-04] (Golden Frog, GmbH.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [263296 2016-10-07] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 epfwwfpr; C:\WINDOWS\System32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-08] (Glarysoft Ltd)
R3 hcw89; C:\WINDOWS\system32\DRIVERS\hcw89.sys [1605760 2013-03-28] (Hauppauge Computer Works, Inc.)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [10240 2013-11-04] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2013-11-04] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\WINDOWS\System32\drivers\SMARTVTabletPCx64.sys [22184 2013-11-04] (SMART Technologies ULC)
R3 tapvyprvpn; C:\WINDOWS\System32\drivers\tapvyprvpn.sys [44896 2014-12-16] (The OpenVPN Project)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-19 00:07 - 2016-10-19 00:07 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-10-19 00:06 - 2016-10-19 00:06 - 00987840 _____ C:\Users\Brian\AppData\Local\census.cache
2016-10-19 00:05 - 2016-10-19 00:05 - 00016148 _____ C:\WINDOWS\system32\BLACKBOX-PC_Brian_HistoryPrediction.bin
2016-10-19 00:04 - 2016-10-19 00:04 - 01519172 _____ C:\Users\Brian\AppData\Local\ars.cache
2016-10-18 23:57 - 2016-10-18 23:57 - 00000010 _____ C:\Users\Brian\AppData\Local\sponge.last.runtime.cache
2016-10-18 23:45 - 2016-10-18 23:45 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-10-18 23:45 - 2016-10-18 23:45 - 00000000 ____D C:\ProgramData\Trend Micro
2016-10-18 23:40 - 2016-10-18 23:40 - 02105760 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HousecallLauncher.exe
2016-10-18 23:38 - 2016-10-18 23:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.exe
2016-10-18 23:34 - 2016-10-18 23:34 - 02527376 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HousecallLauncher64.exe
2016-10-18 23:34 - 2016-10-18 23:34 - 00000036 _____ C:\Users\Brian\AppData\Local\housecall.guid.cache
2016-10-18 23:31 - 2016-10-18 23:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-10-18 23:26 - 2016-10-18 23:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-18 22:34 - 2016-10-18 23:31 - 177912864 _____ (Kaspersky Lab) C:\Users\Brian\Downloads\kis17.0.0.611en_10743.exe
2016-10-18 20:43 - 2016-10-18 20:44 - 00000000 ___HD C:\$SysReset
2016-10-18 00:06 - 2016-10-18 23:39 - 00002660 _____ C:\Users\Brian\Desktop\Rkill.txt
2016-10-17 23:57 - 2016-10-19 00:09 - 00035478 _____ C:\Users\Brian\Desktop\FRST.txt
2016-10-17 23:57 - 2016-10-19 00:08 - 00000000 ____D C:\FRST
2016-10-17 23:56 - 2016-10-18 22:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-10-17 23:55 - 2016-10-17 23:55 - 00000000 ____D C:\WINDOWS\pss
2016-10-17 23:52 - 2016-10-17 23:53 - 02407424 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2016-10-17 23:13 - 2016-10-17 23:47 - 00000000 ____D C:\Users\Brian\Doctor Web
2016-10-17 23:01 - 2016-10-17 23:13 - 00000000 ____D C:\AdwCleaner
2016-10-17 18:36 - 2016-10-17 18:36 - 00000000 ____D C:\Users\Brian\AppData\Roaming\SUPERAntiSpyware.com
2016-10-17 18:35 - 2016-10-17 18:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-10-17 18:35 - 2016-10-17 18:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-10-17 18:35 - 2016-10-17 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-10-13 22:24 - 2016-10-13 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-10 13:30 - 2016-10-10 13:30 - 00074352 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-10-10 13:30 - 2016-10-10 13:30 - 00074352 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-10-10 13:30 - 2016-10-10 13:30 - 00074352 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-10-10 13:30 - 2016-10-10 13:30 - 00038000 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-10-09 23:23 - 2016-10-18 22:33 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DD21D757-5F78-49DD-905A-BEA6C49E71D4
2016-10-09 23:23 - 2016-10-09 23:23 - 00003638 _____ C:\WINDOWS\System32\Tasks\cpwq
2016-10-09 23:23 - 2016-10-09 23:23 - 00001725 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
2016-10-09 23:23 - 2016-10-09 23:23 - 00000000 __SHD C:\Users\Brian\cpwq
2016-10-09 23:23 - 2015-07-10 06:01 - 00045216 ___SH (Microsoft Corporation) C:\Users\Brian\RegSvcs.exe
2016-10-09 23:22 - 2016-10-09 23:22 - 00000000 ____D C:\Program Files (x86)\Code Sector
2016-09-20 22:10 - 2016-09-20 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-09-20 22:02 - 2016-09-20 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-20 22:02 - 2016-09-20 22:02 - 00000000 ____D C:\Program Files\iTunes
2016-09-20 22:02 - 2016-09-20 22:02 - 00000000 ____D C:\Program Files\iPod
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-19 00:07 - 2014-12-31 00:39 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2016-10-19 00:07 - 2014-12-30 03:50 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-18 23:47 - 2014-12-31 01:12 - 00000466 _____ C:\WINDOWS\BRWMARK.INI
2016-10-18 23:42 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-18 23:39 - 2014-12-30 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-18 23:38 - 2015-01-10 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-18 23:38 - 2014-12-30 03:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-18 23:38 - 2014-12-30 03:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-18 23:28 - 2015-01-10 16:25 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-18 23:27 - 2016-07-24 15:07 - 00000000 ___DC C:\WINDOWS\Panther
2016-10-18 23:27 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-10-18 23:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-10-18 23:20 - 2015-12-10 21:15 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d133b9cab7be51.job
2016-10-18 23:18 - 2016-02-02 20:08 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d15e1f5b4913c4.job
2016-10-18 23:18 - 2015-05-14 22:07 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ebc53bb208e.job
2016-10-18 23:13 - 2015-12-04 03:08 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d12e6afd396a2b.job
2016-10-18 23:13 - 2015-09-14 21:07 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0ef5b51912fc2.job
2016-10-18 23:13 - 2015-07-15 18:13 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf53d720c385.job
2016-10-18 23:12 - 2016-05-10 16:13 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1ab00c464f8de.job
2016-10-18 23:12 - 2015-09-07 18:08 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e9c2cf8044b.job
2016-10-18 23:12 - 2015-02-06 18:02 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04260f3d5ef6e.job
2016-10-18 22:43 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-18 22:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-18 22:36 - 2014-12-31 05:00 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35802120-629E-4FC5-9341-662EA9810299}
2016-10-18 22:36 - 2014-12-30 03:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe
2016-10-18 22:32 - 2016-07-24 12:11 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-18 22:32 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-10-18 22:31 - 2014-12-30 04:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-10-18 22:29 - 2016-05-10 16:13 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1ab00c4052566.job
2016-10-18 22:29 - 2016-02-02 20:08 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15e1f5aef0b92.job
2016-10-18 22:29 - 2015-12-10 21:15 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d133b9ca0ebc9d.job
2016-10-18 22:29 - 2015-12-04 03:08 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12e6afccee6fc.job
2016-10-18 22:29 - 2015-09-14 21:07 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef5b51345a17.job
2016-10-18 22:29 - 2015-09-07 18:08 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9c2c89d051.job
2016-10-18 22:29 - 2015-07-15 18:13 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf53d6c5a9df.job
2016-10-18 22:29 - 2015-05-14 22:07 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ebc535e4ae3.job
2016-10-18 22:29 - 2015-02-06 18:02 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04260f36f4621.job
2016-10-18 22:29 - 2014-12-30 03:50 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-18 22:28 - 2016-07-29 02:12 - 00000000 ____D C:\ProgramData\Foxit Software
2016-10-18 22:28 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-18 22:27 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-18 20:47 - 2014-12-31 03:40 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TeraCopy
2016-10-18 00:10 - 2016-07-24 12:12 - 00000000 ____D C:\Users\Brian
2016-10-17 23:48 - 2015-10-11 19:11 - 00000000 ____D C:\Program Files (x86)\4shared Desktop
2016-10-17 23:07 - 2016-01-16 12:56 - 00000000 ____D C:\ProgramData\NzbDrone
2016-10-17 18:30 - 2015-07-10 07:20 - 05150632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-17 18:30 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-10-17 18:28 - 2016-04-17 18:51 - 00000000 ___RD C:\Users\Brian\Google Drive
2016-10-17 18:28 - 2016-03-28 10:31 - 00000000 ____D C:\Program Files\Out of the Park Baseball 17
2016-10-17 18:08 - 2015-09-26 11:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-17 00:15 - 2014-12-30 20:42 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Efofex
2016-10-16 16:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-10-16 16:39 - 2014-12-31 02:56 - 00002828 ___SH C:\ProgramData\KGyGaAvL.sys
2016-10-16 15:06 - 2014-12-30 20:41 - 00000000 ____D C:\Users\Brian\AppData\Local\Efofex
2016-10-16 11:31 - 2014-12-30 17:37 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent
2016-10-16 11:04 - 2016-08-11 22:53 - 00000000 ____D C:\Users\Brian\AppData\Local\Deployment
2016-10-13 23:43 - 2009-09-04 01:07 - 00000000 ____D C:\Users\Brian\Documents\SMART Notebook
2016-10-13 22:24 - 2015-08-21 17:39 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 21:51 - 2016-06-04 17:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-10-12 00:41 - 2014-12-30 03:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-11 17:42 - 2015-12-31 14:05 - 00000000 ____D C:\Users\Brian\Documents\Witcher 2
2016-10-10 11:05 - 2016-08-25 00:04 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-10 11:05 - 2016-07-24 12:12 - 00000000 ____D C:\Users\Melissa
2016-10-10 01:18 - 2016-07-24 12:40 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2016-10-09 23:47 - 2014-12-31 02:18 - 00000000 ____D C:\Users\Brian\AppData\Roaming\vlc
2016-10-09 23:43 - 2015-01-01 12:35 - 00000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss
2016-10-09 23:23 - 2014-12-31 03:40 - 00000000 ____D C:\Program Files\TeraCopy
2016-10-07 22:59 - 2012-12-21 14:08 - 00263296 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-10-07 12:44 - 2016-06-04 17:11 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-10-03 16:10 - 2014-12-30 03:50 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 19:18 - 2015-07-10 06:06 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-30 19:18 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-20 22:49 - 2015-01-01 02:25 - 00000000 ____D C:\Users\Brian\AppData\Local\5F45063B-4BB8-48C9-A5D0-F4A3DFA17858.aplzod
2016-09-20 22:10 - 2014-12-30 19:58 - 00000000 ____D C:\Users\Brian\AppData\Local\Apple Inc
2016-09-20 22:02 - 2014-12-30 04:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-20 00:40 - 2015-12-23 20:11 - 00000000 ____D C:\Users\Brian\AppData\Roaming\iMazing
2016-09-19 22:18 - 2016-08-07 00:11 - 00406016 ___SH C:\Users\Brian\Desktop\Thumbs.db
 
==================== Files in the root of some directories =======
 
2016-02-11 23:42 - 2016-02-11 23:42 - 0000197 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
2016-02-12 00:23 - 2016-05-28 00:52 - 0003950 _____ () C:\Users\Brian\AppData\Roaming\evpro32.prf
2014-12-30 20:50 - 2014-12-30 20:50 - 0099384 _____ () C:\Users\Brian\AppData\Roaming\inst.exe
2014-12-30 20:50 - 2014-12-30 20:50 - 0007859 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.cat
2014-12-30 20:50 - 2014-12-30 20:50 - 0001167 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.inf
2014-12-30 20:50 - 2014-12-30 20:50 - 0000055 _____ () C:\Users\Brian\AppData\Roaming\pcouffin.log
2014-12-30 20:50 - 2014-12-30 20:50 - 0082816 _____ (VSO Software) C:\Users\Brian\AppData\Roaming\pcouffin.sys
2016-04-20 19:57 - 2016-04-20 19:57 - 0001536 _____ () C:\Users\Brian\AppData\Local\4F3D852AA42C405886E70170303E8C05.FXDraw2.fxd
2016-03-04 00:54 - 2016-03-04 00:55 - 0001456 _____ () C:\Users\Brian\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-19 00:04 - 2016-10-19 00:04 - 1519172 _____ () C:\Users\Brian\AppData\Local\ars.cache
2016-10-19 00:06 - 2016-10-19 00:06 - 0987840 _____ () C:\Users\Brian\AppData\Local\census.cache
2016-04-17 22:18 - 2016-04-17 22:18 - 0003584 _____ () C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-18 23:34 - 2016-10-18 23:34 - 0000036 _____ () C:\Users\Brian\AppData\Local\housecall.guid.cache
2016-10-18 23:57 - 2016-10-18 23:57 - 0000010 _____ () C:\Users\Brian\AppData\Local\sponge.last.runtime.cache
2014-12-31 02:56 - 2014-12-31 02:56 - 0000008 __RSH () C:\ProgramData\33C64483FB.sys
2014-12-31 02:06 - 2014-12-31 02:10 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
2016-07-24 17:43 - 2016-08-10 10:22 - 0019535 _____ () C:\ProgramData\empty.ico
2014-12-31 02:56 - 2016-10-16 16:39 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-09-07 03:38 - 2015-09-07 03:38 - 0518144 _____ () C:\ProgramData\r3M3eG
2015-09-24 00:07 - 2015-09-24 00:08 - 0000090 _____ () C:\ProgramData\r3M3eG.folder
2015-09-24 00:07 - 2015-09-24 00:08 - 0000104 _____ () C:\ProgramData\r3M3eG.path
2015-09-24 00:07 - 2015-09-24 00:38 - 0000671 _____ () C:\ProgramData\update.lnk
 
Files to move or delete:
====================
C:\Users\Brian\RegSvcs.exe
 

Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Brian\AppData\Local\Temp\kernel32.dll
 

==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-10-18 22:40
 
==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (19-10-2016 00:10:34)
Running from C:\Users\Brian\Desktop
Windows 10 Pro (X64) (2016-07-24 17:40:04)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-3969633871-4011712078-3145614358-500 - Administrator - Disabled)
Brian (S-1-5-21-3969633871-4011712078-3145614358-1001 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-3969633871-4011712078-3145614358-503 - Limited - Disabled)
Guest (S-1-5-21-3969633871-4011712078-3145614358-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3969633871-4011712078-3145614358-1002 - Limited - Enabled)
Melissa (S-1-5-21-3969633871-4011712078-3145614358-1003 - Limited - Enabled) => C:\Users\Melissa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.402.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.402.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
4shared Desktop (HKLM-x32\...\4shared Desktop) (Version: 4.0.14.27376 - 4shared)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AIM for Windows (HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\AIM) (Version:  - AOL Inc.)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyTrans 4.7.5 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.7.5 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother HL-4040CDN (HKLM-x32\...\{CF8373F6-B22B-40F7-9A16-63218826BEE9}) (Version: 1.00 - Brother)
Canon Pro9000 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000) (Version:  - )
Canon Setup Utility 2.1 (HKLM-x32\...\Canon Setup Utility 2.1) (Version:  - )
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.1.50.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM-x32\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.11.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.20.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Cool Timer 5.2.3.4 (HKLM-x32\...\Cool Timer_is1) (Version:  - Harmony Hollow Software)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVDFab 9.2.0.8 (06/08/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Eastside Hockey Manager: Early Access (HKLM-x32\...\Steam App 301120) (Version:  - Sports Interactive)
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
EOS MOVIE Utility (HKLM-x32\...\EOS MOVIE Utility) (Version: 1.2.0.0 - Canon Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET NOD32 Antivirus (HKLM\...\{EABF244B-9702-4B37-AA3F-F5CFF9572546}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Everything 1.4.0.713b (x64) (HKLM\...\Everything) (Version: 1.4.0.713b (x64) - David Carpenter)
ExamView Assessment Suite (HKLM-x32\...\{AA346994-CBFD-485F-B18C-3BC9B88F0E88}) (Version: 8.0.1289.63203 - eInstruction)
ExamView Content (PEP MathWorks 12) (HKLM-x32\...\{4df50b0d-caaa-4761-af0d-371293a71ea2}) (Version: 8.0.1289.63203 - eInstruction)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
Franchise Hockey Manager 2 (HKLM\...\Steam App 333830) (Version:  - Out of the Park Developments)
Franchise Hockey Manager 2014 (HKLM-x32\...\Franchise Hockey Manager2014) (Version: 2014 - Out of the Park Developments)
FX MathPack (HKLM-x32\...\FX MathPack_is1) (Version: 16.3.27.9 - Efofex Software)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.1.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.262.0 - International GeoGebra Institute)
Glary Utilities 5.56 (HKLM-x32\...\Glary Utilities 5) (Version: 5.56.0.77 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\{C3FF5ACB-174A-3E07-AE2A-62063FBCC9B1}) (Version: 53.0.2785.143 - Google, Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
iExplorer 3.9.0.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
Image Rescue 5 (2.0.1) (HKLM-x32\...\Image Rescue 5_is1) (Version: 2.0.1 - Lexar)
iMazing 1.5.1.0 (HKLM\...\iMazing_is1) (Version: 1.5.1.0 - DigiDNA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 11.0.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.8 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden
MarkBook 2014 (HKLM-x32\...\{E6AB4990-4AFA-4DF0-94BA-54C494CBC5EE}) (Version: 10.16.0 - Asylum Software Inc)
MarkBook 2015 (HKLM-x32\...\{54BFE612-3028-4250-BFC1-09C842B26B13}) (Version: 12.2.0 - Asylum Software Inc)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.45 - mIRC Co. Ltd.)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Firefox 47.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x64 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.55 - DJI Interprises, LLC)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 2016  KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016  KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Out of the Park Baseball 16 (HKLM-x32\...\Steam App 333820) (Version:  - Out of the Park Developments)
Out of the Park Baseball 17 (HKLM\...\b3V0b2Z0aGVwYXJrYmFzZWJhbGwxNw_is1) (Version: 1 - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFsam Basic (HKLM-x32\...\{96ABFF50-88F5-426E-96CC-80C98F198C4D}) (Version: 3.0.20.0 - Andrea Vacondio)
PDFsam Enhanced (HKLM-x32\...\PDFsam Enhanced) (Version: 3.0.27.26034 - Copyright 2015 Andrea Vacondio)
PDFsam Enhanced Asian Fonts Pack (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Convert Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Create Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Edit Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Forms Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Insert Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced OCR Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Review Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced Secure Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
PDFsam Enhanced View Module (Version: 3.0.7.25752 - Andrea Vacondio) Hidden
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.721.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.479.0 - SMART Technologies ULC)
Sonarr version 2.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 2.0 - Team Sonarr)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1226 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TeraCopy 3.0 (HKLM-x32\...\TeraCopy 3.0) (Version: 3.0 - Code Sector)
TeraCopy 3.0 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Hat 3.1.0.9 (HKLM-x32\...\The Hat_is1) (Version:  - Harmony Hollow Software)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
TMPGEnc Authoring Works 4 (HKLM-x32\...\{B8D91F6B-803A-4579-9DAD-1377B56DC657}) (Version: 4.0.7.32 - Pegasys Inc.)
VidCoder 1.5.33 (x86) (HKLM-x32\...\VidCoder_is1) (Version: 1.5.33 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.51 - VSO Software)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.7.4591 - Golden Frog, GmbH.)
VyprVPN (HKLM-x32\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.7.5.5242 - Golden Frog, GmbH.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.357 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.0 - Corel Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3969633871-4011712078-3145614358-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C17D19-2A9A-4973-BC9C-CB0287E1B7BA} - System32\Tasks\DropboxUpdateTaskMachineCore1d133b9ca0ebc9d => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-10] (Dropbox, Inc.)
Task: {05E380C5-4D20-434E-8D31-5FDE46A2BB2E} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {0847EEF6-89C5-4959-B8BA-C1C7EB946BB3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e9c2cf8044b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {1378B558-46A5-4F05-BD6B-C61DC2ADF726} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {167AA059-4538-4BEE-8E08-3037BD64CF1E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D5CEF27-F478-4CF4-BD8D-BD188EE209A8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FB91B2F-EAC3-45CE-ACBA-B090940D349D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)
Task: {26250CC7-797B-4BFC-A184-74D2B06AFBC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {26999241-C6E2-4C78-8F30-A2E400D21597} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2AB2E9BB-7596-455A-A5EA-19171505A209} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {2F796300-EC30-4BF0-A286-1A3D2E63FB77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3899FCBE-4EC2-426D-A697-0D68FC880481} - System32\Tasks\AutoPico Daily Restart => C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {3A9AAE38-BB68-4DE5-BC45-3044CC08C1A6} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-07-24] (Glarysoft Ltd)
Task: {3EE1AA9E-ECFF-4E1E-9ADF-B1887898234B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {413DB9ED-6287-4F5D-8A5C-C3BFB3A11B04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {46EC5867-A635-4170-A493-8C03008E9C5B} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e1f5aef0b92 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {4A9BB529-F91E-452A-A1DC-C402E0BA90E3} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf53d6c5a9df => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {50DEA228-9047-4B28-8525-E7CB700B8C23} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {544141C2-6FDE-42D6-9963-9FA8398267EE} - System32\Tasks\GoogleUpdateTaskMachineCore1d0ef5b51345a17 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {557743C6-404D-4C72-B768-E4DF95D43A56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A94CD68-E406-4D6D-9B41-42EB6889EF3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {6E5F2F06-A0F6-428D-837B-DEB769A2E460} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ebc53bb208e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {7024FFFE-F9F3-4721-A83C-508858F60DA3} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab00c4052566 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {7065E875-3F9A-4E03-8E8F-32C0ADEA7D32} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {726F9079-0A95-4041-9964-B054E2A8F501} - System32\Tasks\GoogleUpdateTaskMachineUA1d04260f3d5ef6e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {72A50D48-DE47-4A60-BFFF-DDF7BFFD3770} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab00c464f8de => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {82E17328-16E4-42C9-AC3A-F4A8C1A8E64F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {83FDE132-27B4-4294-8315-01C4DBBBACBB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8761AF97-93C6-42FF-A957-219942478BC0} - System32\Tasks\{A1AD5C0C-E9E9-4FC9-87E5-CD8F348D6A00} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {886C152A-94D9-4EC6-889F-AEDA0DAA15DE} - System32\Tasks\cpwq => C:\Users\Brian\cpwq\exbwwrw.exe [2015-07-10] (AutoIt Team)
Task: {8A7E83EE-B6C3-43E4-A3AF-241FA10E3ACA} - System32\Tasks\AdobeAAMUpdater-1.0-BlackBox-PC-Brian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {8B64DD14-7CDF-4EB2-971A-45DE54C67E5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {90802BEE-2885-4653-81A4-6672E0427D4F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {92B96B96-D67C-4312-815A-996630957B5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {93F98964-C2C7-4857-97E8-1B564C4CDB44} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9841F3D2-92AD-4B7E-A091-FD51F9E9BE1C} - System32\Tasks\GoogleUpdateTaskMachineCore1d08ebc535e4ae3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {9A787BEE-A164-4687-8BB9-04E9CB0CA302} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9BEBE9D8-CACD-476A-97B8-004326AD5E1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C4CE3FB-A173-460A-A812-F87F4B7A0C5A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf53d720c385 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {9F0583FC-C1B6-4E90-9823-F528F34FB9B9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A13EC844-E141-4F3D-B97D-82F78092A10E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0ef5b51912fc2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {A8268AC4-B090-47DB-BCE8-78A7E4DDEDB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ACF79432-A462-4118-9A0A-16D2EB7B5715} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B04C982F-9FD5-42CA-B598-DB34DE3602AB} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e9c2c89d051 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B0A38634-192D-4902-93BD-368A2C3869BB} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e6afd396a2b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B0C5E275-4FEA-47F7-B17A-DD45AA13D6C2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0D66306-BC5D-44EA-A22E-8DAE96477456} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e1f5b4913c4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B56A6349-FACD-4967-98DE-651FCC8239EB} - System32\Tasks\{0D86EF78-D213-41EB-8FBF-4E7692B31DE6} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.80.102/en/abandoninstall?page=tsProgressBar
Task: {B8BA8F2A-3DCD-4D50-B346-FD71639491FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B8D3270F-9450-4AA8-A5E4-F751A6A2B0EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC4716B1-1D0C-4467-BF93-B6AC41D0C123} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {C5E54B38-863E-4717-B9D1-B9BD0FA2C001} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C771BE48-EA1B-4657-B0EC-C1058A12035E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04260f36f4621 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {CF3C742B-CD95-4CBD-9D14-D9B3D334DBA9} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e6afccee6fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {D17E94A5-5C76-4523-8005-0AA57B1757DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D5727D7C-F9F6-4ACB-A7FF-E8CF205DB53E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)
Task: {DD709555-E2D3-412E-B99A-D5E989AF954E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E046B29D-3370-43D5-97E6-0B2621F45170} - System32\Tasks\{931444AF-E982-483A-8F85-DD8945C8279E} => pcalua.exe -a E:\setup.exe -d E:\
Task: {E0B45006-18EF-4706-9BC0-63A5A260B0FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E23DCE26-C4A5-4997-937C-C22EB9324B25} - System32\Tasks\DropboxUpdateTaskMachineUA1d133b9cab7be51 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-10] (Dropbox, Inc.)
Task: {E357F325-6D2F-4FD0-B6BA-6F96AE118453} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {E87E0332-B648-4D84-A59D-281554EAEBBE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-07-24] (Glarysoft Ltd)
Task: {F4EDD11A-CBE7-45CE-980D-08A525643015} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5772FF2-6CBB-4520-A2F5-081F696F5173} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6716CD7-8831-40F4-83AB-240047CB6B17} - System32\Tasks\{59F96C23-CAF1-453A-A4EB-7C4DDD3169D0} => pcalua.exe -a C:\Users\Brian\Downloads\MASetup.exe -d C:\Users\Brian\Downloads
Task: {F6DDFB52-9380-4F21-B9C1-5F1EE35D9522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {F748ED10-B6F7-4182-99AF-901B4A2D1A4A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC65AB03-F9E2-4B00-91EF-1FFFF9CADEA4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d133b9ca0ebc9d.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d133b9cab7be51.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04260f36f4621.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ebc535e4ae3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf53d6c5a9df.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e9c2c89d051.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef5b51345a17.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12e6afccee6fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15e1f5aef0b92.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1ab00c4052566.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04260f3d5ef6e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ebc53bb208e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf53d720c385.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e9c2cf8044b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0ef5b51912fc2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d12e6afd396a2b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d15e1f5b4913c4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1ab00c464f8de.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
ShortcutWithArgument: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-09 14:23 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-09 14:22 - 2016-08-03 00:44 - 02495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-09 14:22 - 2016-08-03 00:44 - 02495776 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-24 12:46 - 2016-07-24 12:46 - 00959168 _____ () C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-30 01:30 - 2016-09-05 09:50 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-09 14:21 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-08-09 14:23 - 2016-08-02 23:34 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-09 14:23 - 2015-11-24 23:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-09 14:23 - 2016-08-02 23:31 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-09 14:23 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 13:51 - 2014-10-14 13:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 13:51 - 2014-10-14 13:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-08-09 14:22 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-05-04 16:09 - 2015-05-04 16:09 - 00078848 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-07-24 21:59 - 2016-07-24 21:59 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2016-10-18 23:41 - 2016-08-22 04:15 - 00158168 _____ () C:\Users\Brian\AppData\Local\Temp\HouseCall32\libexpatw.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\Control Panel\Desktop\\Wallpaper -> C:\Desktop\810A1190.JPG
DNS Servers: 192.168.100.254 - 142.161.2.155
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NzbDrone => 2
MSCONFIG\Services: PDFsam Enhanced => 3
MSCONFIG\Services: PDFsam Enhanced CrashHandler => 3
MSCONFIG\Services: PDFsam Enhanced Creator => 2
MSCONFIG\Services: PDFsam Manager => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TeraCopyService => 2
MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup
MSCONFIG\startupreg: iFunBox => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "sbsdk-server"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\...\StartupApproved\Run: => "Plex Media Server"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{00982CC8-48ED-4397-B67E-81296643F1CC}] => (Allow) D:\SteamLibrary\steamapps\common\Franchise Hockey Manager 2\fhm2.exe
FirewallRules: [{554DB912-AE5F-4D63-9571-05C6D0AB3CD9}] => (Allow) D:\SteamLibrary\steamapps\common\Franchise Hockey Manager 2\fhm2.exe
FirewallRules: [{4E6E72EA-A14D-41E6-8875-1FADDCF8F000}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{616896F3-94CD-4217-8209-3E70E56A3073}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B09AED9B-C73D-45BF-BA67-6FD20031B2AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8D5A8432-F0A6-4DB4-A8C2-280828873366}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{56CDFA28-E338-4841-AD57-A31B67BC559F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0964ACC9-8068-4E17-969E-2D3917128699}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{4421AD0D-62E6-4347-BA0F-467FD087F56D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{238CD621-0AB8-40B7-B92D-852F7FCF1A70}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{F4FAA4F0-15BE-49E1-8158-55A4BE97C0CD}] => (Allow) LPort=8989
FirewallRules: [UDP Query User{AA375212-594F-435E-8C8C-8C69F162F735}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{81731FA2-7158-4B00-A6CC-14268A6A3819}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{884DCB7C-28D0-4329-96A1-A298E2C5EE17}] => (Allow) D:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{B887CC75-4B68-4999-821D-BCB9D8E30FAF}] => (Allow) D:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{FDE799C5-7EE7-4CC8-925D-667CD5052BB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26471F46-4522-408B-BC70-A9F407A7605D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D60AEB28-6ADD-4433-B3B1-B018CD35BD13}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{7D61BDED-7DA8-42FB-9AF2-D77569034C6E}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{15098B54-6411-424C-9692-74B1624C4257}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{463A6F73-2572-41C5-9226-B1B25AA5DF81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30DDB02C-A12B-4610-934C-0B3BDC7A46FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A0C71A7-9F2B-40E1-A63F-C9A8E639BAAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0D6FBED-7629-49E8-9ADC-E0D3B8172842}] => (Allow) C:\Users\Brian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{B8B63993-99BD-4572-83DD-96A7103E061F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5A943F6E-1985-4C52-B77C-DA9A6EECBB95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{97956B8E-FF30-4337-BEEE-E5F13E6E733F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{2B7FBBEE-468E-4E78-BF7B-24D6E94BD973}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{361F9F1A-964A-42E6-A1E7-594820ABD276}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{014336CF-FB13-4939-B1DA-A25DE1F63795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{B5AA4A2D-B104-448F-B10A-A31B6BC7D288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{391850E6-9116-46FF-82D6-0205B4E196CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{F3C3AF14-0215-48A1-ABBD-4421E6C89668}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{616FF7D1-B51B-4386-A476-FAF734F7E7C8}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{AA4D6A2B-E7F2-4B1A-ADD6-9281F89F808E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Out of the Park Baseball 16\ootp16.exe
FirewallRules: [{1F41FDB1-CE5A-4D28-9F58-ACEF02A4FE75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Out of the Park Baseball 16\ootp16.exe
FirewallRules: [{AEE45013-E7AE-4A8E-A7FB-5131387D8403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{75889363-9A14-45FE-8674-A22B639EE953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{95850134-309B-404D-8E04-63998B813810}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A4FB5F44-DFA4-47CF-BB8A-62D9DE2CBC05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{108A1DE4-5887-4F0D-B8F2-C20E9FF96F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{F691FA7B-B908-4D05-8D71-8D37E724AF8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42AC8145-B797-4085-A9B1-F9065B3B8751}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A030BE67-9B36-47C7-9ABE-AE6E1F78D12A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{82188349-3B35-465A-B6F0-600BA5CA7F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{7D33728D-BAB1-488A-BE1A-A6BB30B30DBB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{038B7D6D-D861-4446-ADCB-68D8A716E6F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{049DAF5A-08A1-4A5C-B958-A8CB42A43C3D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{636E7ABA-D492-4A7E-B8C5-4EBC85BE2A37}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{4A1314CE-8071-496E-BF4C-0B9F486D27CC}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{518E2E10-A59C-4BB5-AFEF-41B3F696F83D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2604E0D8-4E8A-4CF1-B8E5-3E25C7E1C842}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BFDF0926-75AD-4A82-AB79-238597F5E0B0}] => (Allow) LPort=1900
FirewallRules: [{8513A8EA-99D6-47F4-8FED-8AE7D9AA0DCF}] => (Allow) LPort=2869
FirewallRules: [{872E49A9-470F-456C-BDFC-CF975CD93B8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4D5A70F6-FB63-456F-BCD2-94A0281BE850}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{6EC79451-D612-4166-8BB4-5F40A814D8E9}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{C787E364-9F90-424C-A2AF-3F9FA507B684}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{AF0460E2-D335-48F1-8911-5F61D979A1C0}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{324CC30F-CECB-48F6-9BF7-E503DFD2CCDC}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{916CD620-E28A-40E4-AD27-29E808E91CC8}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{037DF1C8-BA44-432B-B430-2CC70778A417}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{B9DA2E75-3492-4C09-BA70-E5359D6DFDFF}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{3AFE692A-7AE4-4673-843B-DFC78EA56B7D}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{2E24AF45-10F9-451D-A671-172CBAF02C4B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3E32C903-E84A-4175-A7D9-C52B676D4F9C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60C7DA3C-D472-4893-9C37-FCED0DF5F20E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E5B775D-1576-416F-8302-BFD8D2E79C8E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6B095ACF-B64B-4191-883F-F53D5BBC7594}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D5FEFEAD-0468-4BAB-A009-46809EAA2FDF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{36ECA40C-01A5-4C5B-AA58-F71D56D268DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E2C10A4-744E-4F90-856F-F71F58BCDC1E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{12773B90-979A-4FC6-BD9D-735798AB7926}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{076BEFFA-16A4-4C9C-8B69-57351A61E34B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0FABEA2F-D0FF-4A8F-92B2-B15EBAC3D95A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
29-09-2016 17:43:30 Scheduled Checkpoint
08-10-2016 11:31:29 Scheduled Checkpoint
17-10-2016 18:58:43 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2016 11:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: housecall.bin, version: 1.62.0.1161, time stamp: 0x57fcf5a2
Faulting module name: housecall.bin, version: 1.62.0.1161, time stamp: 0x57fcf5a2
Exception code: 0x40000015
Fault offset: 0x00000000001833ae
Faulting process id: 0x6bc
Faulting application start time: 0x01d229c264dcc05c
Faulting application path: C:\Users\Brian\AppData\Local\Temp\HouseCall\housecall.bin
Faulting module path: C:\Users\Brian\AppData\Local\Temp\HouseCall\housecall.bin
Report Id: 38fbef95-b9a2-4e1e-8bbf-841c54563b9c
Faulting package full name:
Faulting package-relative application ID:
 
Error: (10/18/2016 10:33:29 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.1 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4828.  Message ID: [0x2509].
 
Error: (10/18/2016 10:25:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlackBox-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/18/2016 10:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.17071, time stamp: 0x57a176a1
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x57a17449
Exception code: 0x80000003
Fault offset: 0x0000000000151b73
Faulting process id: 0xbb8
Faulting application start time: 0x01d229b874a2fc2f
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: cede2789-3966-428a-900c-2dabb7edb2c5
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (10/18/2016 10:25:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlackBox-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/18/2016 10:25:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.17071, time stamp: 0x57a176a1
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x57a17449
Exception code: 0x80000003
Fault offset: 0x0000000000151b73
Faulting process id: 0xb38
Faulting application start time: 0x01d229b873e22d71
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: 33c9f9d8-8402-40f4-b58f-9b4c00bd1532
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (10/18/2016 10:25:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlackBox-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/18/2016 10:25:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.17071, time stamp: 0x57a176a1
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x57a17449
Exception code: 0x80000003
Fault offset: 0x0000000000151b73
Faulting process id: 0xa90
Faulting application start time: 0x01d229b872cfe9c0
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: 3e4911a1-6db5-46e1-ae36-644f2ae79021
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (10/18/2016 10:25:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlackBox-PC)
Description: Activation of app Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/18/2016 10:25:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlackBox-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 

System errors:
=============
Error: (10/18/2016 11:39:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The B's Recorder GOLD Library General Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/18/2016 11:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1607.
 
Error: (10/18/2016 10:35:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/18/2016 10:28:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/18/2016 10:27:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (10/18/2016 10:25:37 PM) (Source: DCOM) (EventID: 10005) (User: BlackBox-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/18/2016 10:25:35 PM) (Source: DCOM) (EventID: 10005) (User: BlackBox-PC)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (10/18/2016 10:25:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
 
Error: (10/18/2016 10:25:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.
 
Error: (10/18/2016 10:25:34 PM) (Source: DCOM) (EventID: 10005) (User: BlackBox-PC)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 

CodeIntegrity:
===================================
  Date: 2016-09-17 12:05:31.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:31.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:31.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:31.711
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:31.687
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:31.662
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:30.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:05:30.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:02:45.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-09-17 12:02:45.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 47%
Total physical RAM: 6134.11 MB
Available physical RAM: 3198.15 MB
Total Virtual: 12278.11 MB
Available Virtual: 8934.06 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.46 GB) (Free:128.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:5588.9 GB) (Free:1204.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: CD7D2149)
Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 5589 GB) (Disk ID: CBDF118C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
Just one more thing.  Thank you very much for taking your time to help look at this issue.  I really appreciate any help that can be provided.

Attached Files


Edited by Mathalete, 19 October 2016 - 12:25 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 21 October 2016 - 10:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The file looks good. If you have any issues submit it to VirusTotal for evaluation. at: https://www.virustotal.com/
Post the log for my review.
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF user.js: detected! => C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\user.js [2015-08-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325882&octid=EB_ORIGINAL_CTID&ISID=34801A5D-0145-457B-9AE7-A80EEEFD88A8&SearchSource=55&CUI=&UM=6&UP=SPB1BA5502-0787-4FC7-AE72-DD3ADBD2AA8F&SSPV="
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-20]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Brian\AppData\Local\Temp\kernel32.dll
C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe
Task: {26250CC7-797B-4BFC-A184-74D2B06AFBC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F796300-EC30-4BF0-A286-1A3D2E63FB77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3899FCBE-4EC2-426D-A697-0D68FC880481} - System32\Tasks\AutoPico Daily Restart => C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {413DB9ED-6287-4F5D-8A5C-C3BFB3A11B04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {557743C6-404D-4C72-B768-E4DF95D43A56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9A787BEE-A164-4687-8BB9-04E9CB0CA302} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A8268AC4-B090-47DB-BCE8-78A7E4DDEDB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C5E54B38-863E-4717-B9D1-B9BD0FA2C001} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD709555-E2D3-412E-B99A-D5E989AF954E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Adobe AIR is out-or-date and vulnerable.

https://get.adobe.com/air/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
===

Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 16 NPAPI

Go to this page with Firefox to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

===

Please post the Fixlog.txt and let me know what problem persists.

#3 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 21 October 2016 - 07:11 PM

Thank you for your speedy help! 

 

 

 

Fixlog...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (21-10-2016 18:48:49) Run:1
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Melissa & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF user.js: detected! => C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\user.js [2015-08-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325882&octid=EB_ORIGINAL_CTID&ISID=34801A5D-0145-457B-9AE7-A80EEEFD88A8&SearchSource=55&CUI=&UM=6&UP=SPB1BA5502-0787-4FC7-AE72-DD3ADBD2AA8F&SSPV="
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-20]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Brian\AppData\Local\Temp\kernel32.dll
C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe
Task: {26250CC7-797B-4BFC-A184-74D2B06AFBC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F796300-EC30-4BF0-A286-1A3D2E63FB77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3899FCBE-4EC2-426D-A697-0D68FC880481} - System32\Tasks\AutoPico Daily Restart => C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {413DB9ED-6287-4F5D-8A5C-C3BFB3A11B04} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {557743C6-404D-4C72-B768-E4DF95D43A56} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9A787BEE-A164-4687-8BB9-04E9CB0CA302} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A8268AC4-B090-47DB-BCE8-78A7E4DDEDB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C5E54B38-863E-4717-B9D1-B9BD0FA2C001} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD709555-E2D3-412E-B99A-D5E989AF954E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL [5122]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3969633871-4011712078-3145614358-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\user.js => moved successfully
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\user.js => not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
dbx => service removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\Users\Brian\AppData\Local\Temp\kernel32.dll => moved successfully
"C:\Users\Brian\AppData\Local\Temp\RarSFX0\AutoPico.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26250CC7-797B-4BFC-A184-74D2B06AFBC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26250CC7-797B-4BFC-A184-74D2B06AFBC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F796300-EC30-4BF0-A286-1A3D2E63FB77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F796300-EC30-4BF0-A286-1A3D2E63FB77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3899FCBE-4EC2-426D-A697-0D68FC880481}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3899FCBE-4EC2-426D-A697-0D68FC880481}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{413DB9ED-6287-4F5D-8A5C-C3BFB3A11B04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{413DB9ED-6287-4F5D-8A5C-C3BFB3A11B04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{557743C6-404D-4C72-B768-E4DF95D43A56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{557743C6-404D-4C72-B768-E4DF95D43A56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A787BEE-A164-4687-8BB9-04E9CB0CA302}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A787BEE-A164-4687-8BB9-04E9CB0CA302}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8268AC4-B090-47DB-BCE8-78A7E4DDEDB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8268AC4-B090-47DB-BCE8-78A7E4DDEDB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5E54B38-863E-4717-B9D1-B9BD0FA2C001}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5E54B38-863E-4717-B9D1-B9BD0FA2C001}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD709555-E2D3-412E-B99A-D5E989AF954E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD709555-E2D3-412E-B99A-D5E989AF954E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\ProgramData\CLDShowX.ini => ":Update.CL" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 402688123 B
Java, Flash, Steam htmlcache => 203993358 B
Windows/system/drivers => 272582390 B
Edge => 84496002 B
Chrome => 515298241 B
Firefox => 11398960 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 72372 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 153498 B
NetworkService => 2342 B
Brian => 1154021508 B
Melissa => 40844 B
DefaultAppPool => 72372 B
 
RecycleBin => 237455201 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:59:18 ====
 
 
 
I still got the alert from ESET after rebooting that the RegSvc.exe was there.
 
Am I still infected?  Is this a trojan?
 
I'm updating to the current version of each of those softwares right now.

Edited by Mathalete, 21 October 2016 - 07:11 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 22 October 2016 - 09:26 AM


Lets check the hard drive and the Registry.

Please run the Farbar Recovery Scan Tool. Enter RegSvc.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets see what we can fin in the Registry.

Please run the Farbar Recovery Scan Tool. Enter RegSvc.exe in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#5 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 22 October 2016 - 10:41 AM

File Search

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (22-10-2016 10:37:49)
Running from C:\Users\Brian\Desktop
Boot Mode: Normal
 
================== Search Files: "RegSvcs.exe" =============
 
C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.10240.16384_none_41b1fc5a78a2466c\RegSvcs.exe
[2015-07-10 06:01][2015-07-10 06:01] 0045216 ____A (Microsoft Corporation) 3996181107A29F5DAA3880555358FD25 [File is digitally signed]
 
C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_10.0.10240.16384_none_b83702b6dd0b6a43\RegSvcs.exe
[2016-07-24 15:02][2015-05-30 00:06] 0032768 ____A (Microsoft Corporation) 4AF9D50526BFEF4B08FCC8DB059F246B [File is digitally signed]
 
C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_4.0.10240.16384_none_fa04c58364261d66\RegSvcs.exe
[2015-07-10 06:01][2015-07-10 06:01] 0044192 ____A (Microsoft Corporation) BD8B624EBBFD798B3658871F3E1D91E0 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_10.0.10240.16384_none_7089cbdfc88f413d\RegSvcs.exe
[2016-07-24 15:02][2015-06-17 21:04] 0028672 ____A (Microsoft Corporation) E0CE05DA05E3BA66A0CC46C20F7B801A [File is digitally signed]
 
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
[2015-07-10 06:01][2015-07-10 06:01] 0044192 ____A (Microsoft Corporation) BD8B624EBBFD798B3658871F3E1D91E0 [File is digitally signed]
 
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe
[2016-07-24 15:02][2015-06-17 21:04] 0028672 ____A (Microsoft Corporation) E0CE05DA05E3BA66A0CC46C20F7B801A [File is digitally signed]
 
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
[2015-07-10 06:01][2015-07-10 06:01] 0045216 ____A (Microsoft Corporation) 3996181107A29F5DAA3880555358FD25 [File is digitally signed]
 
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
[2016-07-24 15:02][2015-05-30 00:06] 0032768 ____A (Microsoft Corporation) 4AF9D50526BFEF4B08FCC8DB059F246B [File is digitally signed]
 
C:\Users\Brian\RegSvcs.exe
[2016-10-09 23:23][2015-07-10 06:01] 0045216 __ASH (Microsoft Corporation) 3996181107A29F5DAA3880555358FD25 [File is digitally signed]
 
====== End of Search ======

Registry Search

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (22-10-2016 10:41:06)
Running from C:\Users\Brian\Desktop
Boot Mode: Normal
 
================== Search Registry: "RegSvcs.exe" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_none_e6a7bf45796f35cb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_netfx-regsvcs_exe_config_v1_31bf3856ad364e35_none_1647639011e56e66]
 
====== End of Search ======

Once again, many thanks for your help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 22 October 2016 - 12:32 PM


This file is not located in a default folder.
C:\Users\Brian\RegSvcs.exe
[2016-10-09 23:23][2015-07-10 06:01] 0045216 __ASH (Microsoft Corporation) 3996181107A29F5DAA3880555358FD25 [File is digitally signed]

The Default folder is this one and the file exists there also.

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
[2015-07-10 06:01][2015-07-10 06:01] 0045216 ____A (Microsoft Corporation) 3996181107A29F5DAA3880555358FD25 [File is digitally signed] <- same parameters as the one above.

Lets move the file to the C: root folder.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Move: C:\Users\Brian\RegSvcs.exe C:\RegSvcs.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


If eSet reports the file again rename it from C:\RegSvcs.exe TO RegSvcs.exe.OLD

Restart the computer normally.

Let me know if the problem persists.

#7 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 22 October 2016 - 05:28 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (22-10-2016 13:38:15) Run:2
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Melissa & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Move: C:\Users\Brian\RegSvcs.exe C:\RegSvcs.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Users\Brian\RegSvcs.exe" moved successfully to C:\RegSvcs.exe
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 293659 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5285278 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 2134296 B
Edge => 13436599 B
Chrome => 51050689 B
Firefox => 46224678 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 3290 B
NetworkService => 0 B
Brian => 15837226 B
Melissa => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 128 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:38:25 ====
 
 
 
 
 
 
 
 
 
ESET came up with the same alert.
 
I went to my C:/ drive (with hidden files/folders visible) and did NOT see RegSvcs.exe (went there to rename it as per your instructions).
 
I'm puzzled as to why this is happening.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 23 October 2016 - 08:41 AM


Strange. Run this fix.
It will rename the file RegSvcs.old

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:

Move: C:\RegSvcs.exe C:\RegSvcs.old

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#9 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 23 October 2016 - 11:40 PM

I went all day without seeing anything, but then tonight I did again.  
 
Here is the fixlist log
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Brian (23-10-2016 11:36:46) Run:3
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & Melissa & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
CloseProcesses:
 
Move: C:\RegSvcs.exe C:\RegSvcs.old
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\RegSvcs.exe" moved successfully to C:\RegSvcs.old
 
 
The system needed a reboot.
 
==== End of Fixlog 11:37:04 ====
 
 
This is the information ESET gives me.
 
Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
10/23/2016 11:36:54 PM;Startup scanner;file;Operating memory » RegSvcs.exe(3432);MSIL/NanoCore.G trojan;cleaned by deleting;;;915D2926D1B8EFD01B0D98E3E6C64F149491B559;
 
 
Thoughts?


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 24 October 2016 - 09:07 AM

10/23/2016 11:36:54 PM;Startup scanner;file;Operating memory » RegSvcs.exe(3432);MSIL/NanoCore.G trojan;cleaned by deleting;;;915D2926D1B8EFD01B0D98E3E6C64F149491B559;


Looks like it was cleaned.

Wait a day or two and see if Eset is still reporting this.

#11 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 24 October 2016 - 05:32 PM

ESET is still reporting it.  I can wait to see if it continues beyond right now but so far, it's still happening



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 25 October 2016 - 09:39 AM

Delete the file C:\RegSvcs.old leave it in your recycle bin for a few days. If all is well flush it.



#13 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 26 October 2016 - 10:19 PM

So here's the latest...

 

I cannot find any file of that name in the C:/ directory.   (So I cannot send it to the recycle bin).

 

However, every few hours ESET detects multiple occurrences of that file (approximately 10).

 

So......  Is this something I should be worried about????  Can I do anything else to keep my computer safe?


Edited by Mathalete, 26 October 2016 - 10:19 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 PM

Posted 27 October 2016 - 09:42 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

It might just be that this is part of a remnant file or string in a file.

Let see if we can clean it.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

If the problem persists run this cleaning tool also.


When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#15 Mathalete

Mathalete
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 27 October 2016 - 06:03 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64 
Ran by Brian (Administrator) on Thu 10/27/2016 at 17:56:35.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 30 
 
Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\out of the park developments (Folder) 
Successfully deleted: C:\Users\Brian\AppData\Local\{0FCF8DF0-E657-49B2-B8AA-560CFC8C2CAC} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{23C7FC75-B3FF-42CE-8FC5-9F14541B4F7E} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{266C0635-EEE4-4322-87D0-849D6F0F5A82} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{2D5888BE-479B-469E-8622-0DF474D9EE37} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{443A8D5E-9D1C-4E17-B11B-F6E63FB8E113} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{5929BB9B-111C-49F6-8334-716E525E9922} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{840C22DB-9FDB-4529-B571-1824A74177B7} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{84E9CAB5-B5C7-4B5F-994C-05D58B04F00B} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{9CF628D5-C7AC-4AD7-920E-3634F8F6DAB2} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{AA4272FF-AD28-4FDC-9F3A-F4E416089828} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{AA69E5BE-1CB2-412B-80B1-F555EE893162} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{B33DBD15-A17F-4798-9D6D-2D2E3F1EE467} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{B651D82B-D327-4E76-925B-32A88C42A9D1} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{BAA5536E-61E5-4836-B8A8-41A4A421A733} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{C172AC24-CC03-46B1-8AB0-1C5D463B8E0A} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{C7EA74EB-C522-41F8-9D51-8EA0EFEDEC99} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{E343FCA2-E037-439A-B717-0A4FC1CE5AC5} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{EB3C533D-292D-4E08-B32A-11BDA38984EE} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{F0B2E38B-FD09-4B30-955F-666255A7197E} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\{F6BBB7CC-7113-45C9-83AD-75DA6AA36EFF} (Empty Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij (Folder) 
Successfully deleted: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjebfgojnlefhdgmomncgjglmdckngij_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjebfgojnlefhdgmomncgjglmdckngij_0.localstorage (File) 
Successfully deleted: C:\Users\Brian\AppData\Roaming\4695 (Folder) 
Successfully deleted: C:\Users\Brian\AppData\Roaming\7072 (Folder) 
Successfully deleted: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\cd9igrrc.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\Brian\AppData\Roaming\out of the park developments (Folder) 
Successfully deleted: C:\Program Files (x86)\out of the park developments (Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6401BC8F-9AD0-430B-BF2C-2A34B0E98466} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6401BC8F-9AD0-430B-BF2C-2A34B0E98466} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{AD42CFE2-C0AD-487E-8224-C2AEF09F4CEB} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/27/2016 at 17:59:49.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users