Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Win32 Trojan WisdomEyes


  • This topic is locked This topic is locked
7 replies to this topic

#1 xtype

xtype

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 05:17 AM

Hi on the forum as I need a better understanding of malware.

 

I have a Windows 7 Pro 32bit with recurring  60% to 100% CPU usage causing the system to slow. This is the only reported symptom at the present time. Can idle at 70% then when app is opened ie. word etc with not much load the cpu goes up to 100% 

 

Eset Internet Security 10 Installed has not detected it as yet. A custom scan maxes out the CPU to 100%

 

I have examined the processes with Process Explorer and the only problem I can see shows up in Services.exe - 1/56 Win32 Trojan WisdomEyes in VirusTotal.

 

My question is as its only 1/56 in VirusTotal does it warrant further investigation?

 

Find enclosed screen shot files for now, I will run a scan with Farbar Recovery Scan Tool when I get access to the system later.

 

Thanks all.....your help is much appreciated on this.

Attached Files


Edited by hamluis, 30 November 2016 - 06:36 AM.
Moved from MRL to Am I Infected, no logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 xtype

xtype
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 09:23 AM

Here's the Logs thanks in advance....

 

-----------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2016
Ran by Administrator (administrator) on USER-PC (30-11-2016 13:48:56)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: User & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Internet Security\ekrn.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Livedrive\VSSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(MMSOFT Design Ltd.) C:\Program Files\Pulseway\PCMonitorSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MMSOFT Design Ltd.) C:\Program Files\Pulseway\pcmontask.exe
(ESET) C:\Program Files\ESET\ESET Internet Security\egui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(UltimateOutsider) C:\Program Files\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-14] (Analog Devices, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files\Livedrive\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files\Livedrive\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files\Livedrive\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files\Livedrive\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{39852A22-795B-43B6-B0DA-5AE8468BCBFD}: [DhcpNameServer] 89.19.64.164 89.19.64.36
Tcpip\..\Interfaces\{A089E9F8-9E84-4ED1-A638-3B2E7EF0BB7A}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{A53B86FA-DF2E-4104-8CB8-11CBB3197349}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2719048277-607677208-3562655459-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2719048277-607677208-3562655459-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ie/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-09] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-09] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: bjos61ag.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bjos61ag.default [2016-11-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-11-30]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-12]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2225368 2016-10-11] (ESET)
R2 LivedriveVSSService; C:\Program Files\Livedrive\VSSService.exe [148480 2015-10-29] () [File not signed]
R2 PC Monitor; C:\Program Files\Pulseway\PCMonitorSrv.exe [1192096 2016-09-14] (MMSOFT Design Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299144 2012-11-10] (EldoS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [179336 2016-10-07] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [164480 2016-10-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139392 2016-10-07] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43144 2016-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [68232 2016-10-07] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [51848 2016-10-07] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [78472 2016-10-07] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-05-17] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18944 2013-07-25] (Apple Inc.) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S3 uxddrv; \??\E:\uxddrv.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files\Pulseway\PCMonitorSrv.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ADIHdAud.sys 5EE42C392D81DF4544E4286EBB231A7A
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 34A44AF3D786BB28B445821461331E19
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\cbfs3.sys 601A1B74A4373854D6BFD47519110108
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AEC572F808592750F4C0880CFF94EEA5
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\drivers\dxgkrnl.sys 4B21D102E49E9D44C478D6766A7FCBE5
C:\Windows\System32\DRIVERS\e1k6232.sys 19E30C3C80D8CE29944B3F30FF9C8B76
C:\Windows\System32\DRIVERS\eamonm.sys A574CC849C6F63251B328680A623CFA8
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\edevmon.sys 7576E5B1873C51D479E8E21EEEB45B31
C:\Windows\System32\DRIVERS\ehdrv.sys 98807A2D7AD4247475C23597C01703B9
C:\Windows\System32\DRIVERS\ekbdflt.sys C8E6676CEC030922713E1AE526487213
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys 25712E18B50A529D16C3EA111065B674
C:\Windows\System32\DRIVERS\EpfwLWF.sys A3E8BF2FF120D4861B1B2C1C98800A02
C:\Windows\System32\DRIVERS\epfwwfp.sys 312E3526581156796B266904C59269F4
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys D8CA09A59B330F0968E2AC4DD957060E
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys AD626F6964F4D364D226C39E06872DD3
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 58975F4DBB4A40D58FD1B913B6C912DA
C:\Windows\System32\Drivers\ksecpkg.sys EF8C60DD465C56837E1CC53D996A65C2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys D1BDF813C9FE5ED53134EDF360927735
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686
C:\Windows\System32\DRIVERS\mrxsmb.sys DFF7080C28D25B9629406FBC53F0AC24
C:\Windows\System32\DRIVERS\mrxsmb10.sys B63F11492664EA49F07BB0E50938F746
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0E55102EA96B20FA945102A223D69DA5
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 9213AA35BCA94EB79D366DA254E4BDF5
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys A00996C9BFEF29A93B9F21DBE1DC502D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 978E7A2E4BF4E8E70D0776EF0D9E97FB
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys D86EA722F3337AA3F0253B6E359E6796
C:\Windows\System32\DRIVERS\srv2.sys 1931823AC05967E5F79B791E9FFC2398
C:\Windows\System32\DRIVERS\srvnet.sys 50A2FC7B0408F15B77E056076BBB6252
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys A176718F0DF45F60F545CF3E14F4D108
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-30 13:48 - 2016-11-30 13:49 - 00026725 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-11-30 13:47 - 2016-11-30 13:48 - 01760768 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2016-11-30 13:19 - 2016-11-30 13:48 - 00000000 ____D C:\FRST
2016-11-30 03:42 - 2016-11-30 03:43 - 00000000 ____D C:\Users\Administrator\Desktop\Virus Detected 30-11-2016
2016-11-30 01:47 - 2016-11-30 01:47 - 00001252 _____ C:\Users\Administrator\Desktop\procexp - Shortcut.lnk
2016-11-30 01:45 - 2016-11-30 01:45 - 01932769 _____ C:\Users\Administrator\Downloads\ProcessExplorer.zip
2016-11-30 00:02 - 2016-11-30 00:02 - 00000000 ____D C:\Program Files\LocK-A-FoLdeR
2016-11-30 00:01 - 2016-11-30 00:01 - 00608560 _____ (Gurjit Singh) C:\Users\Administrator\Downloads\LocK-A-FoLdeR-V3.10.3x84.exe
2016-11-30 00:01 - 2016-11-30 00:01 - 00608560 _____ (Gurjit Singh) C:\Users\Administrator\Desktop\LocK-A-FoLdeR-V3.10.3x84.exe
2016-11-25 15:30 - 2016-11-25 15:31 - 00197940 _____ C:\TDSSKiller.3.1.0.12_25.11.2016_15.30.04_log.txt
2016-11-25 15:29 - 2016-11-25 15:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Administrator\Downloads\tdsskiller.exe
2016-11-25 15:25 - 2016-11-25 15:27 - 00002114 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-11-25 15:24 - 2016-11-25 15:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2016-11-21 22:33 - 2016-11-21 22:33 - 01914919 _____ C:\Users\Administrator\Desktop\WindowsUpdate_Log.txt
2016-11-12 19:22 - 2016-11-12 19:22 - 55059086 _____ C:\Users\Administrator\Downloads\windows6.1-kb3197867-x86_2313232edda5cca08115455d91120ab3790896ba.msu
2016-11-11 23:56 - 2016-11-11 23:56 - 00000104 _____ C:\Users\Administrator\Desktop\Control Panel - Shortcut.lnk
2016-11-11 23:28 - 2016-11-11 23:28 - 00000000 ____D C:\19a7c22bea586d875b1d
2016-11-11 23:26 - 2016-11-11 23:26 - 00000000 ____D C:\320af69efa65e1277cb6a8
2016-11-11 22:49 - 2016-11-11 22:49 - 00000000 ____D C:\97d349a11c78f3e708b78e7c82794e72
2016-11-11 22:35 - 2016-11-25 14:09 - 00000191 _____ C:\Users\Administrator\Desktop\UpDates.txt
2016-11-11 22:29 - 2016-11-11 22:29 - 00000000 ____D C:\afb94fc946a728ed4a04d7b3e3a3a29d
2016-11-09 23:06 - 2016-11-09 23:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-11-09 20:45 - 2016-11-09 20:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2016-11-09 20:43 - 2016-11-09 20:43 - 00000000 ____D C:\Users\Administrator\Desktop\MANUAL
2016-11-09 20:41 - 2016-11-09 20:41 - 00002223 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-11-09 20:40 - 2016-11-09 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-11-09 20:40 - 2016-11-09 20:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2016-11-09 20:40 - 2016-11-09 20:40 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-11-09 20:39 - 2016-11-09 20:42 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate
2016-11-09 20:39 - 2016-11-09 20:41 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdateInstaller
2016-11-09 20:39 - 2016-11-09 20:40 - 00000000 ____D C:\ProgramData\Samsung
2016-11-09 20:39 - 2016-11-09 20:40 - 00000000 ____D C:\Program Files\Samsung
2016-11-09 20:39 - 2015-06-05 11:01 - 00688920 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2016-11-09 20:39 - 2015-06-05 11:00 - 01545216 _____ C:\Windows\system32\eed_ec.dll
2016-11-09 20:39 - 2015-04-28 15:22 - 00094208 ____N C:\Windows\system32\ssdevm.dll
2016-11-09 20:39 - 2015-04-24 12:56 - 00018432 _____ () C:\Windows\system32\ssd5clm.dll
2016-11-09 20:39 - 2015-04-14 10:45 - 00158040 _____ (SS) C:\Windows\system32\ssd5ci.exe
2016-11-09 20:39 - 2013-11-15 07:01 - 00212600 _____ C:\Windows\system32\SBuySupplies.exe
2016-11-09 20:39 - 2013-11-15 07:00 - 00065536 _____ (SS) C:\Windows\system32\ssd5ci.dll
2016-11-09 20:39 - 2013-11-15 06:59 - 00000273 _____ C:\Windows\system32\eed_sl.exe.config
2016-11-08 11:15 - 2016-11-08 11:15 - 00002048 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-11-08 11:15 - 2016-11-08 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-08 11:15 - 2016-11-08 11:15 - 00000000 ____D C:\Program Files\ESET
2016-11-08 11:11 - 2016-11-08 11:11 - 03132032 _____ (ESET) C:\Users\Administrator\Downloads\eset_internet_security_live_installer.exe
2016-11-07 10:22 - 2016-11-07 10:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Canon
2016-11-07 09:59 - 2016-11-07 10:00 - 00000000 ___HD C:\Program Files\CanonBJ
2016-11-07 09:57 - 2016-11-08 18:46 - 00000000 ____D C:\Program Files\Canon
2016-11-07 09:57 - 2016-11-07 12:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-30 13:47 - 2015-05-16 06:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa121d7a38e.job
2016-11-30 13:47 - 2015-02-06 17:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042311cc3ced5.job
2016-11-30 13:47 - 2014-10-24 12:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef8316cdc733.job
2016-11-30 13:47 - 2013-08-16 15:20 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-30 13:39 - 2012-11-22 11:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-30 13:24 - 2014-06-18 05:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8aba26d30918.job
2016-11-30 13:22 - 2009-07-14 04:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-30 13:22 - 2009-07-14 04:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-30 13:15 - 2016-02-17 12:47 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2016-11-30 12:53 - 2015-02-06 17:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042311d658f73.job
2016-11-30 11:31 - 2016-02-17 12:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2016-11-30 06:04 - 2010-11-20 21:01 - 00782190 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-30 06:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2016-11-30 05:59 - 2016-04-25 11:58 - 00000000 ____D C:\Program Files\Pulseway
2016-11-30 05:59 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-30 01:46 - 2016-07-11 23:26 - 00000000 ____D C:\Users\Administrator\Desktop\Maintenance_12_07_2016
2016-11-30 00:40 - 2016-04-27 13:38 - 00000000 ___RD C:\Users\Administrator\Desktop\Secure Folders from LIVE Drive
2016-11-30 00:22 - 2016-04-27 11:56 - 00000000 ___RD C:\Users\User\Desktop\Secure Folders
2016-11-25 15:41 - 2009-07-14 04:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-21 22:19 - 2016-04-25 12:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-11-14 21:25 - 2015-04-29 20:15 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 21:25 - 2015-04-29 20:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 09:36 - 2009-07-14 04:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-09 23:11 - 2016-07-28 13:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ESET
2016-11-09 23:07 - 2014-11-05 12:04 - 00000000 ____D C:\ProgramData\Oracle
2016-11-09 23:07 - 2012-10-31 16:01 - 00000000 ____D C:\Program Files\Java
2016-11-09 23:06 - 2014-11-05 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-09 23:06 - 2012-10-31 16:01 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-11-08 18:46 - 2016-04-25 12:21 - 00000000 ____D C:\Users\Administrator
2016-11-08 18:46 - 2012-10-31 16:16 - 00000000 ____D C:\dell
2016-11-08 18:46 - 2010-11-21 00:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-08 18:46 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration
2016-11-08 12:39 - 2012-11-22 11:06 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 12:39 - 2012-11-22 11:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 12:39 - 2012-11-22 11:06 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 11:23 - 2014-09-08 15:22 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2016-11-08 11:17 - 2016-07-28 12:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-11-08 11:15 - 2015-05-22 09:03 - 00000000 ____D C:\ProgramData\ESET
2016-11-05 13:27 - 2016-10-14 14:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-07-16 16:58 - 2016-07-16 16:58 - 0007634 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-8u111-windows-au.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f59a41a0-23a6-11e2-a278-a1d5e4b7db0c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {f59a41a2-23a6-11e2-a278-a1d5e4b7db0c}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {f59a41a0-23a6-11e2-a278-a1d5e4b7db0c}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {f59a41a2-23a6-11e2-a278-a1d5e4b7db0c}
device                  ramdisk=[C:]\Recovery\f59a41a2-23a6-11e2-a278-a1d5e4b7db0c\Winre.wim,{f59a41a3-23a6-11e2-a278-a1d5e4b7db0c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\f59a41a2-23a6-11e2-a278-a1d5e4b7db0c\Winre.wim,{f59a41a3-23a6-11e2-a278-a1d5e4b7db0c}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {f59a41a0-23a6-11e2-a278-a1d5e4b7db0c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {f59a41a3-23a6-11e2-a278-a1d5e4b7db0c}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\f59a41a2-23a6-11e2-a278-a1d5e4b7db0c\boot.sdi
 
 
 
LastRegBack: 2016-11-24 06:36
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result ..........................................................................................
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2016
Ran by Administrator (30-11-2016 13:49:21)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-10-31 13:07:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2719048277-607677208-3562655459-500 - Administrator - Enabled) => C:\Users\Administrator
bnyktffd (S-1-5-21-2719048277-607677208-3562655459-1004 - Limited - Disabled)
Guest (S-1-5-21-2719048277-607677208-3562655459-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2719048277-607677208-3562655459-1003 - Limited - Enabled)
User (S-1-5-21-2719048277-607677208-3562655459-1000 - Limited - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Internet Security 10.0.369.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security 10.0.369.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Internet Security (HKLM\...\{FABC3A3C-8EC2-4D13-ACEC-1112788DD02E}) (Version: 10.0.369.0 - ESET, spol. s r.o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Livedrive (HKLM\...\{4A20D375-0556-4B48-9282-14652FAF435C}) (Version: 3.0.3.51 - Livedrive Internet Limited)
LocK-A-FoLdeR (HKLM\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Pulseway (HKLM\...\{F3E493CC-9998-47C1-B4D0-5780E932F02E}) (Version: 4.8.5 - MMSOFT Design)
Samsung C1810 Series (HKLM\...\Samsung C1810 Series) (Version: 1.10 (10/06/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(30/10/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7280 - Analog Devices)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - )
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02A43010-F3D7-4934-BA82-A4122521FF5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {11ED2C7F-AF5C-40FF-8415-85B2A4E0D6BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1AF4748F-8FDD-4FFD-9F53-6E33023B5AC3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D9BB8BF-BF85-4C4B-A2C5-CE1BB3DCC26C} - System32\Tasks\{C335DF0E-8975-4C1F-85A4-2130988575D2} => pcalua.exe -a C:\Users\User\Desktop\Defender_Uninstaller.exe -d C:\Users\User\Desktop
Task: {4B552C9A-A511-4DED-A0D5-ED03FDA5550E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5160A9E8-5C55-45BE-8A72-63F831497BEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {60C5B9F5-466E-41DB-863F-3B714F7E6945} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe
Task: {61ABDA3C-A4F4-499E-9A42-A773A95B9AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7BE211C6-865C-46A8-A565-E37B0A649BE0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8408C16E-7050-410B-8829-24633EDF03BE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {857A3785-BEF6-49E9-9E2D-E82FB7AFE540} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {857DBEAF-74D6-45AA-96B0-3AB1B5DEE0C8} - System32\Tasks\GoogleUpdateTaskMachineUA1d042311d658f73 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {88D5BC95-3513-4F77-9DDE-3805BFB7C05C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8BF7D473-8CB5-466B-A25A-5697DB2A4097} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BA03327E-9AE7-48D7-AADF-B3D85A0A2B72} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CA525D3A-4273-404C-ABAA-0E2CAC5DF66F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6464ADF-4619-4D7D-A80F-2026A8E28D1A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8aba26d30918 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8F19A66-35D6-4A74-93D3-5DE3DB06F4C2} - System32\Tasks\GoogleUpdateTaskMachineCore1d042311cc3ced5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DFB5F6FE-2211-4609-BF27-B5A831935D96} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E0B39632-6DCB-465A-87E3-86FA54480548} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E49D78A8-0DAE-432C-9BB8-DA5F07D96722} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E56786B9-8DFD-4B43-9A12-53576BBEAD28} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E9EF4664-32FD-4958-8173-1C2C53681B3D} - System32\Tasks\GoogleUpdateTaskMachineCore1cfef8316cdc733 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE33222C-411F-4001-82AE-5C2207D787EF} - System32\Tasks\GoogleUpdateTaskMachineCore1d08fa121d7a38e => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef8316cdc733.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042311cc3ced5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa121d7a38e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8aba26d30918.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042311d658f73.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-09 20:39 - 2015-04-24 12:56 - 00018432 _____ () C:\Windows\System32\ssd5clm.dll
2015-10-29 16:44 - 2015-10-29 16:44 - 00148480 _____ () C:\Program Files\Livedrive\VSSService.exe
2016-11-09 20:39 - 2015-04-24 12:56 - 01325568 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd5cdu.dll
2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-11-08 11:15 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-11-08 11:15 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-11-11 22:27 - 2016-10-28 09:36 - 17772736 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2719048277-607677208-3562655459-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 3) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{551F8CFE-2D10-43FF-8B20-1D27D1BEF5C6}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7E11436B-7CC7-4380-8703-2A88C1D1A639}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{588CC8E6-2E6B-4D1A-BACB-FD446E1B4729}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{60E0DDD2-BD67-4008-8066-8ED7BDB8EBA3}] => (Allow) LPort=2869
FirewallRules: [{A443071D-7154-4BF1-9F27-9AA7133D7077}] => (Allow) LPort=1900
FirewallRules: [{9FC5717E-262B-4D56-BF60-8DC23E6DB59B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{6659BD70-42AA-435C-BE75-3B532A569FB5}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{D656C8B0-004C-4781-94B0-2E344B7673E6}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{47123B97-2792-4CE8-B13D-4B07D35AC116}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3A89BB46-148C-449C-9182-E1233B673219}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{31068665-BCE5-435D-867C-CDE411A5E7AB}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{D3302645-35F8-4CAB-8D0D-2F7E434940CD}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3145CC6B-1419-495D-BB0D-A2BF369F7BBF}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9D48D0E0-2191-4A29-A94D-C79FBB755E1C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{94011D3C-296B-4686-ABE4-02B897B2DAD7}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BB7AD59F-C19E-4D21-9F53-C3261F825522}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6F33FB49-AA58-4442-8E12-1565EA23786E}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{30FFE045-94F8-43CC-83D1-8411E4FB8D7E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E1A85A9A-9643-4D22-A41F-8E09BE3640FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC98CA6D-1098-45FF-BFC7-F140218DA07B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3711776E-E425-44B5-8DCA-7F33DB93CDDC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0D9A8A20-9ED6-40A8-808B-F3B8970877D2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{2DDAC32E-AC87-4AA7-AC89-3FD51EA1B11E}] => (Allow) C:\Program Files\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{52E9BB11-81DD-47CB-B0E6-6AAC898039E7}] => (Allow) C:\Program Files\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{AB617A01-7F24-409A-939E-8ECA42F49215}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe
FirewallRules: [{74DD5017-0BFF-4909-9CE9-EFFF2FB2A9E5}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe
FirewallRules: [{33E0E8A3-26B6-4979-91F5-CE4F4AFE3317}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
FirewallRules: [{63E9D550-23A9-428D-91DE-5B240245A8F5}] => (Allow) LPort=5354
FirewallRules: [{C0A3CAAA-F525-4E8B-8AEA-3EE181CBBECE}] => (Allow) LPort=5354
FirewallRules: [{6B2F33E4-AA8D-42C6-87FE-C7A9C08AF259}] => (Allow) LPort=5354
FirewallRules: [{F227FFDA-7BDB-45DA-BA49-EFEBC53252BF}] => (Allow) LPort=5354
FirewallRules: [{AA08676C-1B5A-496F-8B2B-137553A73AC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD54D72C-F5A7-43C0-AAC6-E0778EF7AE3F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA10F0AC-32BB-408A-BE30-06ECCFD2C637}] => (Allow) LPort=5354
FirewallRules: [{C50701E8-CE94-4711-B76C-8C7CE966489B}] => (Allow) LPort=5354
FirewallRules: [{AD730B02-F944-4C61-875E-124B69758149}] => (Allow) LPort=5354
FirewallRules: [{C8061E18-3747-4EBF-B62B-8283A2E3061B}] => (Allow) LPort=5354
FirewallRules: [TCP Query User{A5F360E6-F1C9-4A29-BCC3-C218609E8A82}C:\program files\ispy\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy\ispy.exe
FirewallRules: [UDP Query User{C202F5BE-EBD9-4114-8808-AF6F25CEFC99}C:\program files\ispy\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy\ispy.exe
FirewallRules: [{FDFBDEE8-EFEE-4017-AB5A-A3083C8F0D90}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C03058B2-4045-40BE-919C-BDF4EFC7B0AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{78A40478-A413-467A-87F1-EA39E0C0D3EF}] => (Allow) LPort=5354
FirewallRules: [{96692EB3-512F-4AEA-A732-3A4526F1D965}] => (Allow) LPort=5354
FirewallRules: [{E7B0EEB0-D33E-4BA5-ACEB-B0CDD229A102}] => (Allow) LPort=5354
FirewallRules: [{1653E5F8-1CBB-4850-A60F-F1F2FEE16C33}] => (Allow) LPort=5354
FirewallRules: [{FE2683D4-3B4B-48E7-997F-BAD1ED1D99A9}] => (Allow) LPort=5354
FirewallRules: [{B3B45AE4-1533-446D-9639-677A0ADB84B7}] => (Allow) LPort=5354
FirewallRules: [{EF0A6F3B-2CCA-4AD8-8E41-A03BBCB45219}] => (Allow) LPort=5354
FirewallRules: [{2D753DCE-EABA-45E4-A18B-FD3644993312}] => (Allow) LPort=5354
FirewallRules: [{B6B26734-1A68-4688-88FC-D7E2FCD0F7FC}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{86A4A853-D8E5-4E3B-B244-527B620E35FD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{2DFC9A72-E794-4029-B56F-D96F1E7622A9}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{CAB70770-738A-407E-A236-EB60C9A89C65}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{44C432B9-26B5-4F55-A95D-781A5B56F6C1}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8F8B6166-FFE6-4F34-B438-ADFD9654A6BF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D23AF470-E66A-43CA-93B1-73E57E6AFB46}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{D4F321E0-46C3-4D4C-90B6-683B31AA1AFC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-10-2016 18:52:32 Scheduled Checkpoint
06-11-2016 11:27:51 Scheduled Checkpoint
12-11-2016 17:43:52 Windows Backup
21-11-2016 12:53:12 Scheduled Checkpoint
28-11-2016 13:34:16 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/30/2016 01:38:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 01:38:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 01:19:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 01:07:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 12:06:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 11:06:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 10:05:48 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 09:05:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 08:04:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
Error: (11/30/2016 07:04:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c81b4ad-da87-4528-97d1-f8d3a2dd44a3}
 
 
System errors:
=============
Error: (11/30/2016 10:15:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/30/2016 10:15:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/30/2016 10:11:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/30/2016 09:34:51 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/30/2016 09:34:51 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/30/2016 09:05:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/30/2016 03:40:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 03:38:32 on ‎30/‎11/‎2016 was unexpected.
 
Error: (11/30/2016 01:29:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/30/2016 01:29:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/30/2016 01:29:06 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 3547.61 MB
Available physical RAM: 2196.91 MB
Total Virtual: 7093.55 MB
Available Virtual: 5859.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.73 GB) (Free:110.51 GB) NTFS
Drive e: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:789.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:52 AM

Posted 30 November 2016 - 11:18 AM

Hello, please repost these as on post here

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

I'd move it but you may not get reply notifications...

Thank you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 xtype

xtype
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 11:44 AM

Ok will do thank you...



#5 xtype

xtype
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 12:11 PM

Can't post it their I get a 

 

Error 524 Ray ID: 309fe724a3122969 • 2016-11-30 17:10:22 UTC A timeout occurred
 
You Browser Working
 
Dublin CloudFlare Working
 
www.bleepingcomputer.com Host Error


#6 xtype

xtype
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 12:14 PM

Sorry I just checked and even though I got a 502 Error it still posted 4 TIMES in Error a mod will need to delete 3 of them. I was not aware they posted as I kept getting the Error.


Edited by xtype, 30 November 2016 - 12:15 PM.


#7 xtype

xtype
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 November 2016 - 12:20 PM

Thank You....



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:52 AM

Posted 30 November 2016 - 02:49 PM

You're welcome. We'll get it sorted.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users