Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unremovable PUP.optional.startnow (plus possible keylogger)


  • Please log in to reply
9 replies to this topic

#1 MaxedOut

MaxedOut

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxford UK
  • Local time:03:48 PM

Posted 20 December 2016 - 05:11 AM

Windows Vista Home Premium SP2 (64-bit) - ESET Internet Security.

I use IBM’s Trusteer Rapport which comes free from my online bank. It loads with Windows and monitors the browser. Over the last month it’s been activating the “character replacement feature” to block keyloggers; unfortunately it doesn’t say which one.

Malwarebytes found a chrome extension registry key - PUP.Optional.StartNow but however many times I try to remove it, it’s still there on reboot.

Adwcleaner found a YahooPartner Toolbar and five malicious registry keys; I deleted them and have kept the log.

JRT deleted the wininit.ini file, some temp internet files and a Firefox chrome extension that wasn’t listed in Add-ons. The keylogger activation is still happening.

Any and all help would be greatly appreciated.

---------------------------------------------------------


FRST log -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Steve (ATTENTION: The user is not administrator) on ALICE (20-12-2016 06:24:02)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve Administator & Steve (Available Profiles: Steve Administator & Steve & UpdatusUser)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> ekrn.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> RapportMgmtService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
Failed to access process -> ETService.exe
Failed to access process -> RapportInjService_x64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nSvcAppFlt.exe
Failed to access process -> nSvcIp.exe
() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
Failed to access process -> taskeng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(ESET) C:\Program Files\ESET\ESET Internet Security\egui.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
Failed to access process -> taskeng.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [eRecoveryService] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
URLSearchHook: [S-1-5-21-1126001445-3472825750-2387988500-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1126001445-3472825750-2387988500-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1126001445-3472825750-2387988500-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-07] (Oracle Corporation)
BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-07] (Oracle Corporation)
BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-07] (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File

FireFox:
========
FF DefaultProfile: y2he58wk.default
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Nvu\Profiles\sdw4iuhg.default [2014-12-10]
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default [2016-12-20]
FF Homepage: Mozilla\Firefox\Profiles\y2he58wk.default -> hxxp://www.bbc.co.uk/news
FF Extension: (British English Dictionary) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2016-01-01] [not signed]
FF Extension: (Ghostery) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\firefox@ghostery.com.xpi [2016-12-04]
FF Extension: (GlassMyFox) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2016-12-04]
FF Extension: (Youtube MP3 Downloader using youtube-mp3.org) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2016-05-23]
FF Extension: (New Tabs at the End) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2016-05-23]
FF Extension: (Tabs On Bottom) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2016-12-04]
FF Extension: (Video DownloadHelper) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\y2he58wk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-11-16]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2010-03-29] (NOS Microsystems Ltd.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://play.google.com/store"
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2016-12-18]
CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-07]
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-07]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (Rapport) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-09-24]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-11-13]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-24]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-24]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-12-03] (SUPERAntiSpyware.com)
S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2815520 2016-10-11] (ESET)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-13] (Macrovision Europe Ltd.) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] () [File not signed]
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-12-01] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-07] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-07] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-07] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-07] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-07] (ESET)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-11-25] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-06-29] (Sunbelt Software)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)
S3 WSVD; C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys [120816 2008-05-26] (CyberLink)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys 8C771D6FBEE9D6F2E7DDE165940CB513
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys B36BFEB725497294F8922BD3E9978DBC
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys BEF9281E6766550D6F024B66316E3B23
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 16F2E8AD0F123EE6C1D8DB8AB971A12F
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 51991007674FB3548BE592F5071E747C
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\DRIVERS\eamonm.sys 5CB6D688079A3422C433C7E37AFE69D7
C:\Windows\System32\drivers\ecache.sys 665E1507E129DC598C6EB390A10AC05B
C:\Windows\System32\DRIVERS\edevmon.sys 8A61C23AFD3DDEE7C8E3A24BBCA7CE26
C:\Windows\System32\DRIVERS\ehdrv.sys D46BD3B407586775DD5CD7D7C49D0A2F
C:\Windows\System32\DRIVERS\ekbdflt.sys EB57CEC3B13FC028EC589ABABCFE7F80
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\System32\DRIVERS\epfw.sys 2B991283F3F36373FC51BE0E9F66769F
C:\Windows\System32\DRIVERS\EpfwLWF.sys 7E3FF509CD5C2FE7ADCC9870908D181A
C:\Windows\System32\DRIVERS\epfwwfp.sys FC999DD34471A72BD437CDA5230ADF44
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\fsbts.sys AA0F9F7EC70D19EA1E6390FD0D93E4AB
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\drivers\HdAudio.sys DF45F8142DC6DF9D18C39B3EFFBD0409
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\SysWOW64\drivers\int15_64.sys 8C7FA71CB1EBCD3EDE8958D27B1BF0B4
C:\Windows\System32\drivers\RTKVHD64.sys 2C62599E693372A9221C262B8040E3AC
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys DDB5EF7210DBC82946DA899D892E63DB
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\Lbd.sys 3C46290F7A5D45BA6EF32C248E22AA69
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 108DE0E4E7B0F53F5764F9A241F7A4E6
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys DCC3EF8C5F891539390B65BEFFA96AEC
C:\Windows\System32\DRIVERS\mrxsmb.sys B31DB7D6E624479EA20FEE17E712A44C
C:\Windows\System32\DRIVERS\mrxsmb10.sys 2EB4A3EDA9FBECEC53CA2BB0853E2B66
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3F979D9CE02323CB3EBD15174732C8C1
C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4D
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 54803EAE413ED3AB97976674B0EF122A
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys 2EE680D31D685C0DB4F6D5A68F418A96
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\NTIDrvr.sys 7D397449AAF52B0E7C79B64F6AD4473E
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvmfdx64.sys CF2A023F422CE6E43302B139E4B87B05
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\System32\DRIVERS\nvmfdx64.sys CF2A023F422CE6E43302B139E4B87B05
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\System32\DRIVERS\nvsmu.sys F6C6D8298DD85507F680437EC2E6899C
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\System32\DRIVERS\nvstor64.sys 14E8409CCE4BFC7591F8697A8748DC5B
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\System32\DRIVERS\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys AE9BD5321D4C636D75E2FC1CA517BC08
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 5744BCC94B59F3D0A929BEF04C1DE142
C:\Windows\System32\Drivers\RapportHades64.sys 299516255715777344F233CFC0E84C64
C:\Windows\System32\Drivers\RapportKE64.sys 17870F498B447ED10A0CE14AA32AE917
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 2811F1B9765D6A124B0387B5F0EAAE0E
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\s117bus.sys 6C90231046FB9FC4123C42179832817F
C:\Windows\System32\DRIVERS\s117mdfl.sys 3279341C90EF8F226AF77623039F4495
C:\Windows\System32\DRIVERS\s117mdm.sys 73E331F555279E753B312675DDAF4516
C:\Windows\System32\DRIVERS\s117mgmt.sys D420731FD2880F0F40F20771EFAAD671
C:\Windows\System32\DRIVERS\s117nd5.sys 98236CA5A9A77D0983AC3F6D6527C796
C:\Windows\System32\DRIVERS\s117obex.sys 1DD613909477AE298C98E86617EC356B
C:\Windows\System32\DRIVERS\s117unic.sys 9A22DF5FE9B6BE279D820776A6ADB56F
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\system32\drivers\SBREdrv.sys FD833BEE2FD9BEFDC0AFD1941A306D9E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\seehcri.sys EDE7A1D2715AAC2190D51DC07AFD44E3
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys D8619847EAAF3015B45DE7E473D9BB36
C:\Windows\System32\DRIVERS\srv2.sys 755A1C892EF4E5EAF7E1495855B1C81B
C:\Windows\System32\DRIVERS\srvnet.sys 490870B6684EA4AC9B206EBEAC1E4001
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\DRIVERS\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys A47CD175CF72CA5EEDB47C79532A7622
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\System32\DRIVERS\usbccid.sys F8E1CB9B8DA037219953190CD2ACA358
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\System32\DRIVERS\usbohci.sys 396041C6EA61202991221AA6A3B16190
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS 2702146BBD36B2AF1514CCC1F914646C
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys 87E0075B86AD5581A2B35D6326D365B5
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 06:24 - 2016-12-20 06:24 - 00037138 _____ C:\Users\Steve\Desktop\FRST.txt
2016-12-20 06:23 - 2016-12-20 06:23 - 02420224 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2016-12-20 06:23 - 2016-12-20 06:23 - 00000000 ____D C:\Users\Steve\Desktop\FRST-OlderVersion
2016-12-17 17:57 - 2016-11-08 17:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-17 17:57 - 2016-11-08 17:02 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-17 17:47 - 2016-11-11 17:14 - 00820736 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-17 17:47 - 2016-11-11 16:59 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-17 17:47 - 2016-11-09 15:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-17 17:47 - 2016-11-09 15:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-17 17:47 - 2016-10-27 16:16 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-17 17:47 - 2016-10-27 16:03 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-17 17:46 - 2016-11-16 17:20 - 00364776 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-17 17:44 - 2016-11-20 16:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-17 17:44 - 2016-11-20 14:16 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-17 17:44 - 2016-11-20 14:13 - 00521448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-17 17:44 - 2016-11-20 14:13 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-17 17:43 - 2016-11-20 17:12 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-17 17:43 - 2016-11-20 16:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-17 17:43 - 2016-11-08 17:10 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-17 17:43 - 2016-11-08 17:01 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-17 11:41 - 2016-12-17 11:41 - 00048706 _____ C:\Users\Steve\Documents\Returning a faulty item.pdf
2016-12-17 11:16 - 2016-11-08 15:49 - 02804736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-16 19:22 - 2016-12-16 19:22 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-16 19:06 - 2016-12-16 19:05 - 07097928 _____ (VS Revo Group ) C:\Users\Steve\Downloads\revosetup.exe
2016-12-16 12:52 - 2016-12-16 12:52 - 00000000 ____D C:\57570e60f9237e558cafec308d2f7299
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\ProgramData\ESET
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\Program Files\ESET
2016-12-15 18:26 - 2016-10-02 17:14 - 03604152 _____ (COMODO) C:\ProgramData\cis695.exe
2016-12-15 18:25 - 2016-12-15 18:25 - 00000000 ____D C:\ProgramData\Shared Space
2016-12-15 18:03 - 2016-12-16 06:33 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\F-Secure
2016-12-15 17:46 - 2016-12-15 17:46 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\AVAST Software
2016-12-15 17:05 - 2016-12-15 18:01 - 00000000 ____D C:\SMCLpav
2016-12-15 17:05 - 2016-12-15 17:20 - 00000000 ____D C:\ProgramData\Panda Security
2016-12-15 11:52 - 2016-12-15 11:52 - 00000000 ____D C:\Users\Steve\AppData\Local\CEF
2016-12-15 11:48 - 2016-12-15 11:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-15 11:44 - 2016-12-15 11:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-08 18:18 - 2016-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-08 11:34 - 2016-12-08 11:34 - 00000828 _____ C:\Users\Steve\Downloads\MBAM Logs.lnk
2016-12-07 13:30 - 2016-12-07 13:30 - 02528768 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-12-07 13:30 - 2016-12-07 13:30 - 01544704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-07 13:20 - 2016-12-07 13:20 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-07 13:20 - 2016-12-07 13:20 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00284160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-12-07 13:17 - 2016-12-07 13:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-12-07 13:13 - 2016-12-07 13:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-07 13:13 - 2016-12-07 13:13 - 04692712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-07 13:13 - 2016-12-07 13:13 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-12-07 13:13 - 2016-12-07 13:13 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 01019904 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-12-07 13:08 - 2016-12-07 13:08 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-12-07 13:08 - 2016-12-07 13:08 - 00884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-12-07 13:08 - 2016-12-07 13:08 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-12-07 13:08 - 2016-12-07 13:08 - 00573952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-12-07 13:06 - 2016-12-07 13:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-12-07 13:06 - 2016-12-07 13:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-12-07 13:05 - 2016-12-07 13:05 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-12-07 13:03 - 2016-12-07 13:03 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-12-07 13:03 - 2016-12-07 13:03 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-12-07 13:02 - 2016-12-07 13:02 - 00975872 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-12-07 13:02 - 2016-12-07 13:02 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00726016 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-12-07 13:01 - 2016-12-07 13:01 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-12-07 00:06 - 2016-12-07 00:06 - 00000000 ____D C:\Users\Steve\Documents\Updates
2016-12-06 23:55 - 2016-12-06 23:55 - 00383208 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-12-06 23:20 - 2016-09-09 14:57 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-12-06 23:20 - 2016-09-09 14:56 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-12-06 23:20 - 2016-09-09 14:44 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-12-06 23:20 - 2016-09-09 14:43 - 01561600 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-12-06 23:20 - 2016-09-09 14:42 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-12-06 23:20 - 2016-09-09 14:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-12-06 23:20 - 2016-09-09 14:32 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-12-06 23:20 - 2016-09-09 14:23 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-12-06 23:20 - 2016-09-09 14:21 - 01073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-12-06 22:37 - 2016-12-06 22:39 - 00000000 ____D C:\Users\Steve Administator\Desktop\updates
2016-12-06 22:37 - 2016-12-05 17:43 - 07785575 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3191203-x64_05e165673951228ca651faa659dd24341efda6f4.msu
2016-12-06 22:37 - 2016-12-05 17:38 - 02168558 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3185911-x64_b3edd2f8de09e7451767ee73658ec54b394228c3.msu
2016-12-06 22:37 - 2016-12-05 17:36 - 08386863 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3109094-x64_7c7fb9690a32483e79d600b6886e5bfc4d3fe71c.msu
2016-12-06 22:37 - 2016-12-05 17:31 - 08232287 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3078601-x64_ef7d88846dbf568b534901f434c99274d7ef580f.msu
2016-12-06 22:37 - 2016-12-05 17:24 - 00693502 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3203859-x64_a5276a41e72f8888572d5459c6a757fe28844706.msu
2016-12-06 22:37 - 2016-12-05 17:22 - 01559945 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3198234-x64_d35cbdb3fee35903e7ea4901a38f18f9376cd94f.msu
2016-12-06 21:15 - 2016-12-06 21:15 - 00004410 _____ C:\Users\Steve Administator\Desktop\startup.txt
2016-12-05 19:46 - 2016-12-03 21:08 - 134454304 _____ C:\Users\Steve\Downloads\cureit.exe
2016-12-05 19:46 - 2016-12-02 21:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2016-12-05 19:46 - 2016-12-02 20:59 - 05659954 _____ (Swearware) C:\Users\Steve\Downloads\ComboFix.exe
2016-12-05 19:12 - 2016-12-05 19:12 - 00000299 _____ C:\Users\Steve\Documents\Dual-Boot.URL
2016-12-05 17:44 - 2016-12-05 17:44 - 00000251 _____ C:\Users\Steve\Documents\Microsoft Update Catalog.URL
2016-12-05 15:57 - 2016-12-05 15:57 - 00000526 _____ C:\Users\Steve\Desktop\VIRUS.lnk
2016-12-05 14:53 - 2016-12-05 14:53 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\ESET
2016-12-05 14:52 - 2016-12-16 06:59 - 00000000 ____D C:\Users\Steve\AppData\Local\ESET
2016-12-05 14:50 - 2016-12-05 14:51 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Steve\Downloads\esetonlinescanner_enu.exe
2016-12-05 12:58 - 2016-12-05 12:58 - 00000254 _____ C:\Users\Steve\Documents\Bipolar UK eCommunity - eCommunity home.URL
2016-12-04 20:03 - 2016-12-16 19:57 - 00000280 _____ C:\Windows\wininit.ini
2016-12-04 00:34 - 2016-12-04 00:37 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-04 00:33 - 2016-12-04 00:45 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-03 23:24 - 2016-12-03 23:29 - 00187488 _____ C:\TDSSKiller.3.1.0.12_03.12.2016_23.24.36_log.txt
2016-12-03 19:04 - 2016-12-16 19:28 - 00000000 ____D C:\Users\Steve Administator\AppData\LocalLow\Mozilla
2016-12-03 02:24 - 2016-12-03 02:24 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\SUPERAntiSpyware.com
2016-12-03 02:22 - 2016-12-03 02:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-03 02:22 - 2016-12-03 02:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-03 02:01 - 2016-12-20 06:24 - 00000000 ____D C:\FRST
2016-12-03 00:10 - 2016-12-03 01:45 - 00000000 ____D C:\AdwCleaner
2016-12-01 02:18 - 2016-12-01 02:18 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-29 10:48 - 2016-11-29 10:50 - 02150723 _____ C:\Users\Steve\Documents\010716_Call_Charges_By_ Dial_Code.pdf
2016-11-20 02:40 - 2015-07-17 10:40 - 00450089 ____R C:\Windows\system32\Drivers\etc\hosts.ccebak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 06:22 - 2010-04-06 15:50 - 00000000 ___RD C:\Users\Steve\Documents\1) home
2016-12-20 05:46 - 2014-12-10 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-20 05:06 - 2016-11-18 07:35 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2016-12-20 05:03 - 2010-04-02 13:08 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2016-12-20 05:03 - 2006-11-02 15:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-20 05:03 - 2006-11-02 15:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 05:02 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-19 00:31 - 2006-11-02 15:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-17 20:22 - 2010-04-02 12:55 - 00000000 ____D C:\Users\Steve Administator
2016-12-17 19:01 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\rescache
2016-12-17 18:38 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-12-17 17:54 - 2014-04-08 11:33 - 00846362 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-17 17:54 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\inf
2016-12-17 17:54 - 2006-11-02 12:46 - 00846362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 11:41 - 2010-04-07 12:14 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2016-12-17 11:29 - 2006-11-02 15:21 - 00332488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-16 20:47 - 2010-04-02 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 20:46 - 2010-04-02 17:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 20:44 - 2010-04-07 12:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photography
2016-12-16 20:44 - 2010-04-02 14:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photography
2016-12-16 20:04 - 2010-04-02 13:50 - 00000000 ____D C:\Users\Steve
2016-12-16 19:58 - 2014-09-27 12:14 - 00000000 ____D C:\Users\Steve\AppData\Local\Amazon Music
2016-12-16 19:57 - 2013-02-07 17:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Amazon
2016-12-16 19:56 - 2013-02-07 17:51 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-12-16 19:49 - 2010-04-02 14:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video
2016-12-16 19:29 - 2014-12-08 18:41 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\Adobe
2016-12-16 19:27 - 2010-04-02 12:55 - 00077144 _____ C:\Users\Steve Administator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-16 19:17 - 2010-04-02 14:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-12-16 19:07 - 2013-04-30 11:31 - 00000000 ____D C:\Users\Steve\Downloads\reinstall
2016-12-16 19:06 - 2011-08-16 18:35 - 00000000 ____D C:\Users\Steve\Downloads\antivirus
2016-12-16 12:38 - 2010-09-23 07:52 - 00000000 ____D C:\Users\Steve\Documents\99) VIRUS
2016-12-16 11:21 - 2016-02-07 21:54 - 00000000 ____D C:\Users\Steve\Documents\Atheist Republic
2016-12-16 06:46 - 2012-09-03 16:21 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-16 06:46 - 2012-07-08 23:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-16 06:46 - 2011-11-12 14:11 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-16 06:46 - 2008-05-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-16 06:33 - 2013-12-20 09:07 - 00000000 ____D C:\ProgramData\F-Secure
2016-12-16 06:33 - 2010-11-05 12:30 - 00000000 ___RD C:\Users\Steve Administator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 06:03 - 2010-04-02 13:51 - 00077144 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-15 18:25 - 2014-12-12 12:40 - 00000000 ____D C:\ProgramData\Comodo
2016-12-15 18:01 - 2006-11-02 13:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-12-15 17:57 - 2011-12-25 05:41 - 00000000 ____D C:\Users\UpdatusUser
2016-12-15 17:56 - 2016-08-01 11:30 - 00000000 ___HD C:\VTRoot
2016-12-15 17:56 - 2014-12-12 13:26 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\Comodo
2016-12-15 17:56 - 2014-12-12 13:00 - 00000000 ____D C:\Program Files\COMODO
2016-12-15 17:56 - 2014-12-12 12:59 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-12-15 17:56 - 2012-11-04 07:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Winamp
2016-12-15 17:56 - 2008-05-26 06:53 - 00000000 ____D C:\ACER
2016-12-15 17:56 - 2006-11-02 13:34 - 00000000 ____D C:\Windows\system32\spool
2016-12-15 17:56 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\registration
2016-12-15 09:52 - 2010-11-10 20:30 - 00000000 ____D C:\Windows\Minidump
2016-12-14 18:04 - 2011-07-31 08:32 - 00001460 _____ C:\Users\Steve\AppData\Local\d3d9caps64.dat
2016-12-11 15:33 - 2010-04-06 16:13 - 00000000 ___RD C:\Users\Steve\Documents\MozBackups
2016-12-11 15:06 - 2010-08-09 22:28 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PhotoScape
2016-12-10 10:54 - 2016-10-13 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-10 10:54 - 2012-07-08 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-07 13:40 - 2011-03-29 13:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-07 13:34 - 2006-11-02 15:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-06 21:12 - 2010-04-02 16:36 - 00000000 ____D C:\Windows\pss
2016-12-06 19:06 - 2015-04-07 14:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-06 19:05 - 2015-04-07 14:59 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\Google
2016-12-05 14:09 - 2010-04-06 16:16 - 00000000 ___RD C:\Users\Steve\Documents\20) computer
2016-12-04 17:03 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-04 00:25 - 2014-12-09 18:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-03 23:45 - 2016-05-19 15:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-03 23:35 - 2016-05-19 15:25 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-03 17:37 - 2014-08-15 22:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-02 20:24 - 2010-09-24 21:18 - 00000000 ____D C:\Program Files\Speccy
2016-11-29 16:06 - 2015-05-13 08:35 - 00012288 ____H C:\Users\Steve\Desktop\photothumb.db
2016-11-25 13:13 - 2013-12-20 09:23 - 00073928 _____ C:\Windows\system32\Drivers\fsbts.sys
2016-11-23 05:54 - 2016-02-23 13:36 - 00000000 ____D C:\Users\Steve\Documents\My Kindle Content
2016-11-22 22:20 - 2015-06-10 08:24 - 00235688 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-11-22 22:20 - 2012-04-23 07:05 - 00489704 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-11-20 12:16 - 2016-07-22 07:52 - 00000093 _____ C:\Users\Steve\Documents\Email.txt

==================== Files in the root of some directories =======

2014-05-15 10:01 - 2014-05-24 13:37 - 0000143 _____ () C:\Program Files (x86)\.lnk
2011-07-31 08:32 - 2016-12-14 18:04 - 0001460 _____ () C:\Users\Steve\AppData\Local\d3d9caps64.dat
2010-04-02 14:10 - 2014-06-13 09:54 - 0098304 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-15 18:26 - 2016-10-02 17:14 - 3604152 _____ (COMODO) C:\ProgramData\cis695.exe

Files to move or delete:
====================
C:\ProgramData\cis695.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== BCD ================================
The boot configuration data store could not be opened.
Access is denied.


==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 AM

Posted 20 December 2016 - 02:34 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Ran by Steve (ATTENTION: The user is not administrator) on ALICE (20-12-2016 06:24:02)


Please run the Farbar tool as an Administrator.

Post the A FRESH frst LOG and include the Addition.txt file also created by running the tool.

I will review them.

#3 MaxedOut

MaxedOut
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxford UK
  • Local time:03:48 PM

Posted 21 December 2016 - 03:37 AM

Thanks for devoting your unpaid time to this nasdaq.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Steve Administator (administrator) on ALICE (21-12-2016 02:04:14)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve Administator & Steve (Available Profiles: Steve Administator & Steve & UpdatusUser)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Internet Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
() C:\Program Files\bin32\nSvcAppFlt.exe
() C:\Program Files\bin32\nSvcIp.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
() C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Internet Security\egui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [eRecoveryService] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(W~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=0410&m=aspire_x3200
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1126001445-3472825750-2387988500-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1126001445-3472825750-2387988500-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1126001445-3472825750-2387988500-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-07] (Oracle Corporation)
BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-07] (Oracle Corporation)
BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-07] (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKU\S-1-5-21-1126001445-3472825750-2387988500-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Steve Administator\AppData\Roaming\Mozilla\Firefox\Profiles\uhasq8f5.default [2016-12-16]
FF Extension: (Ghostery) - C:\Users\Steve Administator\AppData\Roaming\Mozilla\Firefox\Profiles\uhasq8f5.default\Extensions\firefox@ghostery(35).com [2012-01-04] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Steve Administator\AppData\Roaming\Mozilla\Firefox\Profiles\uhasq8f5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-11-25] [not signed]
FF Extension: (FVD Suite Addon) - C:\Users\Steve Administator\AppData\Roaming\Mozilla\Firefox\Profiles\uhasq8f5.default\Extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d} [2012-07-14] [not signed]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2010-03-29] (NOS Microsystems Ltd.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-12-03] (SUPERAntiSpyware.com)
S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2815520 2016-10-11] (ESET)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-13] (Macrovision Europe Ltd.) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] () [File not signed]
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-12-01] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-07] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-07] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-07] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-07] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-07] (ESET)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-11-25] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-06-29] (Sunbelt Software)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)
S3 WSVD; C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys [120816 2008-05-26] (CyberLink)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys 8C771D6FBEE9D6F2E7DDE165940CB513
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys B36BFEB725497294F8922BD3E9978DBC
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys BEF9281E6766550D6F024B66316E3B23
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 16F2E8AD0F123EE6C1D8DB8AB971A12F
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 51991007674FB3548BE592F5071E747C
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\DRIVERS\eamonm.sys 5CB6D688079A3422C433C7E37AFE69D7
C:\Windows\System32\drivers\ecache.sys 665E1507E129DC598C6EB390A10AC05B
C:\Windows\System32\DRIVERS\edevmon.sys 8A61C23AFD3DDEE7C8E3A24BBCA7CE26
C:\Windows\System32\DRIVERS\ehdrv.sys D46BD3B407586775DD5CD7D7C49D0A2F
C:\Windows\System32\DRIVERS\ekbdflt.sys EB57CEC3B13FC028EC589ABABCFE7F80
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\System32\DRIVERS\epfw.sys 2B991283F3F36373FC51BE0E9F66769F
C:\Windows\System32\DRIVERS\EpfwLWF.sys 7E3FF509CD5C2FE7ADCC9870908D181A
C:\Windows\System32\DRIVERS\epfwwfp.sys FC999DD34471A72BD437CDA5230ADF44
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\fsbts.sys AA0F9F7EC70D19EA1E6390FD0D93E4AB
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\drivers\HdAudio.sys DF45F8142DC6DF9D18C39B3EFFBD0409
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\SysWOW64\drivers\int15_64.sys 8C7FA71CB1EBCD3EDE8958D27B1BF0B4
C:\Windows\System32\drivers\RTKVHD64.sys 2C62599E693372A9221C262B8040E3AC
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys DDB5EF7210DBC82946DA899D892E63DB
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\Lbd.sys 3C46290F7A5D45BA6EF32C248E22AA69
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 108DE0E4E7B0F53F5764F9A241F7A4E6
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys DCC3EF8C5F891539390B65BEFFA96AEC
C:\Windows\System32\DRIVERS\mrxsmb.sys B31DB7D6E624479EA20FEE17E712A44C
C:\Windows\System32\DRIVERS\mrxsmb10.sys 2EB4A3EDA9FBECEC53CA2BB0853E2B66
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3F979D9CE02323CB3EBD15174732C8C1
C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4D
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 54803EAE413ED3AB97976674B0EF122A
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys 2EE680D31D685C0DB4F6D5A68F418A96
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\NTIDrvr.sys 7D397449AAF52B0E7C79B64F6AD4473E
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvmfdx64.sys CF2A023F422CE6E43302B139E4B87B05
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\System32\DRIVERS\nvmfdx64.sys CF2A023F422CE6E43302B139E4B87B05
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\System32\DRIVERS\nvsmu.sys F6C6D8298DD85507F680437EC2E6899C
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\System32\DRIVERS\nvstor64.sys 14E8409CCE4BFC7591F8697A8748DC5B
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\System32\DRIVERS\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys AE9BD5321D4C636D75E2FC1CA517BC08
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 5744BCC94B59F3D0A929BEF04C1DE142
C:\Windows\System32\Drivers\RapportHades64.sys 299516255715777344F233CFC0E84C64
C:\Windows\System32\Drivers\RapportKE64.sys 17870F498B447ED10A0CE14AA32AE917
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 2811F1B9765D6A124B0387B5F0EAAE0E
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\s117bus.sys 6C90231046FB9FC4123C42179832817F
C:\Windows\System32\DRIVERS\s117mdfl.sys 3279341C90EF8F226AF77623039F4495
C:\Windows\System32\DRIVERS\s117mdm.sys 73E331F555279E753B312675DDAF4516
C:\Windows\System32\DRIVERS\s117mgmt.sys D420731FD2880F0F40F20771EFAAD671
C:\Windows\System32\DRIVERS\s117nd5.sys 98236CA5A9A77D0983AC3F6D6527C796
C:\Windows\System32\DRIVERS\s117obex.sys 1DD613909477AE298C98E86617EC356B
C:\Windows\System32\DRIVERS\s117unic.sys 9A22DF5FE9B6BE279D820776A6ADB56F
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\system32\drivers\SBREdrv.sys FD833BEE2FD9BEFDC0AFD1941A306D9E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\seehcri.sys EDE7A1D2715AAC2190D51DC07AFD44E3
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys D8619847EAAF3015B45DE7E473D9BB36
C:\Windows\System32\DRIVERS\srv2.sys 755A1C892EF4E5EAF7E1495855B1C81B
C:\Windows\System32\DRIVERS\srvnet.sys 490870B6684EA4AC9B206EBEAC1E4001
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\DRIVERS\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys A47CD175CF72CA5EEDB47C79532A7622
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\System32\DRIVERS\usbccid.sys F8E1CB9B8DA037219953190CD2ACA358
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\System32\DRIVERS\usbohci.sys 396041C6EA61202991221AA6A3B16190
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS 2702146BBD36B2AF1514CCC1F914646C
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Program Files\Acer\Empowering Technology\eRecovery\WSVD.sys 87E0075B86AD5581A2B35D6326D365B5
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 02:04 - 2016-12-21 02:05 - 00033415 _____ C:\Users\Steve\Desktop\FRST.txt
2016-12-20 06:23 - 2016-12-20 06:23 - 02420224 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2016-12-17 17:57 - 2016-11-08 17:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-17 17:57 - 2016-11-08 17:02 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-17 17:47 - 2016-11-11 17:14 - 00820736 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-17 17:47 - 2016-11-11 16:59 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-17 17:47 - 2016-11-09 15:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-17 17:47 - 2016-11-09 15:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-17 17:47 - 2016-10-27 16:16 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-17 17:47 - 2016-10-27 16:03 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-17 17:46 - 2016-11-16 17:20 - 00364776 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-17 17:44 - 2016-11-20 16:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-17 17:44 - 2016-11-20 14:16 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-17 17:44 - 2016-11-20 14:13 - 00521448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-17 17:44 - 2016-11-20 14:13 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-17 17:43 - 2016-11-20 17:12 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-17 17:43 - 2016-11-20 16:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-17 17:43 - 2016-11-08 17:10 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-17 17:43 - 2016-11-08 17:01 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-17 11:41 - 2016-12-17 11:41 - 00048706 _____ C:\Users\Steve\Documents\Returning a faulty item.pdf
2016-12-17 11:16 - 2016-11-08 15:49 - 02804736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-16 19:22 - 2016-12-16 19:22 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-16 19:06 - 2016-12-16 19:05 - 07097928 _____ (VS Revo Group ) C:\Users\Steve\Downloads\revosetup.exe
2016-12-16 12:52 - 2016-12-16 12:52 - 00000000 ____D C:\57570e60f9237e558cafec308d2f7299
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\ProgramData\ESET
2016-12-16 06:55 - 2016-12-16 06:55 - 00000000 ____D C:\Program Files\ESET
2016-12-15 18:26 - 2016-12-15 18:26 - 00003290 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-12-15 18:26 - 2016-10-02 17:14 - 03604152 _____ (COMODO) C:\ProgramData\cis695.exe
2016-12-15 18:25 - 2016-12-15 18:25 - 00000000 ____D C:\ProgramData\Shared Space
2016-12-15 18:03 - 2016-12-16 06:33 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\F-Secure
2016-12-15 17:46 - 2016-12-15 17:46 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\AVAST Software
2016-12-15 17:05 - 2016-12-15 18:01 - 00000000 ____D C:\SMCLpav
2016-12-15 17:05 - 2016-12-15 17:20 - 00000000 ____D C:\ProgramData\Panda Security
2016-12-15 11:52 - 2016-12-15 11:52 - 00000000 ____D C:\Users\Steve\AppData\Local\CEF
2016-12-15 11:48 - 2016-12-15 11:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-15 11:44 - 2016-12-15 11:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-08 18:18 - 2016-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-08 11:34 - 2016-12-08 11:34 - 00000828 _____ C:\Users\Steve\Downloads\MBAM Logs.lnk
2016-12-07 13:30 - 2016-12-07 13:30 - 02528768 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-12-07 13:30 - 2016-12-07 13:30 - 01544704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-07 13:24 - 2016-12-07 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-07 13:20 - 2016-12-07 13:20 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-07 13:20 - 2016-12-07 13:20 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00284160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-12-07 13:18 - 2016-12-07 13:18 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-12-07 13:17 - 2016-12-07 13:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-12-07 13:13 - 2016-12-07 13:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-07 13:13 - 2016-12-07 13:13 - 04692712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-07 13:13 - 2016-12-07 13:13 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-12-07 13:13 - 2016-12-07 13:13 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-12-07 13:11 - 2016-12-07 13:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-12-07 13:11 - 2016-12-07 13:11 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 01019904 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-12-07 13:08 - 2016-12-07 13:08 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-12-07 13:08 - 2016-12-07 13:08 - 00884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-12-07 13:08 - 2016-12-07 13:08 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-12-07 13:08 - 2016-12-07 13:08 - 00573952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-12-07 13:08 - 2016-12-07 13:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-12-07 13:08 - 2016-12-07 13:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-12-07 13:06 - 2016-12-07 13:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-12-07 13:06 - 2016-12-07 13:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-12-07 13:05 - 2016-12-07 13:05 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-12-07 13:05 - 2016-12-07 13:05 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-12-07 13:05 - 2016-12-07 13:05 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-12-07 13:03 - 2016-12-07 13:03 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-12-07 13:03 - 2016-12-07 13:03 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-12-07 13:02 - 2016-12-07 13:02 - 00975872 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-12-07 13:02 - 2016-12-07 13:02 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-12-07 13:02 - 2016-12-07 13:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00726016 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-12-07 13:01 - 2016-12-07 13:01 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-12-07 13:01 - 2016-12-07 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-12-07 00:06 - 2016-12-07 00:06 - 00000000 ____D C:\Users\Steve\Documents\Updates
2016-12-06 23:55 - 2016-12-06 23:55 - 00383208 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-12-06 23:55 - 2016-12-06 23:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-12-06 23:20 - 2016-09-09 15:34 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-12-06 23:20 - 2016-09-09 15:15 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-12-06 23:20 - 2016-09-09 14:57 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-12-06 23:20 - 2016-09-09 14:56 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-12-06 23:20 - 2016-09-09 14:44 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-12-06 23:20 - 2016-09-09 14:43 - 01561600 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-12-06 23:20 - 2016-09-09 14:42 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-12-06 23:20 - 2016-09-09 14:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-12-06 23:20 - 2016-09-09 14:32 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-12-06 23:20 - 2016-09-09 14:23 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-12-06 23:20 - 2016-09-09 14:21 - 01073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-12-06 22:37 - 2016-12-06 22:39 - 00000000 ____D C:\Users\Steve Administator\Desktop\updates
2016-12-06 22:37 - 2016-12-05 17:43 - 07785575 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3191203-x64_05e165673951228ca651faa659dd24341efda6f4.msu
2016-12-06 22:37 - 2016-12-05 17:38 - 02168558 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3185911-x64_b3edd2f8de09e7451767ee73658ec54b394228c3.msu
2016-12-06 22:37 - 2016-12-05 17:36 - 08386863 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3109094-x64_7c7fb9690a32483e79d600b6886e5bfc4d3fe71c.msu
2016-12-06 22:37 - 2016-12-05 17:31 - 08232287 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3078601-x64_ef7d88846dbf568b534901f434c99274d7ef580f.msu
2016-12-06 22:37 - 2016-12-05 17:24 - 00693502 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3203859-x64_a5276a41e72f8888572d5459c6a757fe28844706.msu
2016-12-06 22:37 - 2016-12-05 17:22 - 01559945 _____ C:\Users\Steve Administator\Desktop\windows6.0-kb3198234-x64_d35cbdb3fee35903e7ea4901a38f18f9376cd94f.msu
2016-12-06 21:15 - 2016-12-06 21:15 - 00004410 _____ C:\Users\Steve Administator\Desktop\startup.txt
2016-12-05 19:46 - 2016-12-03 21:08 - 134454304 _____ C:\Users\Steve\Downloads\cureit.exe
2016-12-05 19:46 - 2016-12-02 21:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2016-12-05 19:46 - 2016-12-02 20:59 - 05659954 _____ (Swearware) C:\Users\Steve\Downloads\ComboFix.exe
2016-12-05 19:12 - 2016-12-05 19:12 - 00000299 _____ C:\Users\Steve\Documents\Dual-Boot.URL
2016-12-05 17:44 - 2016-12-05 17:44 - 00000251 _____ C:\Users\Steve\Documents\Microsoft Update Catalog.URL
2016-12-05 15:57 - 2016-12-05 15:57 - 00000526 _____ C:\Users\Steve\Desktop\VIRUS.lnk
2016-12-05 14:53 - 2016-12-05 14:53 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\ESET
2016-12-05 14:52 - 2016-12-16 06:59 - 00000000 ____D C:\Users\Steve\AppData\Local\ESET
2016-12-05 14:50 - 2016-12-05 14:51 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Steve\Downloads\esetonlinescanner_enu.exe
2016-12-05 12:58 - 2016-12-05 12:58 - 00000254 _____ C:\Users\Steve\Documents\Bipolar UK eCommunity - eCommunity home.URL
2016-12-04 20:03 - 2016-12-16 19:57 - 00000280 _____ C:\Windows\wininit.ini
2016-12-04 00:34 - 2016-12-04 00:37 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-04 00:33 - 2016-12-04 00:45 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-03 23:24 - 2016-12-03 23:29 - 00187488 _____ C:\TDSSKiller.3.1.0.12_03.12.2016_23.24.36_log.txt
2016-12-03 19:04 - 2016-12-16 19:28 - 00000000 ____D C:\Users\Steve Administator\AppData\LocalLow\Mozilla
2016-12-03 02:24 - 2016-12-03 02:24 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\SUPERAntiSpyware.com
2016-12-03 02:22 - 2016-12-03 02:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-03 02:22 - 2016-12-03 02:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-03 02:01 - 2016-12-21 02:04 - 00000000 ____D C:\FRST
2016-12-03 00:10 - 2016-12-03 01:45 - 00000000 ____D C:\AdwCleaner
2016-12-02 20:46 - 2016-12-02 20:46 - 00002794 _____ C:\Windows\System32\Tasks\RunSpeccy
2016-12-01 02:18 - 2016-12-01 02:18 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-29 10:48 - 2016-11-29 10:50 - 02150723 _____ C:\Users\Steve\Documents\010716_Call_Charges_By_ Dial_Code.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 01:46 - 2014-12-10 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-21 00:57 - 2006-11-02 15:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-21 00:57 - 2006-11-02 15:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 23:10 - 2016-11-18 07:35 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2016-12-20 10:33 - 2010-09-23 07:52 - 00000000 ____D C:\Users\Steve\Documents\99) VIRUS
2016-12-20 09:51 - 2010-04-02 13:08 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2016-12-20 09:50 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-20 07:05 - 2010-04-06 15:50 - 00000000 ___RD C:\Users\Steve\Documents\1) home
2016-12-20 07:05 - 2006-11-02 15:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-17 20:22 - 2010-04-02 12:55 - 00000000 ____D C:\Users\Steve Administator
2016-12-17 19:01 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\rescache
2016-12-17 18:38 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-12-17 17:54 - 2014-04-08 11:33 - 00846362 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-17 17:54 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\inf
2016-12-17 17:54 - 2006-11-02 12:46 - 00846362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 11:41 - 2010-04-07 12:14 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2016-12-17 11:29 - 2006-11-02 15:21 - 00332488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-17 00:46 - 2010-08-16 14:20 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2016-12-16 20:47 - 2010-04-02 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 20:46 - 2010-04-02 17:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 20:44 - 2010-04-07 12:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photography
2016-12-16 20:44 - 2010-04-02 14:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photography
2016-12-16 20:04 - 2010-04-02 13:50 - 00000000 ____D C:\Users\Steve
2016-12-16 19:58 - 2014-09-27 12:14 - 00000000 ____D C:\Users\Steve\AppData\Local\Amazon Music
2016-12-16 19:57 - 2013-02-07 17:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Amazon
2016-12-16 19:56 - 2013-02-07 17:51 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-12-16 19:49 - 2010-04-02 14:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video
2016-12-16 19:29 - 2014-12-08 18:41 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\Adobe
2016-12-16 19:27 - 2010-04-02 12:55 - 00077144 _____ C:\Users\Steve Administator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-16 19:17 - 2010-04-02 14:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-12-16 19:07 - 2013-04-30 11:31 - 00000000 ____D C:\Users\Steve\Downloads\reinstall
2016-12-16 19:06 - 2011-08-16 18:35 - 00000000 ____D C:\Users\Steve\Downloads\antivirus
2016-12-16 11:21 - 2016-02-07 21:54 - 00000000 ____D C:\Users\Steve\Documents\Atheist Republic
2016-12-16 06:46 - 2014-12-10 12:28 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-16 06:46 - 2012-09-03 16:21 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-16 06:46 - 2012-07-08 23:38 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-16 06:46 - 2011-11-12 14:11 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-16 06:46 - 2008-05-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-16 06:33 - 2013-12-20 09:07 - 00000000 ____D C:\ProgramData\F-Secure
2016-12-16 06:33 - 2010-11-05 12:30 - 00000000 ___RD C:\Users\Steve Administator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2016-12-16 06:03 - 2010-04-02 13:51 - 00077144 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-15 18:25 - 2014-12-12 12:40 - 00000000 ____D C:\ProgramData\Comodo
2016-12-15 18:01 - 2006-11-02 13:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-12-15 17:57 - 2011-12-25 05:41 - 00000000 ____D C:\Users\UpdatusUser
2016-12-15 17:57 - 2006-11-02 12:33 - 87818240 _____ C:\Windows\system32\config\software_previous
2016-12-15 17:57 - 2006-11-02 12:33 - 62128128 _____ C:\Windows\system32\config\system_previous
2016-12-15 17:57 - 2006-11-02 12:33 - 61603840 _____ C:\Windows\system32\config\components_previous
2016-12-15 17:57 - 2006-11-02 12:33 - 05242880 _____ C:\Windows\system32\config\default_previous
2016-12-15 17:57 - 2006-11-02 12:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-12-15 17:57 - 2006-11-02 12:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-12-15 17:56 - 2016-08-01 11:30 - 00000000 ___HD C:\VTRoot
2016-12-15 17:56 - 2014-12-12 13:26 - 00000000 ____D C:\Users\Steve Administator\AppData\Roaming\Comodo
2016-12-15 17:56 - 2014-12-12 13:00 - 00000000 ____D C:\Program Files\COMODO
2016-12-15 17:56 - 2014-12-12 12:59 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-12-15 17:56 - 2012-11-04 07:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Winamp
2016-12-15 17:56 - 2008-05-26 06:53 - 00000000 ____D C:\ACER
2016-12-15 17:56 - 2006-11-02 13:34 - 00000000 ____D C:\Windows\system32\spool
2016-12-15 17:56 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\registration
2016-12-15 09:52 - 2010-11-10 20:30 - 00000000 ____D C:\Windows\Minidump
2016-12-14 18:04 - 2011-07-31 08:32 - 00001460 _____ C:\Users\Steve\AppData\Local\d3d9caps64.dat
2016-12-11 15:33 - 2010-04-06 16:13 - 00000000 ___RD C:\Users\Steve\Documents\MozBackups
2016-12-11 15:06 - 2010-08-09 22:28 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PhotoScape
2016-12-10 10:54 - 2016-10-13 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-10 10:54 - 2012-07-08 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-07 13:40 - 2011-03-29 13:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-07 13:34 - 2006-11-02 15:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-06 21:12 - 2010-04-02 16:36 - 00000000 ____D C:\Windows\pss
2016-12-06 19:06 - 2015-04-07 14:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-06 19:05 - 2015-04-07 14:59 - 00000000 ____D C:\Users\Steve Administator\AppData\Local\Google
2016-12-05 14:09 - 2010-04-06 16:16 - 00000000 ___RD C:\Users\Steve\Documents\20) computer
2016-12-04 17:03 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-04 00:25 - 2014-12-09 18:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-03 23:45 - 2016-05-19 15:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-03 23:35 - 2016-05-19 15:25 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-03 17:37 - 2014-08-15 22:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-02 20:24 - 2010-09-24 21:18 - 00000000 ____D C:\Program Files\Speccy
2016-11-29 16:06 - 2015-05-13 08:35 - 00012288 ____H C:\Users\Steve\Desktop\photothumb.db
2016-11-25 13:13 - 2013-12-20 09:23 - 00073928 _____ C:\Windows\system32\Drivers\fsbts.sys
2016-11-23 05:54 - 2016-02-23 13:36 - 00000000 ____D C:\Users\Steve\Documents\My Kindle Content
2016-11-22 22:20 - 2015-06-10 08:24 - 00235688 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-11-22 22:20 - 2012-04-23 07:05 - 00489704 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

==================== Files in the root of some directories =======

2014-05-15 10:01 - 2014-05-24 13:37 - 0000143 _____ () C:\Program Files (x86)\.lnk
2011-12-01 12:50 - 2011-12-01 16:20 - 0162223 _____ () C:\Users\Steve Administator\AppData\Local\ars.cache
2011-12-01 12:50 - 2011-12-01 12:50 - 0730760 _____ () C:\Users\Steve Administator\AppData\Local\census.cache
2013-04-17 13:22 - 2013-04-17 13:22 - 0008704 _____ () C:\Users\Steve Administator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-04 17:42 - 2010-04-04 17:43 - 0353894 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistMSI22F2.txt
2010-04-04 17:47 - 2010-04-04 17:47 - 0334958 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistMSI2643.txt
2010-04-07 11:45 - 2010-04-07 11:46 - 0424088 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistMSI7C11.txt
2010-04-04 17:42 - 2010-04-04 17:43 - 0011378 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistUI22F2.txt
2010-04-04 17:42 - 2010-04-04 17:42 - 0010614 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistUI22F5.txt
2010-04-04 17:47 - 2010-04-04 17:47 - 0011202 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistUI2643.txt
2010-04-04 17:47 - 2010-04-04 17:47 - 0010582 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistUI2646.txt
2010-04-07 11:45 - 2010-04-07 11:46 - 0012798 _____ () C:\Users\Steve Administator\AppData\Local\dd_vcredistUI7C11.txt
2016-12-15 18:26 - 2016-10-02 17:14 - 3604152 _____ (COMODO) C:\ProgramData\cis695.exe

Files to move or delete:
====================
C:\ProgramData\cis695.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {0460034e-2af1-11dd-b414-f9e01caba3d2}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0460034e-2af1-11dd-b414-f9e01caba3d2}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=\Device\HarddiskVolume1
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=\Device\HarddiskVolume1
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0460034e-2af1-11dd-b414-f9e01caba3d2}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}


LastRegBack: 2016-12-20 09:59

==================== End of FRST.txt ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 AM

Posted 21 December 2016 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [eRecoveryService] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKU\S-1-5-21-1126001445-3472825750-2387988500-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi => not found
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx <not found>
S1 Beep; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [220]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [222]
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.reg:  =>  <===== ATTENTION
C:\ProgramData\cis695.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

For your added security I suggest that you update the following programs.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/

When the updates are completed and you have restarted the computer remove what remains of these versions via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)

This tool is no longer supported and not ready for your operating system. You can remove it also.
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: - )

===

Please post the fixlog.txt, include a Malwarebytes log and the AdwCleaner log for my review.

Let me know what problem persists with this computer.

#5 MaxedOut

MaxedOut
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxford UK
  • Local time:03:48 PM

Posted 22 December 2016 - 04:10 PM

JRST

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Steve Administator (22-12-2016 17:13:15) Run:2
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve Administator & Steve (Available Profiles: Steve Administator & Steve & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [eRecoveryService] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKU\S-1-5-21-1126001445-3472825750-2387988500-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => not found
FF HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi => not found
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx <not

found>
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx <not found>
S1 Beep; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [220]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [222]
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.reg:  =>  <===== ATTENTION
C:\ProgramData\cis695.exe

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => key removed successfully
HKCR\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value removed successfully
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => key not found.
HKU\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\ols@f-secure.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ols@f-secure.com => value removed successfully
HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Mozilla\Firefox\Extensions\\safesearch@f-secure.com => value removed successfully
"HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@radialpoint.com/SPA,version=1" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj" => key removed successfully
Beep => service removed successfully
catchme => service removed successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.exe" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.scr" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.bat" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.com" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.cmd" => key removed successfully
"HKU\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Classes\.reg" => key removed successfully
C:\ProgramData\cis695.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14180612 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 22769649 B
Edge => 0 B
Chrome => 0 B
Firefox => 58671962 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82946 B
systemprofile32 => 98534 B
LocalService => 89848 B
LocalService => 0 B
NetworkService => 66228 B
NetworkService => 0 B
Steve Administator => 4596047 B
Steve => 86017058 B
UpdatusUser => 33125 B
UpdatusUser => 0 B

RecycleBin => 728947941 B
EmptyTemp: => 881.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:14:24 =

 

 

---------------------------------------------------

 

Malwarebytes log

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/12/22 20:28:50 GMT</date>
<logfile>mbam-log-2016-12-22 (20-28-47).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.12.22.16</malware-database>
<rootkit-database>v2016.11.20.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>ALICE</hostname>
<ip>192.168.0.2</ip>
<osversion>Windows Vista Service Pack 2</osversion>
<arch>x64</arch>
<username>Steve Administator</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>371196</objects>
<time>1664</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

 

---------------------------------------------------

 

AdwCleaner

 

# AdwCleaner v6.030 - Logfile created 22/12/2016 at 20:10:02
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-12-21.1 [Server]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (X64)
# Username : Steve Administator - ALICE
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

\AdwCleaner\AdwCleaner[C0].txt - [1692 Bytes] - [03/12/2016 01:26:15]
\AdwCleaner\AdwCleaner[S0].txt - [1709 Bytes] - [03/12/2016 00:18:50]
\AdwCleaner\AdwCleaner[S1].txt - [1314 Bytes] - [03/12/2016 01:45:43]
\AdwCleaner\AdwCleaner[S2].txt - [1237 Bytes] - [22/12/2016 20:10:02]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1308 Bytes] ##########

 

 

-------------

 

My banking site is still activating the keylogging feature but at least the damn pup has gone :)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 AM

Posted 23 December 2016 - 07:46 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

My banking site is still activating the keylogging feature

Can you post the message it may give me some clues.

#7 MaxedOut

MaxedOut
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxford UK
  • Local time:03:48 PM

Posted 26 December 2016 - 04:30 AM

RogueKiller

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Steve Administator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/26/2016 08:23:54 (Duration : 00:31:33)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 38 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1126001445-3472825750-2387988500-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\ACER(W~1.SCR [x] -> Found

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} -- C:\ProgramData\cis695.exe (--PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}) -> Found
[Suspicious.Path] \NCH Software\DebutSevenDays -- C:\Users\Steve\AppData\Roaming\NCH Software\Program Files\Debut\Debut.exe (-sevendays) -> Found
[Suspicious.Path] \NCH Software\prismShakeIcon -- C:\Users\Steve\AppData\Roaming\NCH Software\Program Files\Prism\Prism.exe (-shakeicon) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 69ebfdef63a4f663867f360994a60166
[BSP] a3ca8ae24d147929baa3411d524f9f7b : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 41945088 | Size: 293413 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 642854961 | Size: 142584 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 934868992 | Size: 154000 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

--------------------------------------------

 

Banking website's error message -

 

 

The following password submissions were protected by the character replacement feature. Trusteer Endpoint Protection has prevented access to the original keystrokes from most common keyloggers. This does not necessarily mean you have keyloggers on your PC. However, applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed.

 

 

I would accept the underlined as read if the feature hadn't suddenly started up. This is why I've put 'possible' keylogger in the title.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 AM

Posted 26 December 2016 - 08:45 AM


Please run the RogueKiller tool and delete this.

[Suspicious.Path] \CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} -- C:\ProgramData\cis695.exe (--PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}) -> Found

Restart the computer normally.

Run the RogueKiller tool normally and let me know the item returns.

If not there is the issues solved?

#9 MaxedOut

MaxedOut
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxford UK
  • Local time:03:48 PM

Posted 28 December 2016 - 02:30 AM

I deleted the above and it was gone when I ran RogueKiller again.

 

Rapport is still blocking keyloggers. Unless you can think of any thing else I'll just be thankful that the key replacement feature is working and leave it at that.

 

-----------------------

 

Edited to add:

 

Re the recommended updates. I've always had Java disabled in Firefox so have never bothered updating it, I've only used IE9 once on this machine and that was to download Firefox. I'm stuck with Adobe Reader X I'm afraid - my 'ancient' Vista OS isn't supported. I really should have upgraded to windows 7 and then got the free win 10 upgrade :(

 

I've been trying to update Air for a while. Whenever I click on 'download' it takes me to the sales page. I'm able to download Flash with no problems.


Edited by MaxedOut, 28 December 2016 - 07:10 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 AM

Posted 28 December 2016 - 10:06 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users