Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, rootkit or some win32 infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 nevermore_32

nevermore_32

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 05 January 2017 - 05:13 PM

Ok, I have now ran a FRST scan and below is the log. Before boopme had answered I had run RKill again and this time it found 3 malware processes

 

 * C:\Windows\system32\SearchIndexer.exe (PID: 3868) [WD-HEUR]
 * C:\Windows\system32\sppsvc.exe (PID: 1660) [WD-HEUR]
 * C:\Windows\servicing\TrustedInstaller.exe (PID: 4064) [WD-HEUR]
 
I don't see where to add an attachment for the addition.txt or if you need it.
Thanks again for the help!!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by COLLY (administrator) on COLLY-PC (05-01-2017 22:32:49)
Running from C:\Users\COLLY\Downloads
Loaded Profiles: COLLY (Available Profiles: COLLY)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files (x86)\Comodo\COMODO Cloud Antivirus\ccavsrv.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Cloud Antivirus\ccavsrv.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_autoupdate.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5796976 2016-12-21] (COMODO)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [20480 2007-07-26] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\COLLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2017-01-05]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{D62EBB33-35BC-4B0A-A29F-E6A901316DC8}: [DhcpNameServer] 192.168.1.20
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3729032421-3331676028-2867620244-1000 -> {88749F58-B7D6-446C-A1B3-FAAEF9C5B51E} URL = hxxp://www.the-arena.co.uk/default.aspx?sc={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-27] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 1oom6n7z.default
FF ProfilePath: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default [2017-01-05]
FF Homepage: Mozilla\Firefox\Profiles\8nmn7umd.default -> user_pref("browser.startup.homepage", "about:home"about:home);
FF Extension: (Flash Video Downloader - YouTube HD Downloader [4K]) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\artur.dubovoy@gmail.com [2017-01-03]
FF Extension: (Ghostery) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\firefox@ghostery.com.xpi [2014-05-23] [not signed]
FF Extension: (Lightbeam) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-10-20]
FF Extension: (YesScript) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\yesscript@userstyles.org.xpi [2015-09-02]
FF Extension: (NoScript) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-23] [not signed]
FF Extension: (DownloadHelper) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2017-01-03] [not signed]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\duckduckgo.xml [2014-05-23]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\ixquick-https.xml [2014-05-23]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\startpage-ssl.xml [2014-05-23]
FF ProfilePath: C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default [2017-01-03]
FF DefaultSearchEngine: Comodo\IceDragon\Profiles\1oom6n7z.default -> DuckDuckGo
FF Homepage: Comodo\IceDragon\Profiles\1oom6n7z.default -> hxxps://duckduckgo.com/
FF Extension: (Firefox Hotfix) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-20]
FF Extension: (Ghostery) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox@ghostery.com.xpi [2016-10-20]
FF Extension: (Lightbeam) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-10-20]
FF Extension: (NoScript) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-10-20]
FF Extension: (Video DownloadHelper) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-03-04] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2014-04-18] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2015-02-03] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2015-06-15] (Microsoft Corporation) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2015-02-03] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2015-02-03] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-21] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-21] (Microsoft Corporation) [File not signed]
S3 BITS; C:\Windows\system32\qmgr.dll [849920 2010-11-21] (Microsoft Corporation) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5796976 2016-12-21] (COMODO)
S3 ccavvirth; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavvirth.exe [2857128 2016-12-21] (COMODO)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [188416 2015-04-27] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-21] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-21] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-21] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-21] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-21] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-21] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2016-10-03] (Microsoft Corporation) [File not signed]
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-21] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-21] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-21] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-21] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-21] (Microsoft Corporation) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-06-20] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-21] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-21] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-21] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-21] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2015-06-15] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-21] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-06] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-11-04] (The OpenVPN Project)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2015-02-03] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-21] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-21] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-21] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-19] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-21] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-21] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-21] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-21] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-21] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-21] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-21] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-21] (Microsoft Corporation) [File not signed]
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-21] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-21] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-21] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-21] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-21] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-21] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-21] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-21] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-21] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-21] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-03] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-21] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2603008 2015-07-09] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-28] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-21] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [15376384 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [638976 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2015-02-03] (Microsoft Corporation) [File not signed]
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation) [File not signed]
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation) [File not signed]
R0 cmdccav; C:\Windows\System32\drivers\CmdCCAV.sys [419680 2016-12-21] (COMODO)
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-01-05] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Corporation) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-01-03] ()
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-25] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-21] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
U5 libwasys; C:\Windows\System32\Drivers\libwasys.sys [28464 2017-01-02] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2014-12-19] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159232 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [290816 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129024 2015-07-01] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75264 2009-10-26] (NEC Electronics Corporation) [File not signed]
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [176640 2009-10-26] (NEC Electronics Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2015-02-03] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-17] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-11] (Microsoft Corporation) [File not signed]
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows ® Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows ® Codename Longhorn DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-03] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-17] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-02] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed]
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [33280 2016-05-25] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2015-12-01] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed]
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-05 22:32 - 2017-01-05 22:32 - 00046512 _____ C:\Users\COLLY\Downloads\FRST.txt
2017-01-05 22:31 - 2017-01-05 22:32 - 00000000 ____D C:\FRST
2017-01-05 22:04 - 2017-01-05 22:04 - 02418176 _____ (Farbar) C:\Users\COLLY\Downloads\FRST64.exe
2017-01-05 13:17 - 2017-01-05 21:16 - 00307404 _____ C:\Users\COLLY\Desktop\Rkill6.txt
2017-01-04 23:15 - 2017-01-04 23:30 - 00267222 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_23.15.38_log.txt
2017-01-04 17:54 - 2017-01-04 17:54 - 00015262 _____ C:\Users\COLLY\Downloads\list ccleaner sched.txt
2017-01-04 17:53 - 2017-01-04 17:53 - 00004396 _____ C:\Users\COLLY\Downloads\list ccleaner startups.txt
2017-01-04 12:44 - 2017-01-04 12:44 - 00007866 _____ C:\Windows\system32\Drivers\fvBoxStore.dat
2017-01-03 16:00 - 2017-01-05 21:05 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-03 16:00 - 2017-01-05 21:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-03 16:00 - 2017-01-05 21:05 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-03 16:00 - 2017-01-05 21:05 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-03 16:00 - 2017-01-05 21:05 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-03 16:00 - 2017-01-03 16:00 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-03 16:00 - 2017-01-03 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-03 15:59 - 2017-01-04 13:49 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-03 15:59 - 2017-01-03 15:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-03 15:53 - 2017-01-03 15:53 - 54199488 _____ (Malwarebytes ) C:\Users\COLLY\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-03 15:32 - 2017-01-03 15:47 - 00267076 _____ C:\TDSSKiller.3.1.0.12_03.01.2017_15.32.27_log.txt
2017-01-03 15:32 - 2017-01-03 15:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\COLLY\Downloads\tdsskiller.exe
2017-01-03 15:10 - 2017-01-04 23:08 - 00306908 _____ C:\Users\COLLY\Desktop\Rkill5.txt
2017-01-03 05:09 - 2017-01-05 22:05 - 00062712 _____ C:\Windows\system32\Drivers\ccavsfi.dat
2017-01-03 05:09 - 2017-01-03 05:09 - 528543760 _____ C:\Windows\MEMORY.DMP
2017-01-03 05:09 - 2017-01-03 05:09 - 00274320 _____ C:\Windows\Minidump\010317-20436-01.dmp
2017-01-03 05:09 - 2017-01-03 05:09 - 00000000 ____D C:\Windows\Minidump
2017-01-03 05:05 - 2017-01-03 15:18 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-03 04:58 - 2017-01-03 05:23 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-03 04:58 - 2017-01-03 04:58 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-03 04:58 - 2017-01-03 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-03 04:58 - 2017-01-03 04:58 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-03 04:50 - 2017-01-03 04:51 - 34631352 _____ (Adlice Software ) C:\Users\COLLY\Downloads\setup.exe
2017-01-03 04:44 - 2017-01-03 04:44 - 00000000 ____D C:\Users\COLLY\AppData\Local\ESET
2017-01-03 04:43 - 2017-01-03 04:43 - 06771840 _____ (ESET spol. s r.o.) C:\Users\COLLY\Downloads\esetonlinescanner_enu.exe
2017-01-03 04:32 - 2017-01-03 05:28 - 00000000 ___HD C:\BOXRoot
2017-01-03 04:32 - 2017-01-03 04:32 - 00002115 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk
2017-01-03 04:32 - 2017-01-03 04:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-01-03 04:25 - 2017-01-03 05:44 - 00307122 _____ C:\Users\COLLY\Desktop\Rkill4.txt
2017-01-03 03:08 - 2017-01-03 03:08 - 00000000 ___DL C:\Documents and Settings
2017-01-03 03:07 - 2017-01-03 03:07 - 00011100 _____ C:\Users\COLLY\Downloads\Tweaking.com - Windows Repair - Pre-Scan.txt
2017-01-03 02:49 - 2017-01-03 02:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-03 02:48 - 2017-01-03 02:49 - 00189746 _____ C:\TDSSKiller.3.1.0.12_03.01.2017_02.48.22_log.txt
2017-01-03 02:25 - 2017-01-03 02:26 - 32645888 _____ (Tweaking.com) C:\Users\COLLY\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-01-03 02:10 - 2017-01-03 03:01 - 00307046 _____ C:\Users\COLLY\Desktop\Rkill3.txt
2017-01-03 02:10 - 2017-01-03 02:16 - 00307404 _____ C:\Users\COLLY\Desktop\Rkill2.txt
2017-01-03 02:07 - 2017-01-03 02:07 - 08971824 _____ (COMODO) C:\Users\COLLY\Downloads\ccav_installer.exe
2017-01-03 01:53 - 2017-01-03 01:53 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-03 01:49 - 2017-01-03 01:49 - 00010728 _____ C:\ComboFix.txt
2017-01-02 23:38 - 2017-01-02 23:38 - 43072280 _____ (Microsoft Corporation) C:\Users\COLLY\Downloads\mpas-fe.exe
2017-01-02 23:02 - 2017-01-03 02:03 - 00306952 _____ C:\Users\COLLY\Desktop\Rkill1.txt
2017-01-02 22:46 - 2017-01-02 22:47 - 11313360 _____ (Microsoft Corporation) C:\Users\COLLY\Downloads\WindowsUpdateAgent-7.6-x64.exe
2017-01-02 22:39 - 2017-01-02 22:39 - 00028464 _____ C:\Windows\system32\Drivers\libwasys.sys
2017-01-02 22:34 - 2017-01-02 22:35 - 07699064 _____ () C:\Users\COLLY\Downloads\OESISEndpointAssessmentTool.exe
2017-01-02 22:15 - 2017-01-02 22:15 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-02 22:15 - 2017-01-02 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-02 22:15 - 2017-01-02 22:15 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-02 22:14 - 2017-01-02 22:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-02 22:13 - 2017-01-02 22:13 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\COLLY\Downloads\rkill.exe
2017-01-02 22:05 - 2017-01-02 22:06 - 11581544 _____ (SurfRight B.V.) C:\Users\COLLY\Downloads\hitmanpro_x64.exe
2017-01-02 21:57 - 2017-01-03 13:22 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2016-12-31 04:32 - 2016-12-31 04:32 - 00000980 _____ C:\Users\COLLY\Documents\cc_20161231_043224.reg
2016-12-31 04:26 - 2016-12-31 04:26 - 00217013 _____ C:\Users\COLLY\Downloads\windows update in user data file.jpg
2016-12-31 04:05 - 2017-01-03 13:22 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-31 04:05 - 2017-01-03 13:22 - 00000000 ____D C:\Windows\system32\catroot
2016-12-31 03:39 - 2017-01-05 21:23 - 00524288 ___SH C:\Windows\system32\config\components{2e788fc1-cf02-11e6-9be3-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 03:39 - 2017-01-05 21:23 - 00065536 ___SH C:\Windows\system32\config\components{2e788fc1-cf02-11e6-9be3-1c6f653d8071}.TM.blf
2016-12-31 03:39 - 2016-12-31 03:43 - 00524288 ___SH C:\Windows\system32\config\components{2e788fc1-cf02-11e6-9be3-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 03:26 - 2016-12-31 03:26 - 00812232 _____ C:\Users\COLLY\Downloads\windows update fixed 6.jpg
2016-12-31 03:24 - 2016-12-31 04:07 - 00000000 ____D C:\Windows\SoftwareDistribution
2016-12-31 03:02 - 2016-12-31 03:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-31 03:02 - 2016-12-31 03:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-31 03:02 - 2016-12-31 03:02 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-12-31 03:02 - 2016-12-31 03:02 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-12-31 03:02 - 2016-12-31 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-12-31 03:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-12-31 01:15 - 2016-12-31 01:16 - 47675104 _____ (Microsoft Corporation) C:\Users\COLLY\Downloads\Windows-KB890830-x64-V5.43.exe
2016-12-31 01:10 - 2016-12-31 01:11 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\COLLY\Downloads\spybot-2.4.exe
2016-12-31 01:04 - 2016-12-31 01:26 - 00524288 ___SH C:\Windows\system32\config\components{4776464b-ceec-11e6-81eb-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 01:04 - 2016-12-31 01:26 - 00524288 ___SH C:\Windows\system32\config\components{4776464b-ceec-11e6-81eb-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 01:04 - 2016-12-31 01:26 - 00065536 ___SH C:\Windows\system32\config\components{4776464b-ceec-11e6-81eb-1c6f653d8071}.TM.blf
2016-12-31 01:04 - 2016-12-31 01:04 - 00004260 _____ C:\Users\COLLY\Documents\cc_20161231_010406.reg
2016-12-29 20:07 - 2017-01-03 13:19 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Opera Software
2016-12-29 20:07 - 2016-12-29 20:07 - 00000000 ____D C:\Users\COLLY\AppData\Local\Opera Software
2016-12-29 20:06 - 2017-01-02 21:40 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-29 20:06 - 2016-12-29 20:06 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1483038411
2016-12-29 20:06 - 2016-12-29 20:06 - 00001139 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-29 20:06 - 2016-12-29 20:06 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-29 20:04 - 2016-12-29 20:04 - 00001100 _____ C:\Users\COLLY\Documents\cc_20161229_200427.reg
2016-12-29 14:49 - 2016-12-29 14:49 - 00001100 _____ C:\Users\COLLY\Documents\cc_20161229_144941.reg
2016-12-29 14:44 - 2016-12-29 14:44 - 00194695 _____ C:\Users\COLLY\Downloads\windows update fixed 5.jpg
2016-12-29 13:16 - 2016-12-29 13:16 - 00194282 _____ C:\Users\COLLY\Downloads\new error update.jpg
2016-12-29 02:34 - 2016-12-29 02:34 - 00011200 _____ C:\Users\COLLY\Documents\cc_20161229_023444.reg
2016-12-29 01:37 - 2016-12-29 01:37 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-12-29 01:37 - 2016-12-29 01:37 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-12-29 01:35 - 2016-12-29 01:35 - 53489464 _____ (COMODO) C:\Users\COLLY\Downloads\icedragonsetup.exe
2016-12-29 01:27 - 2016-12-29 01:27 - 00000000 ____D C:\af93988d148ad9025b67709960c86f73
2016-12-29 00:05 - 2016-12-29 00:05 - 00198739 _____ C:\Users\COLLY\Downloads\windows update fixed 4.jpg
2016-12-28 23:58 - 2016-12-29 20:01 - 00524288 ___SH C:\Windows\system32\config\components{a5708823-cd50-11e6-a550-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 23:58 - 2016-12-29 20:01 - 00065536 ___SH C:\Windows\system32\config\components{a5708823-cd50-11e6-a550-1c6f653d8071}.TM.blf
2016-12-28 23:58 - 2016-12-29 00:08 - 00524288 ___SH C:\Windows\system32\config\components{a5708823-cd50-11e6-a550-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 23:55 - 2016-12-28 23:57 - 00000000 ____D C:\Windows\system32\catroot2_bak
2016-12-28 23:49 - 2016-12-28 23:49 - 00195780 _____ C:\Users\COLLY\Downloads\windows update fixed 3.jpg
2016-12-28 23:28 - 2016-12-28 23:28 - 00306096 _____ C:\Users\COLLY\Downloads\scan 1.jpg
2016-12-28 23:11 - 2016-12-28 23:11 - 00264152 _____ C:\Users\COLLY\Downloads\windows update fixed 2.jpg
2016-12-28 23:05 - 2016-12-28 23:23 - 00524288 ___SH C:\Windows\system32\config\components{7d2ef9c3-cd49-11e6-902b-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 23:05 - 2016-12-28 23:23 - 00524288 ___SH C:\Windows\system32\config\components{7d2ef9c3-cd49-11e6-902b-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 23:05 - 2016-12-28 23:23 - 00065536 ___SH C:\Windows\system32\config\components{7d2ef9c3-cd49-11e6-902b-1c6f653d8071}.TM.blf
2016-12-28 22:52 - 2016-12-28 22:52 - 00344258 _____ C:\Users\COLLY\Downloads\windows update fixed 1.jpg
2016-12-28 22:20 - 2017-01-03 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-28 22:19 - 2017-01-03 23:32 - 00000000 ____D C:\Users\COLLY\Desktop\mbar
2016-12-28 22:18 - 2016-12-28 22:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\COLLY\Downloads\mbar-1.09.3.1001.exe
2016-12-28 21:36 - 2016-12-28 21:36 - 01413018 _____ C:\Users\COLLY\Documents\Use the System File Checker tool to repair missing or corrupted system files.mht
2016-12-28 21:23 - 2017-01-04 21:55 - 00042830 _____ C:\Windows\PFRO.log
2016-12-28 20:43 - 2017-01-03 01:49 - 00000000 ____D C:\Users\Public\AppData\Local
2016-12-28 20:43 - 2016-12-28 20:43 - 00000000 ____D C:\Users\Public\AppData
2016-12-28 20:37 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-28 20:37 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-28 20:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-28 20:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-28 20:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-28 20:37 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-28 20:37 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-28 20:37 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-28 20:36 - 2017-01-03 01:49 - 00000000 ____D C:\Qoobox
2016-12-28 20:36 - 2016-12-28 23:37 - 00000000 ____D C:\Windows\erdnt
2016-12-28 20:23 - 2016-12-28 20:23 - 03977168 _____ C:\Users\COLLY\Downloads\AdwCleaner.exe
2016-12-28 20:18 - 2017-01-04 00:14 - 01047118 _____ C:\Windows\ntbtlog.txt
2016-12-28 02:54 - 2016-12-28 02:57 - 00000000 ____D C:\Windows\SysWOW64\catroot2.bak
2016-12-28 02:28 - 2016-12-28 21:55 - 00524288 ___SH C:\Windows\system32\config\components{c7a66cc3-cc9c-11e6-b7d6-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 02:28 - 2016-12-28 21:55 - 00065536 ___SH C:\Windows\system32\config\components{c7a66cc3-cc9c-11e6-b7d6-1c6f653d8071}.TM.blf
2016-12-28 02:28 - 2016-12-28 02:41 - 00524288 ___SH C:\Windows\system32\config\components{c7a66cc3-cc9c-11e6-b7d6-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 02:24 - 2016-12-28 02:24 - 01250816 _____ C:\Users\COLLY\Downloads\MicrosoftEasyFix50202.msi
2016-12-28 02:13 - 2016-12-28 02:13 - 00000000 ____D C:\e4247235a159e6080575d902e0
2016-12-28 01:57 - 2016-12-28 01:57 - 00000000 ____D C:\Windows\CheckSur
2016-12-28 01:53 - 2016-12-28 01:53 - 00313366 _____ C:\Users\COLLY\Downloads\WindowsUpdateDiagnostic.diagcab
2016-12-28 01:46 - 2016-12-28 01:56 - 564744309 _____ C:\Users\COLLY\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-12-28 01:38 - 2016-12-28 02:26 - 00524288 ___SH C:\Windows\system32\config\components{8b28058b-cc95-11e6-8bf0-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 01:38 - 2016-12-28 02:26 - 00524288 ___SH C:\Windows\system32\config\components{8b28058b-cc95-11e6-8bf0-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 01:38 - 2016-12-28 02:26 - 00065536 ___SH C:\Windows\system32\config\components{8b28058b-cc95-11e6-8bf0-1c6f653d8071}.TM.blf
2016-12-28 01:35 - 2017-01-05 21:05 - 00002464 _____ C:\Windows\setupact.log
2016-12-28 01:35 - 2016-12-28 01:35 - 00000000 _____ C:\Windows\setuperr.log
2016-12-28 00:33 - 2017-01-05 21:08 - 01457219 _____ C:\Windows\WindowsUpdate.log
2016-12-28 00:31 - 2016-12-28 00:31 - 00002116 _____ C:\Users\COLLY\Documents\cc_20161228_003128.reg
2016-12-28 00:26 - 2016-12-28 00:26 - 00000000 ____D C:\da3ff00a0ffca433dde8ee
2016-12-28 00:17 - 2016-12-28 01:34 - 00524288 ___SH C:\Users\COLLY\ntuser.dat{fad9a14c-cc82-11e6-b4bd-1c6f653d8071}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 00:17 - 2016-12-28 01:34 - 00524288 ___SH C:\Users\COLLY\ntuser.dat{fad9a14c-cc82-11e6-b4bd-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 00:17 - 2016-12-28 01:34 - 00065536 ___SH C:\Users\COLLY\ntuser.dat{fad9a14c-cc82-11e6-b4bd-1c6f653d8071}.TM.blf
2016-12-27 23:12 - 2016-12-27 23:12 - 00000000 ____D C:\97fd8e3d8376ccdcb7ae5e869d8da819
2016-12-27 16:31 - 2016-12-27 16:31 - 00000000 ____D C:\82d86dbbd1de390cc5961c
2016-12-27 14:33 - 2016-12-27 14:33 - 00035271 _____ C:\Users\COLLY\Downloads\FOX FRY.jpg
2016-12-27 14:30 - 2016-12-27 14:29 - 00046438 _____ C:\Users\COLLY\Downloads\DID YOU THINK I  WAS JOKING.jpg
2016-12-27 14:27 - 2016-12-27 14:27 - 00040071 _____ C:\Users\COLLY\Downloads\WORST APOCALYPSE EVER.jpg
2016-12-27 14:20 - 2016-12-27 14:19 - 00054514 _____ C:\Users\COLLY\Downloads\SLEIGH DOGS.jpg
2016-12-27 13:52 - 2016-12-27 13:52 - 00000000 ____D C:\Users\COLLY\Documents\Updater
2016-12-27 13:50 - 2016-12-27 13:50 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2016-12-27 13:45 - 2016-12-27 13:45 - 00000000 ____D C:\Photoshop
2016-12-27 13:33 - 2016-12-27 13:33 - 00000000 ____D C:\67128075f8dbfd4d692a919a2496bda1
2016-12-27 13:32 - 2016-12-27 13:33 - 01034556 _____ C:\Users\COLLY\Downloads\Windows6.1-KB2999226-x64.msu
2016-12-22 12:55 - 2016-12-22 12:55 - 03557043 _____ C:\Users\COLLY\Downloads\xposed-v87-sdk22-arm.zip
2016-12-22 12:53 - 2016-12-22 12:53 - 03392464 _____ C:\Users\COLLY\Downloads\System app remover ROOT_v3.6.2019_apkpure.com.apk
2016-12-22 12:51 - 2016-12-22 12:51 - 07803439 _____ C:\Users\COLLY\Downloads\Titanium Backup ★ root_v7.6.0.1_apkpure.com.apk
2016-12-21 03:07 - 2016-12-21 03:07 - 00389800 _____ (COMODO) C:\Windows\system32\ccavvrt64.dll
2016-12-21 03:07 - 2016-12-21 03:07 - 00307888 _____ (COMODO) C:\Windows\SysWOW64\ccavvrt32.dll
2016-12-21 03:06 - 2016-12-21 03:06 - 00432808 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll
2016-12-21 03:06 - 2016-12-21 03:06 - 00419680 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys
2016-12-21 03:06 - 2016-12-21 03:06 - 00336552 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll
2016-12-16 14:34 - 2016-12-16 14:34 - 00000000 ____D C:\Users\COLLY\Downloads\dec 2016
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-05 21:39 - 2015-09-21 11:45 - 00000000 ____D C:\AdwCleaner
2017-01-05 21:18 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-05 21:18 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-05 21:12 - 2009-07-14 06:13 - 00885842 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-05 21:06 - 2015-11-04 16:43 - 00000000 ____D C:\ProgramData\purevpn
2017-01-05 21:05 - 2014-05-23 14:49 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-01-05 21:05 - 2014-05-23 14:49 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-01-05 21:05 - 2014-05-23 14:12 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-01-05 21:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 00:21 - 2015-02-05 13:46 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-04 14:38 - 2014-06-04 19:08 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-04 12:43 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-04 00:34 - 2014-12-03 16:27 - 00000000 ____D C:\Users\COLLY\Downloads\old
2017-01-04 00:33 - 2016-01-18 16:36 - 00000000 ____D C:\Users\COLLY\Downloads\misc
2017-01-04 00:18 - 2014-09-04 19:04 - 00000000 ____D C:\Users\COLLY\Documents\WORK 2014
2017-01-03 23:23 - 2014-07-12 23:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-03 23:20 - 2014-05-26 20:21 - 00000000 ____D C:\Windows\pss
2017-01-03 23:17 - 2014-12-03 14:55 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-01-03 23:17 - 2014-05-26 20:07 - 00000000 ____D C:\ProgramData\Comodo
2017-01-03 13:22 - 2016-10-27 11:35 - 00000000 ____D C:\Users\COLLY\Downloads\usbdeview-x64
2017-01-03 13:22 - 2016-10-20 08:14 - 00000000 ____D C:\Users\COLLY\Desktop\MISC
2017-01-03 13:22 - 2016-10-16 15:07 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Kingosoft
2017-01-03 13:22 - 2016-10-16 14:36 - 00000000 ____D C:\Users\COLLY\Downloads\docs
2017-01-03 13:22 - 2016-10-03 22:16 - 00000000 ____D C:\Users\COLLY\.android
2017-01-03 13:22 - 2016-01-22 14:30 - 00000000 ____D C:\Users\COLLY\Downloads\HiSuiteSetup_2.3.55.1
2017-01-03 13:22 - 2015-12-04 16:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-03 13:22 - 2015-12-01 23:29 - 00000000 ____D C:\Users\COLLY\AppData\Local\Samsung
2017-01-03 13:22 - 2015-12-01 23:24 - 00000000 ____D C:\Users\COLLY\AppData\Local\Downloaded Installations
2017-01-03 13:22 - 2015-10-20 17:09 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-01-03 13:22 - 2015-08-08 13:07 - 00000000 ____D C:\Users\COLLY\AppData\Local\PureVPN
2017-01-03 13:22 - 2014-07-14 22:41 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-03 13:22 - 2014-06-22 21:30 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Winamp
2017-01-03 13:22 - 2014-06-22 14:31 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\vlc
2017-01-03 13:22 - 2014-06-04 18:49 - 00000000 ____D C:\Users\COLLY\AppData\Local\HP
2017-01-03 13:22 - 2014-05-26 22:11 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Audacity
2017-01-03 13:22 - 2014-05-23 17:05 - 00000000 ____D C:\Users\COLLY\Downloads\Realtek
2017-01-03 13:22 - 2014-05-23 16:23 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-01-03 13:22 - 2014-05-23 16:21 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Raptr
2017-01-03 13:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-03 13:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-01-03 13:21 - 2015-07-27 10:39 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-03 13:19 - 2016-10-16 15:07 - 00000000 ____D C:\Users\COLLY\AppData\Local\Kingosoft
2017-01-03 13:19 - 2016-10-04 16:47 - 00000000 ____D C:\Users\COLLY\AppData\LocalLow\Sun
2017-01-03 13:19 - 2016-10-04 16:44 - 00000000 ____D C:\Users\COLLY\AppData\LocalLow\Oracle
2017-01-03 13:19 - 2016-10-03 19:46 - 00000000 ____D C:\Users\COLLY\.AndroidStudio2.2
2017-01-03 13:19 - 2016-10-03 15:25 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\ERoot
2017-01-03 13:19 - 2016-04-10 21:50 - 00000000 ____D C:\Users\COLLY\AppData\Local\CEF
2017-01-03 13:19 - 2016-01-22 14:32 - 00000000 ____D C:\Users\COLLY\AppData\Local\HiSuite
2017-01-03 13:19 - 2015-09-28 14:08 - 00000000 ____D C:\Users\COLLY\Documents\Konigin
2017-01-03 13:19 - 2015-09-02 23:08 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Comodo
2017-01-03 13:19 - 2015-07-27 10:39 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Foxit Software
2017-01-03 13:19 - 2014-06-17 21:58 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\OpenOffice
2017-01-03 13:19 - 2014-05-26 20:08 - 00000000 ____D C:\Users\COLLY\AppData\Local\Comodo
2017-01-03 13:19 - 2014-05-26 19:58 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Adobe
2017-01-03 13:19 - 2014-05-23 16:27 - 00000000 ____D C:\Users\COLLY\AppData\Local\Microsoft Games
2017-01-03 13:19 - 2014-05-23 15:00 - 00000000 ____D C:\Users\COLLY\AppData\Roaming\Mozilla
2017-01-03 07:03 - 2016-10-03 19:33 - 00000000 ____D C:\ZOPO
2017-01-03 06:57 - 2016-10-04 14:53 - 00000000 ____D C:\Users\COLLY\Downloads\extras
2017-01-03 04:25 - 2014-05-23 13:52 - 00000000 ____D C:\Users\COLLY
2017-01-03 01:48 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-31 03:12 - 2015-06-16 10:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-31 03:07 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\debug
2016-12-29 01:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
2016-12-28 23:51 - 2014-05-23 13:53 - 00000000 ____D C:\Users\COLLY\AppData\Local\Diagnostics
2016-12-28 23:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-28 23:28 - 2014-05-25 18:00 - 00000000 ____D C:\ProgramData\Ashampoo
2016-12-28 20:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Drivers\etc
2016-12-28 20:42 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
2016-12-28 20:38 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-28 01:34 - 2016-10-27 11:19 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{6fb70229-9c2e-11e6-a464-1c6f653d8071}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 01:34 - 2016-10-27 11:19 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{6fb70229-9c2e-11e6-a464-1c6f653d8071}.TM.blf
2016-12-28 01:10 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-28 01:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-28 00:17 - 2014-05-23 14:13 - 00064024 _____ C:\Users\COLLY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-28 00:15 - 2016-10-16 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-12-28 00:15 - 2016-10-04 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2016-12-28 00:15 - 2016-10-04 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-28 00:15 - 2016-10-04 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-12-28 00:15 - 2016-10-03 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-12-28 00:15 - 2011-04-12 09:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-12-28 00:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-28 00:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2.bak
2016-12-28 00:14 - 2014-06-15 11:33 - 00000000 ____D C:\ProgramData\Adobe
2016-12-27 22:23 - 2014-05-23 13:56 - 00000000 ____D C:\Users\COLLY\AppData\Local\ElevatedDiagnostics
2016-12-27 22:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-27 15:16 - 2014-06-15 11:36 - 00000000 ____D C:\Users\COLLY\AppData\Local\Adobe
2016-12-24 14:20 - 2014-06-22 13:10 - 00000000 ____D C:\Users\COLLY\dwhelper
2016-12-16 14:36 - 2016-06-24 02:38 - 00000000 ____D C:\Users\COLLY\Downloads\naturales
2016-12-16 14:36 - 2016-06-24 02:38 - 00000000 ____D C:\Users\COLLY\Downloads\mates 5o
2016-12-16 14:36 - 2016-06-24 02:38 - 00000000 ____D C:\Users\COLLY\Downloads\lengua 5o
 
==================== Files in the root of some directories =======
 
2015-02-12 20:11 - 2015-02-12 19:27 - 0012005 _____ () C:\Users\COLLY\AppData\Roaming\alsoft.ini
2015-02-10 14:40 - 2015-02-10 14:40 - 0074500 _____ () C:\Users\COLLY\AppData\Local\ars.cache
2015-02-10 14:40 - 2015-02-10 14:40 - 0200129 _____ () C:\Users\COLLY\AppData\Local\census.cache
2015-02-10 14:33 - 2015-02-10 14:33 - 0000036 _____ () C:\Users\COLLY\AppData\Local\housecall.guid.cache
2017-01-02 22:39 - 2017-01-02 23:02 - 0000226 _____ () C:\Users\COLLY\AppData\Local\infection.log
2015-02-10 14:39 - 2015-02-10 14:39 - 0000010 _____ () C:\Users\COLLY\AppData\Local\sponge.last.runtime.cache
2016-10-16 15:09 - 2016-10-16 15:09 - 0000177 _____ () C:\Users\COLLY\AppData\Local\uts.ini
2014-06-04 18:50 - 2014-06-04 18:50 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-27 22:15
 
==================== End of FRST.txt ============================
 
 

Edited by hamluis, 05 January 2017 - 06:13 PM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 nevermore_32

nevermore_32
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 06 January 2017 - 08:52 AM

Ok, I read some more posts in this discussion and one reply said to post the addition.txt in a seperate post. I'll do that now. 

 

I think this all originally started with comodo icedragon updating which failed and could not update due to missing api-ms-win-crt-runtime-l1-1-0.dll . It all went downhill from trying to replace that dll from a windows update, windows update failing to start or run and windows defender failing to start. I installed opera to avoid that problem. Now that Comodo sandboxing is turned off, windows will start in normal boot mode. Otherwise it sanboxes loads of windows processes and will not run in normal mode. Using ctrl-alt-del and trying to access windows update/defender etc.. gets a permission pop-up for an unknown publisher.

 

Thanks! I really am out of my depth and appreciate the help!!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by COLLY (05-01-2017 22:33:09)
Running from C:\Users\COLLY\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-23 12:52:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3729032421-3331676028-2867620244-500 - Administrator - Disabled)
COLLY (S-1-5-21-3729032421-3331676028-2867620244-1000 - Administrator - Enabled) => C:\Users\COLLY
Guest (S-1-5-21-3729032421-3331676028-2867620244-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.8.405758.403 - COMODO)
COMODO Cloud Antivirus (x32 Version: 1.8.403.0 - COMODO) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasyVid Converter version 3.6.1.4907 (HKLM-x32\...\{5E8F3C2A-E4FF-43EC-86CE-EFF78E197300}_is1) (Version: 3.6.1.4907 - EasySoft, Inc.)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{C12946DC-8741-45DD-A848-9E6A3D663BE1}) (Version: 7.1.5.425 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free MP3 Cutter Joiner 10.6 (HKLM-x32\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
GeekBuddy (HKLM\...\{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}) (Version: 4.11.91 - Comodo Security Solutions Inc)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Oddworld: New 'n' Tasty (HKLM-x32\...\Steam App 314660) (Version:  - Just Add Water (Developments), Ltd.)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.0.0.0 - PureVPN)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12.9.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.1.0 - Adlice Software)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AE2EB95-ECD0-44E9-9695-90428EE3DF10} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {20A693E1-AE7E-48B5-B632-80C8B3357F8B} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {375CD763-568D-4CE5-847B-1616B49AA19A} - System32\Tasks\Opera scheduled Autoupdate 1483038411 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-29] (Opera Software)
Task: {6CFBB49B-3854-4155-B260-2A0DC58C8228} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {B2F5F89B-A2EA-4C69-9C2F-AA2E0EAD7F92} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {E9555D75-7949-487D-9A93-4E3A08E10FF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ED80CC7E-94E5-4A83-A92F-D88A2CF127DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-07] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-26 10:08 - 2016-08-26 10:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2008-03-25 16:21 - 2008-03-25 16:21 - 00219656 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2016-12-31 03:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-31 03:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-31 03:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-31 03:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-31 03:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-05-20 08:56 - 2010-05-20 08:56 - 02347079 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2010-04-16 10:38 - 2010-04-16 10:38 - 00344131 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2010-01-12 16:09 - 2010-01-12 16:09 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2010-04-13 12:38 - 2010-04-13 12:38 - 00139264 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2009-12-22 15:52 - 2009-12-22 15:52 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2009-10-21 13:07 - 2009-10-21 13:07 - 00106496 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2010-05-21 12:29 - 2010-05-21 12:29 - 00196608 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2010-04-02 15:04 - 2010-04-02 15:04 - 00110592 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2010-03-12 04:40 - 2010-03-12 04:40 - 04449632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2010-03-12 04:40 - 2010-03-12 04:40 - 00423256 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2010-04-07 14:35 - 2010-04-07 14:35 - 00274432 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\Farm City_v1.7_apkpure.com.apk:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\Farm City_v1.7_apkpure.com.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\George_Lakoff,_Mark_Johnson_Metaphors_We_Live_By.epub:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\George_Lakoff,_Mark_Johnson_Metaphors_We_Live_By.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\icedragonsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\icedragonsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\mame0179b_64bit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\mame0179b_64bit.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\MicrosoftEasyFix50202.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\MicrosoftEasyFix50202.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\SR1-SuperSU-v2.78-SR1-20160915123031.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\SR1-SuperSU-v2.78-SR1-20160915123031.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\System app remover ROOT_v3.6.2019_apkpure.com.apk:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\System app remover ROOT_v3.6.2019_apkpure.com.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\Titanium Backup ★ root_v7.6.0.1_apkpure.com.apk:$CmdTcID [130]
AlternateDataStreams: C:\Users\COLLY\Downloads\Titanium Backup ★ root_v7.6.0.1_apkpure.com.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\Windows6.1-KB2999226-x64.msu:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\Windows6.1-KB947821-v34-x64.msu:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\Windows6.1-KB947821-v34-x64.msu:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\WindowsUpdateDiagnostic.diagcab:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\WindowsUpdateDiagnostic.diagcab:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Downloads\xposed-v87-sdk22-arm.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\COLLY\Downloads\xposed-v87-sdk22-arm.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Documents\gapps package comparison.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\COLLY\Documents\Use the System File Checker tool to repair missing or corrupted system files.mht:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99941241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99941241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-12-28 20:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\COLLY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: CmdAgent => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DES2 Service => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IceDragonUpdater => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: JMB36X => 2
MSCONFIG\Services: Smart TimeLock => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^COLLY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PureVPN.lnk => C:\Windows\pss\PureVPN.lnk.Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TP-LINK USB Printer Controller => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F0446304-7A25-4380-818F-F35C69B5C5F5}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{C1CC3F65-478D-40B0-8ECE-61FD01188173}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{11FE5A7A-8253-4993-902E-509B78D1FB08}] => C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{4FC58072-3A96-475C-AA5B-0304C90EAD11}] => C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{5767765E-B9A5-4BAE-A4C4-255A0A9E4A0F}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B1588E9E-076F-48B2-B50A-98AF34F16C75}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{723B645A-9B5D-496C-A6CB-ECB6542B82C5}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DE64F371-8832-4EE1-ABF9-A946831AD293}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{07D6B1F1-37BD-4D78-B2B1-9E9AE417D520}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{8EEC022E-71A8-4110-84B4-86AAE89C9263}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{774A11D1-92AE-4E9C-A704-A092DE1DF5BB}] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C43BAA40-5612-468C-8524-96D65746126A}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{BF69B36A-F0D4-4BFF-A1A3-11EA91FFC05B}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F726665A-9290-4D8C-80B7-C6B858DC04AE}] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{425C0659-37AD-495A-8464-C32A78AB8E6B}] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{169372B5-6D95-485B-980F-05FC8F74A080}] => LPort=7437
FirewallRules: [{2E292CC2-C557-4326-B3DC-68B3B4ACDF8D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1E2A2694-1628-445F-8EC9-57328942C4E6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7E5231F-09F8-47AA-9D35-9696A4E86C85}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{46CEEE41-06F6-4E22-9AE7-E53013EC1352}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61D1CB2E-C303-47FD-B9F0-AFE8A65B1BBC}] => C:\SteamLibrary\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{DA838A2E-D32E-4AC0-9496-68C56D64F5AC}] => C:\SteamLibrary\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{20311729-7CE1-4309-BAAB-64CBF8B08E95}] => C:\SteamLibrary\steamapps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{0648E451-FCAD-4B7D-97D4-0A26E783C3CF}] => C:\SteamLibrary\steamapps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{BB295BD4-A69B-4D29-A397-658F8ED9CF06}] => C:\SteamLibrary\steamapps\common\Oddworld New n Tasty\NNT.exe
FirewallRules: [{6F90AF36-ADB1-4D78-9C42-B72F9497966A}] => C:\SteamLibrary\steamapps\common\Oddworld New n Tasty\NNT.exe
FirewallRules: [{4B738BF6-D8F6-4A67-B7DF-34F8906371A1}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4D38C4CD-1607-4B6B-8B0A-271A91C4DF10}] => C:\Windows\SysWOW64\muzapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
28-12-2016 00:47:10 Automatic creation
29-12-2016 00:39:50 Automatic creation
29-12-2016 20:17:24 Automatic creation
31-12-2016 02:19:04 Automatic creation
03-01-2017 00:19:04 Automatic creation
03-01-2017 02:39:50 Automatic creation
04-01-2017 22:25:18 Automatic creation
05-01-2017 21:35:26 Automatic creation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2017 09:35:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {20e417ed-ea88-4a04-b641-94f112b79d5e}
 
Error: (01/05/2017 09:05:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/05/2017 01:45:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {99b016bb-6d86-40f0-a0f7-33dcbd35460b}
 
Error: (01/05/2017 01:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/04/2017 10:25:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e2afb023-64aa-49ca-a4cd-66f055797ccd}
 
Error: (01/04/2017 09:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/04/2017 01:16:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e1bc3899-f90f-4922-bf72-36130c2b6b94}
 
Error: (01/04/2017 12:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/04/2017 12:43:57 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (01/04/2017 12:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/05/2017 09:11:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/05/2017 09:11:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/05/2017 09:11:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/05/2017 09:06:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
No signature was present in the subject.
 
Error: (01/05/2017 01:17:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/05/2017 01:16:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
No signature was present in the subject.
 
Error: (01/04/2017 10:54:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/04/2017 09:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
No signature was present in the subject.
 
Error: (01/04/2017 01:41:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (01/04/2017 01:41:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\COLLY\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-03 07:09:08.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 05:24:47.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 04:58:37.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 04:44:06.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 04:31:15.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 04:24:58.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 03:55:29.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 03:55:29.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 03:48:58.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 03:48:58.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 4087.42 MB
Available physical RAM: 2656.43 MB
Total Virtual: 8173.04 MB
Available Virtual: 6529.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:392.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6EC8EAA1)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0AF85CBD)
Partition 1: (Not Active) - (Size=94.4 GB) - (Type=83)
Partition 2: (Not Active) - (Size=837.1 GB) - (Type=05)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 AM

Posted 07 January 2017 - 10:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Flash Video Downloader - YouTube HD Downloader [4K]) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\artur.dubovoy@gmail.com [2017-01-03]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\ixquick-https.xml [2014-05-23]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\startpage-ssl.xml [2014-05-23]
FF Extension: (Firefox Hotfix) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-20]
FF Extension: (Ghostery) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox@ghostery.com.xpi [2016-10-20]
FF Extension: (Lightbeam) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-10-20]
FF Extension: (NoScript) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-10-20]
FF Extension: (Video DownloadHelper) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-20]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and you can only run the computer while Comodo is disabled I suggest you try this fix.

Reset the Sandbox
https://help.comodo.com/topic-72-1-451-4741-.html

When done and after a restart of the computer let me know if the problem persists.

#4 nevermore_32

nevermore_32
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 07 January 2017 - 08:10 PM

Ok, ran FRST and below is the log. Went to Comodo AV and set sandbox to ask rather than auto. That worked. It sandboxed only 1 file wermgr.exe

I ran RKill and it terminated the same 3 processes and windows update and defender still are not running correctly. On running ctrl-alt-del to look at processes if I click show for all users it comes up with that notification as well as for clicking on windows action center to resolve the windows update. I couldn't get a screenshot of it either. It comes up with unknown publisher.

 

I ran MBAM and that found nothing and ESET online scanner which found nothing. If Comodo Cloud scanner isn't great I would find an alternative. I have a feeling that something is still running either malware/rootkit or trojan. I ran ESET in safe-mode and then I could access the ctrl-alt-del screen. Got a screen shot. What I thought was notable was 2 csrss.exe, 4 opera.exe, 8 svchost.exe -2 of those were network service, 3 local and 3 system. I don't know if it is relevant.

 

I also noticed yesterday when looking at Comodo Av that scanning the C:\Windows\winsxs was off as it was whitelisted. I took that off because I never added it and it wasn't there a day or two before. I haven't done a full can with it yet but I will now. They are so slow though coming back with results from analysis(rating scan), majority are still not back (around 133).

 

I had ran Rkiller before and it only found this, not sure if that has been dealt with or is relevant. 

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected

 

Thanks Nasdaq for your help!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by COLLY (08-01-2017 00:17:16) Run:1
Running from C:\Users\COLLY\Downloads
Loaded Profiles: COLLY (Available Profiles: COLLY)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Flash Video Downloader - YouTube HD Downloader [4K]) - C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\artur.dubovoy@gmail.com [2017-01-03]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\ixquick-https.xml [2014-05-23]
FF SearchPlugin: C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\startpage-ssl.xml [2014-05-23]
FF Extension: (Firefox Hotfix) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-20]
FF Extension: (Ghostery) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox@ghostery.com.xpi [2016-10-20]
FF Extension: (Lightbeam) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-10-20]
FF Extension: (NoScript) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-10-20]
FF Extension: (Video DownloadHelper) - C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-20]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3729032421-3331676028-2867620244-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\artur.dubovoy@gmail.com => moved successfully
C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\Extensions\artur.dubovoy@gmail.com => path removed successfully
C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\ixquick-https.xml => moved successfully
C:\Users\COLLY\AppData\Roaming\Mozilla\Firefox\Profiles\8nmn7umd.default\searchplugins\startpage-ssl.xml => moved successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox-hotfix@mozilla.org.xpi => moved successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\firefox@ghostery.com.xpi => moved successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi => moved successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi => moved successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi => path removed successfully
C:\Users\COLLY\AppData\Roaming\Comodo\IceDragon\Profiles\1oom6n7z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\HWHandSet => key removed successfully
HWHandSet => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13987978 B
Java, Flash, Steam htmlcache => 32473417 B
Windows/system/drivers => 49065 B
Edge => 0 B
Chrome => 0 B
Firefox => 3696569 B
Opera => 29969950 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55425096 B
systemprofile32 => 73698 B
LocalService => 66228 B
NetworkService => 0 B
COLLY => 1922132 B
 
RecycleBin => 0 B
EmptyTemp: => 131.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:17:34 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 AM

Posted 08 January 2017 - 08:37 AM


Nothing to worry about. If the program that needs it had a problem you would get a error message.

I had ran Rkiller before and it only found this, not sure if that has been dealt with or is relevant.
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected


Updates and Windows Defender problem.
Lets check it out.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#6 nevermore_32

nevermore_32
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 08 January 2017 - 03:20 PM

Ok, I ran the FSS tool and below is the log. I tried to get windows update running, no luck still. I did have windows all in one tool but that is damaged and missing the program now but won't uninstall. I figured out windows defender won't work now bc I have the Comodo Antivirus if I understand that correctly.

 

The only thing now is the windows update and today I went to c:\ drive and it said I needed persmission to access various folders permanently again publisher unknown. Took a screenshot. That's weird as I never had any other setting other than admin. I deleted the folder called BOXROOT on c:\ as it was highly suspicious, it said it was 0 bytes but when it deleted it it said it contained 35 files. files were set to show hidden but it was empty if you opened it. I also tried this earlier in the week and it said denied.

Don't know if there is something that is in the root or a hidden trojan and I don't know how to find it/destroy it without destroying the system.

 

Thanks.

 

Farbar Service Scanner Version: 27-01-2016
Ran by COLLY (administrator) on 08-01-2017 at 20:42:56
Running from "C:\Users\COLLY\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2014-07-12 23:36] - [2014-05-30 07:45] - 0497152 ____A (Microsoft Corporation) FA886682CFC5D36718D3E436AACF10B9
 
C:\Windows\System32\drivers\tdx.sys
[2015-01-01 13:51] - [2014-11-11 02:46] - 0119296 ____A (Microsoft Corporation) 70988118145F5F10EF24720B97F35F65
 
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2014-05-26 16:06] - [2011-03-03 07:24] - 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D
 
C:\Windows\SysWOW64\dnsapi.dll
[2014-05-26 16:06] - [2011-03-03 06:38] - 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9
 
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2015-07-26 17:22] - [2015-07-09 18:58] - 2603008 ____A (Microsoft Corporation) AA3E844A2595B1AA5825C70CA50D963E
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2015-07-26 17:22] - [2015-04-27 20:23] - 0188416 ____A (Microsoft Corporation) 7BC3E861F7E8EB543A630090FAE779E0
 
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 AM

Posted 09 January 2017 - 08:06 AM

I deleted the folder called BOXROOT on c:\ as it was highly suspicious, it said it was 0 bytes but when it deleted it it said it contained 35 files. files were set to show hidden but it was empty if you opened it. I also tried this earlier in the week and it said denied.

I may be wrong but that BOXROOT is part of the Comodo COMODO Sandbox .

===

Microsoft launched a Windows error code troubleshooting site.
Now you can finally get an answer on those strange error codes

https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors


It supports Windows 7, Windows 8.1 and Windows 10. The site offers different options based on the operating system you select.

If you select Windows 10, you will be asked to download the Windows Update Troubleshooter and run it. For Windows 8.1 and Windows 7 users, you get different troubleshooters for their respective operating systems.

Some of the repair options provided by the tool:

Repair Windows Update Database corruption.
Repair Windows update components.
Fix Windows Firefox blocking connections to Windows Update on the PC.
Contact a network or system administrator, or ISP, to fix internet connectivity issues.
Check whether default Windows Update data locations have changed.
Fix improperly configured security settings, or missing settings.
Check for missing or corrupt files.
Fix service registration is missing or corrupt.
Fix system date and time aren’t correct.

===

Restart the computer after the repairs.

Let me know if the problem persists.

#8 nevermore_32

nevermore_32
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 09 January 2017 - 12:34 PM

OK, I looked at the site and tried Windows 7 link. The first thing it suggests to do is troubleshoot the network. When I did that it came up with

Error code: 0x80070490

Package ID: unknown

Path: C:\Windows\diagnostics\system\networking

Source: engine

User: COLLY-PC\COLLY

Context: Restricted

 

Now I am as worried before. I saw somewhere else that it could be normal to ask for permission until admin has been granted for the first time(similar to linux or android).  However, I went to the path named there is no choice of running as admin and it gave the same error on restart. This didn't happen before as I ran the troubleshooter including the network troubleshooter before all the other problems appeared and as a way of sorting windows update. I am going to see if there is a way of resetting that error and I will continue through the troubleshooter anyway. The windows update section in that above path also gives the same error code. I am not sure if there is an issue with persmissions which is very worrying. I now have access to C:\Documents and Settings when yesterday, it denied access.

Comodo seems to working ok. It reports that the AV and sandbox are running ok. Action center is ok with everything. It still is coming back with results in the clear with 341 pending analysis now from the cloud after a full scan. I will contact Comodo about the BOXRoot folder.

 

Hope this improves before it gets worse :/



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 AM

Posted 09 January 2017 - 01:46 PM


Error code: 0x80070490
Package ID: unknown
Path: C:\Windows\diagnostics\system\networking


First run the SFC.exe as suggested in this article.
http://www.thewindowsclub.com/windows-update-error-0x80070490

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833


If that fails to restore the Windows Updates. Refer to the artible again.
http://www.thewindowsclub.com/windows-update-error-0x80070490

Refer to the instructions under this paragraph.
If you are running Windows 7 or Windows Vista, after running the System File Checker, you should use the System Update Readiness Tool to repair Windows Update.

Execute the instructions.

Let me know if the problem persists.

If you get any other Error Code please post them for my review.

#10 nevermore_32

nevermore_32
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 11 January 2017 - 05:50 PM

Ok, I ran sfc.exe it said it had corrupt files which could not be repaired. I went to the log file, exported it to .txt and it showed no errors. I had already ran the restore, repair and the windows update tools before this issue got to this stage and contacting the forum. I found at that point the registry must be damaged beyond repair and I disconnected the drive and installed a separate ssd and reinstalled windows 7 on it. It's now up and running and up-to-date and with great speeds.

 

I don't know if it was as a result of a virus or not but the permissions, registry and windows services like update did not recover from it. I certainly learned a lot about the flakiness and bad security within windows update. Having known of the dangers within Windows, I was shocked that it was even worse than I had thought. 

 

Thanks and all the best! 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 AM

Posted 12 January 2017 - 09:41 AM

Thank your and good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users