Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not start TDSSKiller


  • This topic is locked This topic is locked
5 replies to this topic

#1 Rob0

Rob0

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 January 2017 - 09:31 PM

I have downloaded TDDSSKiller changed it's name tto iexplore.com It will not run. I get a blue pop up stating.

 

(This App can't run on your PC. To find a version for your PC, check with software publisher). together with a 'Close' box (see attached image)

 

I tried it in Safe Mode but the same pop up appears.

 

Programs are taking too long to load and my Internet speed is down to 512 kbps. It was slow any way at normal speed of 1.5MB

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by ROB (administrator) on TEN1 (18-01-2017 02:01:46)
Running from C:\Users\ROB\Desktop
Loaded Profiles: ROB (Available Profiles: ROB)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-10-18] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] => c:\program files\bullguard ltd\bullguard\BullGuard.exe [1464088 2016-12-19] (BullGuard Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-925155584-1725927346-1754287598-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{8a27ce76-29ac-462b-91f7-2d772d2ea619}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{9c6b0c4e-4f1b-4392-9556-b5952722a8db}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{9c6b0c4e-4f1b-4392-9556-b5952722a8db}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-925155584-1725927346-1754287598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {04B97ADA-7041-4E43-A0EB-7C513C71182C} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-925155584-1725927346-1754287598-1001 -> {04B97ADA-7041-4E43-A0EB-7C513C71182C} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF DefaultProfile: p687d1zl.default
FF ProfilePath: C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default [2017-01-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p687d1zl.default -> Bing
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\artur.dubovoy@gmail.com [2017-01-09]
FF Extension: (British English Dictionary (Updated)) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\en-gb@flyingtophat.co.uk [2015-10-30] [not signed]
FF Extension: (Ghostery) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\firefox@ghostery.com.xpi [2016-11-30]
FF Extension: (Self-Destructing Cookies) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-10-25]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (Lightbeam) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-07-17]
FF Extension: (Adblock Plus) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF SearchPlugin: C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\searchplugins\shapeways--forum-search.xml [2016-02-15]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-09-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKU\S-1-5-21-925155584-1725927346-1754287598-1001\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\backup\thunderbirdbkplugin
FF Extension: (BullGuard Backup) - C:\Program Files\BullGuard Ltd\BullGuard\Files32\backup\thunderbirdbkplugin [2015-10-29] [not signed]
FF HKU\S-1-5-21-925155584-1725927346-1754287598-1001\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter
FF Extension: (BullGuard Spamfilter) - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2015-10-29] [not signed]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-17] (Broadcom Corporation.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1540376 2016-12-21] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [705304 2016-12-19] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [184600 2016-12-19] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [487704 2016-12-19] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [860952 2016-12-19] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5660440 2016-12-19] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [652056 2016-12-19] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2016-12-19] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2016-12-19] (BullGuard Ltd.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2016-11-10] (Dassault Systèmes) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S4 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-10-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-10-18] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afw; C:\WINDOWS\system32\DRIVERS\afw.sys [52904 2015-08-26] (Agnitum Ltd.)
R3 afwcore; C:\WINDOWS\system32\DRIVERS\afwcore.sys [465072 2015-08-26] (Agnitum Ltd.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-17] (Broadcom Corporation.)
S3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774720 2016-04-19] (Broadcom Corp)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774720 2016-04-19] (Broadcom Corp)
R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R3 BdNet; C:\WINDOWS\system32\DRIVERS\BdNet.sys [51856 2015-10-15] (BullGuard Ltd.)
R1 BdSpy; C:\WINDOWS\System32\drivers\BdSpy.sys [94952 2015-10-15] (BullGuard Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R0 mbamchameleon; C:\WINDOWS\System32\drivers\mbamchameleon.sys [140672 2016-06-19] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-17] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-17] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NovaShieldFilterDriver; C:\WINDOWS\System32\DRIVERS\NSKernel.sys [276144 2016-07-27] (BullGuard Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-10-18] (Realtek                                            )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-10-24] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-18] ()
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [477272 2015-10-15] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 02:01 - 2017-01-18 02:03 - 00018506 _____ C:\Users\ROB\Desktop\FRST.txt
2017-01-18 01:59 - 2017-01-18 02:01 - 02419200 _____ (Farbar) C:\Users\ROB\Downloads\FRST64.exe
2017-01-18 01:58 - 2017-01-18 01:58 - 02419200 _____ (Farbar) C:\Users\ROB\Desktop\FRST64.exe
2017-01-18 01:57 - 2017-01-18 02:01 - 00000000 ____D C:\FRST
2017-01-18 01:19 - 2017-01-18 01:05 - 04456448 _____ C:\Users\ROB\Desktop\iexplore.com.exe
2017-01-18 01:14 - 2017-01-17 20:53 - 07524616 _____ (Goversoft LLC) C:\Users\ROB\Desktop\privazer_free.exe
2017-01-17 18:38 - 2017-01-17 18:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4B2F3714.sys
2017-01-17 17:18 - 2017-01-17 17:18 - 00001030 _____ C:\Users\ROB\Desktop\Scan report.txt
2017-01-17 16:50 - 2017-01-17 16:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-17 16:22 - 2017-01-17 19:07 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-17 16:22 - 2017-01-17 18:58 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-17 16:22 - 2017-01-17 18:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-17 16:20 - 2017-01-18 01:35 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 16:20 - 2017-01-17 18:58 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-17 16:19 - 2017-01-17 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-17 16:19 - 2017-01-17 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 16:19 - 2017-01-17 16:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-17 16:19 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-17 15:50 - 2017-01-17 15:58 - 00365424 _____ (Malwarebytes) C:\Users\ROB\Downloads\mbae-clean-2.3.0.1001.exe
2017-01-17 15:49 - 2017-01-17 15:52 - 01889232 _____ (Malwarebytes ) C:\Users\ROB\Downloads\mbae-setup-1.09.1.1291.exe
2017-01-16 20:23 - 2017-01-16 20:23 - 00000000 ____D C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2017-01-16 19:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-5P0T0.tmp
2017-01-16 16:40 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-TH295.tmp
2017-01-16 15:13 - 2017-01-16 15:14 - 00631006 _____ C:\Users\ROB\Desktop\spirograph.dxf
2017-01-16 15:02 - 2017-01-16 15:26 - 54199488 _____ (Malwarebytes ) C:\Users\ROB\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-16 00:48 - 2017-01-16 00:48 - 00007337 _____ C:\Users\ROB\AppData\Local\recently-used.xbel
2017-01-13 11:35 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-13 11:35 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-13 11:35 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-13 11:35 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-13 11:35 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-13 11:35 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-13 11:35 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-13 11:35 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-13 11:35 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-13 11:35 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-13 11:35 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-13 11:35 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-13 11:35 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-13 11:35 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-13 11:35 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-13 11:35 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-13 11:35 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-13 11:35 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-13 11:35 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-13 11:35 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-13 11:35 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-13 11:35 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-13 11:35 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-13 11:35 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-13 11:35 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-13 11:35 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-13 11:35 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-13 11:35 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-13 11:35 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-13 11:35 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-13 11:35 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-13 11:35 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-13 11:35 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-13 11:35 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-13 11:35 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-13 11:35 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-13 11:35 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-13 11:35 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-13 11:35 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-13 11:35 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-13 11:35 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-13 11:35 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-13 11:35 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-13 11:35 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-13 11:35 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-13 11:35 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-13 11:35 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-13 11:35 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-13 11:35 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-13 11:35 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-13 11:35 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-13 11:35 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-13 11:35 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-13 11:35 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-13 11:35 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-13 11:35 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-13 11:35 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-13 11:35 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-13 11:35 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-13 11:35 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-13 11:35 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-13 11:35 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-13 11:35 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-13 11:35 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-13 11:35 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-13 11:34 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-13 11:34 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-13 11:34 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-13 11:34 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-13 11:34 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-13 11:34 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-13 11:34 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-13 11:34 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-13 11:34 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-13 11:34 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-13 11:34 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-13 11:34 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-13 11:34 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-13 11:34 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-13 11:34 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-13 11:34 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-13 11:34 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-13 11:34 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-13 11:34 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-13 11:34 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-13 11:34 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-13 11:34 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-13 11:34 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-13 11:34 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-13 11:34 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-13 11:34 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-13 11:34 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-13 11:34 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-13 11:34 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-13 11:34 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-13 11:34 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-13 11:34 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-13 11:34 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-13 11:34 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-13 11:34 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-13 11:34 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-13 11:34 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-13 11:34 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-13 11:34 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-13 11:34 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-13 11:34 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-13 11:34 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-13 11:34 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-13 11:34 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-13 11:34 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-13 11:34 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-13 11:34 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-13 11:34 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-13 11:34 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-13 11:34 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-13 11:34 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-13 11:34 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-13 11:34 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-13 11:34 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-13 11:34 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-13 11:34 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-13 11:34 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-13 11:34 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-13 11:34 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-13 11:34 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-13 11:34 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-13 11:34 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-13 11:34 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-13 11:34 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-13 11:34 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-13 11:34 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-13 11:34 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-13 11:34 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-13 11:34 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-13 11:34 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-13 11:34 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-13 11:34 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-13 11:34 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-13 11:34 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-13 11:34 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-13 11:34 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-13 11:34 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-13 11:34 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-13 11:34 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-13 11:34 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-13 11:34 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-13 11:34 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-13 11:34 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-13 11:34 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-13 11:34 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-13 11:34 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-13 11:34 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-13 11:34 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-13 11:34 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-13 11:34 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-13 11:34 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-13 11:34 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-13 11:34 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-13 11:34 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-13 11:34 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-13 11:34 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-13 10:44 - 2017-01-16 22:14 - 00000000 ____D C:\Users\ROB\Desktop\35mmPinhole-master
2017-01-13 02:27 - 2017-01-13 02:27 - 00136679 _____ C:\Users\ROB\Desktop\Bar Pendant Desgin (One Piece).skp
2017-01-12 18:11 - 2017-01-12 18:11 - 00036696 _____ C:\Users\ROB\Desktop\rudder.dxf
2017-01-11 23:08 - 2017-01-11 23:08 - 00000013 _____ C:\Users\ROB\Desktop\talktalk.txt
2017-01-11 16:46 - 2017-01-11 16:46 - 00696320 _____ (Speed Guide Inc.) C:\Users\ROB\Downloads\TCPOptimizer.exe
2017-01-11 16:28 - 2017-01-11 17:05 - 25924168 _____ C:\Users\ROB\Desktop\RogueKillerX64.exe
2017-01-11 16:24 - 2017-01-11 16:24 - 00025426 _____ C:\Users\ROB\Desktop\bahtinov.dxf
2017-01-11 15:32 - 2017-01-11 15:32 - 00470635 _____ C:\Users\ROB\Desktop\123.step
2017-01-11 15:31 - 2017-01-11 15:31 - 00013981 _____ C:\Users\ROB\Desktop\bahtinov.svg
2017-01-10 19:09 - 2017-01-16 16:05 - 00035554 _____ C:\WINDOWS\ntbtlog.txt
2017-01-10 19:00 - 2016-10-29 18:57 - 03423928 _____ (Symantec Corporation) C:\Users\ROB\Desktop\NPE.exe
2017-01-10 11:20 - 2017-01-10 11:20 - 00000000 ____D C:\Users\ROB\Documents\XMAS BALL
2017-01-10 01:45 - 2017-01-03 21:22 - 00448512 _____ (OldTimer Tools) C:\Users\ROB\Desktop\TFC.exe
2017-01-09 23:07 - 2017-01-09 23:07 - 02772054 _____ C:\Users\ROB\Documents\M10.rsdoc
2017-01-07 11:47 - 2017-01-10 20:59 - 00000000 ____D C:\Users\ROB\Desktop\GEARS
2017-01-06 23:17 - 2017-01-12 11:58 - 00000000 ____D C:\Users\ROB\Desktop\MEMENTO
2017-01-03 21:15 - 2017-01-03 21:22 - 00448512 _____ (OldTimer Tools) C:\Users\ROB\Downloads\TFC.exe
2017-01-03 15:20 - 2017-01-15 19:10 - 00000000 ____D C:\Users\ROB\Desktop\Box-o-tron-master
2017-01-01 17:30 - 2017-01-01 17:30 - 17265015 _____ C:\Users\ROB\Desktop\viking oseberg.rsdoc
2017-01-01 15:58 - 2017-01-01 15:58 - 07925484 _____ C:\Users\ROB\Desktop\viking ship.stl
2016-12-27 23:19 - 2016-12-27 23:20 - 71317012 _____ C:\Users\ROB\Desktop\azx.obj
2016-12-27 22:54 - 2016-12-27 22:54 - 00000000 ____D C:\Program Files\VCG
2016-12-27 21:38 - 2016-12-27 22:54 - 49521260 _____ C:\Users\ROB\Downloads\MeshLab2016.12.exe
2016-12-27 21:29 - 2016-12-24 23:55 - 00310480 _____ C:\Users\ROB\Desktop\viking_ship_plan_Holmes_Ancient_and_modern_ships.gif
2016-12-24 12:49 - 2016-12-28 01:38 - 00000000 ____D C:\Users\ROB\Desktop\SONIC DRIVER
2016-12-23 15:01 - 2017-01-10 19:47 - 00000000 ____D C:\Users\ROB\Desktop\Blandford
2016-12-23 13:18 - 2016-12-23 13:18 - 00001885 _____ C:\Users\ROB\Desktop\Meshmixer.lnk
2016-12-23 12:54 - 2016-12-23 13:16 - 81675280 _____ (Autodesk, Inc.) C:\Users\ROB\Downloads\Autodesk_Meshmixer_v3p0_Win64.exe
2016-12-19 20:13 - 2016-12-19 20:13 - 00170168 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll
2016-12-19 20:13 - 2016-12-19 20:13 - 00149032 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll
2016-12-19 20:13 - 2016-12-19 20:13 - 00076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll
2016-12-19 20:13 - 2016-12-19 20:13 - 00061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 02:02 - 2015-09-26 15:36 - 00000000 ____D C:\ProgramData\BullGuard
2017-01-18 01:39 - 2016-08-06 01:47 - 05392094 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 01:36 - 2016-11-21 11:26 - 00000000 ____D C:\Users\ROB\AppData\LocalLow\Mozilla
2017-01-18 01:34 - 2016-08-06 02:09 - 00000400 _____ C:\WINDOWS\system32\config\afw_hm.conf
2017-01-18 01:34 - 2016-08-06 02:09 - 00000004 _____ C:\WINDOWS\system32\config\afw_db.conf
2017-01-18 01:34 - 2016-08-06 02:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-18 01:34 - 2016-08-06 01:44 - 00000000 ____D C:\ProgramData\Validity
2017-01-18 01:34 - 2016-08-06 01:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-18 01:34 - 2015-09-26 14:53 - 00000000 __SHD C:\Users\ROB\IntelGraphicsProfiles
2017-01-18 01:30 - 2016-08-06 01:41 - 00293072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 01:29 - 2016-07-16 06:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-18 01:26 - 2016-11-02 19:09 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-18 01:16 - 2015-10-20 14:03 - 00000000 ____D C:\Users\ROB\AppData\Local\ElevatedDiagnostics
2017-01-18 01:13 - 2016-10-23 22:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-17 20:21 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 20:04 - 2015-09-26 15:46 - 00000000 ____D C:\Users\ROB\AppData\Roaming\BullGuard
2017-01-17 19:32 - 2016-04-14 21:54 - 00007604 _____ C:\Users\ROB\AppData\Local\Resmon.ResmonCfg
2017-01-17 18:30 - 2016-08-06 01:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-17 16:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-16 22:51 - 2016-08-06 01:48 - 00000000 ____D C:\Users\ROB
2017-01-16 22:49 - 2015-05-20 03:20 - 00000000 ____D C:\ProgramData\Temp
2017-01-16 21:32 - 2015-10-17 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-16 16:34 - 2016-08-07 17:37 - 00000000 ____D C:\Users\ROB\AppData\Local\CrashDumps
2017-01-16 14:58 - 2016-08-09 13:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-15 19:41 - 2016-01-10 15:12 - 00000334 _____ C:\WINDOWS\Tasks\HPCeeScheduleForROB.job
2017-01-15 19:14 - 2016-12-18 15:51 - 00000000 ____D C:\AdwCleaner
2017-01-15 19:07 - 2016-10-29 19:00 - 00000000 ____D C:\Users\ROB\AppData\Local\NPE
2017-01-15 17:00 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-15 15:01 - 2016-08-06 02:01 - 00003218 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForROB
2017-01-15 13:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-15 00:41 - 2016-10-22 19:26 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-14 12:31 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 12:57 - 2015-10-19 16:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 12:48 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 11:59 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-13 11:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-13 11:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-13 11:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-13 11:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 21:54 - 2016-08-06 02:01 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 18:21 - 2016-12-08 20:03 - 00000000 ____D C:\Users\ROB\Desktop\FRIGATE
2017-01-12 17:35 - 2016-08-20 21:36 - 00000000 ____D C:\Users\ROB\Desktop\DOLLS HOUSE
2017-01-12 12:58 - 2015-09-26 18:45 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 16:48 - 2015-10-17 16:26 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-11 00:12 - 2015-09-26 22:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 21:06 - 2015-10-11 18:15 - 00000000 ____D C:\Users\ROB\AppData\Roaming\Autodesk
2017-01-10 20:54 - 2016-12-12 15:46 - 00000000 ____D C:\Users\ROB\Desktop\Gallion
2017-01-10 19:02 - 2016-10-29 19:03 - 00000000 ____D C:\NPE
2017-01-10 15:39 - 2016-12-14 15:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-09 20:12 - 2016-12-15 00:48 - 02959415 _____ C:\Users\ROB\Desktop\viking.rsdoc
2017-01-09 18:50 - 2016-11-02 19:09 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 18:50 - 2016-08-06 02:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-01-09 18:50 - 2016-05-15 14:55 - 00000000 ____D C:\Program Files (x86)\LibreCAD
2017-01-09 18:50 - 2015-10-13 21:30 - 00000000 ____D C:\Users\ROB\AppData\Roaming\FreeCAD
2017-01-09 18:50 - 2015-09-29 19:06 - 00000000 ____D C:\Program Files (x86)\Inkscape
2017-01-09 18:50 - 2015-09-26 22:14 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-09 18:50 - 2015-09-26 22:06 - 00000000 ____D C:\Users\ROB\AppData\Roaming\netfabb
2017-01-09 18:50 - 2014-11-12 01:03 - 00000000 ____D C:\Program Files\7-Zip
2017-01-09 18:40 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-05 17:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-30 15:54 - 2016-10-21 17:46 - 00000000 ____D C:\Users\ROB\AppData\Local\cura
2016-12-27 22:54 - 2015-09-26 22:17 - 00000000 ____D C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeshLab
2016-12-23 13:18 - 2015-10-11 18:13 - 00000000 ____D C:\Users\ROB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-12-23 13:17 - 2015-10-11 18:13 - 00000000 ____D C:\Program Files\Autodesk
2016-12-23 13:17 - 2014-11-12 01:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-22 23:13 - 2016-07-16 11:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 23:13 - 2016-07-16 11:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-01-16 00:48 - 2017-01-16 00:48 - 0007337 _____ () C:\Users\ROB\AppData\Local\recently-used.xbel
2016-04-14 21:54 - 2017-01-17 19:32 - 0007604 _____ () C:\Users\ROB\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\ROB\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-14 10:57

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 18 January 2017 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\p687d1zl.default\Extensions\artur.dubovoy@gmail.com [2017-01-09]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
CustomCLSID: HKU\S-1-5-21-925155584-1725927346-1754287598-1001_Classes\CLSID\{613236df-9774-9eda-d9fa-08e3d6d9a8827}\InprocServer32 -> 0x6C6B61386B627761784B585A763941424251414641423441484142755957316C505778705932567563326C755A3138774E (the data entry has 449 more characters).
CustomCLSID: HKU\S-1-5-21-925155584-1725927346-1754287598-1001_Classes\CLSID\{f21c3b1e-0f53-b4ca-ba8e-b2d52c6ca3c73}\InprocServer32 -> 0x10C05AEFFEF9D001C7D8A960CE6CD201090000002E00000000000000 => No File
Task: {178EE2BC-3810-45BE-B84F-B675BC58650A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {21B7EBAF-AACD-4150-91B4-7B6F02208B14} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {463E5F22-CF7C-493A-93CE-E79E6CACF1E2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {55FBE891-8DC5-4326-BFA3-92B006210ACE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {767DA0E7-A609-49AD-8042-DFC3F4EC5EE8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7727A208-CE5C-4313-874E-B1895EF1455F} - \WPD\SqmUpload_S-1-5-21-925155584-1725927346-1754287598-1001 -> No File <==== ATTENTION
Task: {78B11DAD-E9A7-4883-89D9-F558159232F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7CB894E4-1F9D-46A4-BF50-4405CD99B59D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7FFC2491-BD66-4C10-8AC7-40D0178502CD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {89F1FE80-FD4C-4E9C-B152-C7A68C476524} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A426D2B6-22C7-41CE-96E1-F8747ABC6EFD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD68ABCA-4208-4B65-957F-B8B5FDC14C5C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists Right Click on the Tdsskiller.exe and run as an Administrator.


If not joy then navigate to this page.
http://windowsreport.com/app-cant-run-windows-10/

Try the Solutions 2, 3, 4... on the link.

Please let me know what problem persists with this computer.

#3 Rob0

Rob0
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 18 January 2017 - 05:52 PM

Hi nasdaq,

I tried the Solutions on the link. to no avail. TDSSKiller will not start.

 

The first problem I found with this computer is that I could not print as suggested. I kept getting an error message. I deleted the printer, then connected the printer again, it was recognised as a CDrom drive. I deleted that and did a manual install using the installer for the printer. I am still getting error messages. I can't print.

Everything seems to hang before opening, with the blue do-nut going around and around.

Can I just mention when I booted in Safe Mode to try to run TDSSKiller. the App 'Getting Started' would not load, a Blue screen appeared. see attached.

 

Fixlog attached.

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 19 January 2017 - 09:55 AM


Lets do some repairs.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    28.02 - Repair Windows 8/10 Apps Store (Completely Reset Apps Store)
    29 - Repair Windows 8/10 Component Store
    30 - Repair Windows 8/10 COM+ Unmarshalers
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================




#5 Rob0

Rob0
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 19 January 2017 - 06:15 PM

The computer still seems slow to load programs.

The search function does not work.
I connected my printer to check if it was working. The printer was
recognised as a Device CDrom again (see image)  It does not print.

A notification appeared asking me to check my firewalls. I had two firewalls running, so I turned the Windows firewall off. Leaving my ant-ivrus software firewall on. Is that OK?

There are 10 log files. I didn't know if I should open them one by one
and copy them into one file to paste here.
I tried to attach them all in one zip file. Access denied, with 7-Zip.
So I have attached them separately.
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 20 January 2017 - 09:06 AM


Please Google this string in bold hp printer recognised as a Device CDrom you may be able to find a solution to your printer problem.

Looking further this may be your solution.
http://www.tomshardware.com/forum/348621-28-when-attempted-install-printer-computer-detected-drive
===

A notification appeared asking me to check my firewalls. I had two firewalls running, so I turned the Windows firewall off. Leaving my ant-ivrus software firewall on. Is that OK?

Yes, normall the Anti--virus program will disable the Windows Firewall.
===

Windows 10 Searh issue.
See if article can help.
http://bootables.net/windows-10-taskbar-search-and-cortana-not-working/

You can also start a new topic in the Windows 10 forum for this Search problem.
https://www.bleepingcomputer.com/forums/f/229/windows-10-support/
A helper with that experience may be able to help you. This is not my forte.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users