Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird dllhost showing up


  • This topic is locked This topic is locked
22 replies to this topic

#1 PatL

PatL

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 03 February 2017 - 04:37 PM

Hi guys,
 
Since last night I noticed an extra dllhost.exe in task manager that I'd never been aware of before. In process explorer it showed a weird process ID when I selected it. It seems to run and close itself at random times. I ran Malwarebytes, Rkill, Roguekiller, Combofix, Zoek and FRST. It didn't seem to fix the one that continues to show up. Should I be concerned or am I okay? I also noticed in Process Explorer that my services.exe has a 1/56 detection rate on VirusTotal, is that a problem? Here are the logs, thanks in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by Patrick (administrator) on PATRICK-PC (03-02-2017 13:17:10)
Running from C:\Users\Patrick\Desktop\Malware Removal Programs
Loaded Profiles: Patrick (Available Profiles: Patrick)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Foolish IT LLC) C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1491128 2016-09-14] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-03] (AVAST Software)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2436944 2016-12-31] (VoodooSoft, LLC )
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2015-06-03] (MyCity)
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2124360 2015-06-07] (PeerBlock, LLC)
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1231240 2017-01-27] (Ruiware)
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-02-03] (AVAST Software)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [NameServer] 208.67.222.222,208.67.220.220,10.0.0.1
Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{48AAE418-7A06-4B01-B67C-69F8C3DD738A}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{593F7501-4046-4535-BA5E-FCD7C80DB509}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{F8D1935D-8F20-43E6-943E-B57692889A9C}: [NameServer] 208.67.222.222,208.67.220.220,

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2985130882-1756615807-8858886-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2985130882-1756615807-8858886-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\v7d7tla4.default-1483372895367 [2017-02-03]
FF NewTab: Mozilla\Firefox\Profiles\v7d7tla4.default-1483372895367 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\v7d7tla4.default-1483372895367 -> about:home
FF Extension: (Diagnostics) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\v7d7tla4.default-1483372895367\features\{355e2567-09e2-414c-85b8-32e76db6a947}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\v7d7tla4.default-1483372895367\features\{355e2567-09e2-414c-85b8-32e76db6a947}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2017-01-27] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5541048 2017-02-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-03] (AVAST Software)
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4561512 2016-09-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1670840 2016-09-14] (COMODO)
S3 CryptoPreventEmail; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [613360 2017-02-02] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [613360 2017-02-02] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [613360 2017-02-02] (Foolish IT LLC)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1125568 2016-04-07] (Disc Soft Ltd)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4862608 2016-12-07] (SurfRight B.V.)
S4 K2Service.exe; C:\Program Files\Kruptos 2 Software\Kruptos 2 Professional\K2Service.exe [103432 2016-09-26] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2017-01-16] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2017-01-16] (Malwarebytes)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-11-12] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-11-12] (Secunia)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129872 2016-12-31] (VoodooSoft, LLC )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-06-03] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-02-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-02-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-02-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-02-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-02-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-02-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-02-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [61128 2017-02-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [754664 2017-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463936 2017-02-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118288 2017-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [277176 2017-02-03] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [27488 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [648728 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [52824 2016-08-31] (COMODO)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-08-11] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-04-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-04-05] (Disc Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 epp; C:\EEK\bin32\epp.sys [97128 2016-06-30] (Emsisoft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-06-03] (Glarysoft Ltd)
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [205200 2016-12-07] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [83136 2016-12-07] (SurfRight B.V.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [102184 2016-08-31] (COMODO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [126336 2017-01-16] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2017-01-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-02-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2017-01-16] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-11-12] (Secunia)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [232160 2015-09-02] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11973 2015-10-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-09-02] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [103544 2016-06-05] (Oracle Corporation)
R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [19016 2016-12-31] (VoodooSoft, LLC)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-10-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-10-02] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Patrick\AppData\Local\Temp\catchme.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 873F0162D10893E3DF34FA2AC604E6EA
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswbidsdriverx.sys 1B495A6B957ED747151D4AD0FC985F8C
C:\Windows\system32\drivers\aswbidshx.sys BDBE825249DBB068AD8A661F8B1DCA01
C:\Windows\system32\drivers\aswblogx.sys 8765CB5FB43500459815B453BD173662
C:\Windows\system32\drivers\aswbunivx.sys DC1C16CA3A9360EC9D73DD6134A38C15
C:\Windows\system32\drivers\aswHwid.sys 85192D8D1B544FD2B643F2DDE5641C88
C:\Windows\system32\drivers\aswMonFlt.sys 669CDAF2135BDFE93D6DEDB2AC366347
C:\Windows\system32\drivers\aswRdr2.sys D272D631BE23849447B8CCBE2BACAFDC
C:\Windows\system32\drivers\aswRvrt.sys 735F272546A2C9F8ED9BA449A4A52940
C:\Windows\system32\drivers\aswSnx.sys A14AA1F71E8E45539FD6ACABFCF11114
C:\Windows\system32\drivers\aswSP.sys 8E2DB3BB7964A44A6089CF7019B1D436
C:\Windows\system32\drivers\aswStm.sys C80F22C80B536A4807B8D8058E369820
C:\Windows\system32\drivers\aswVmm.sys 46F3DD0B425A563FC8C4AF0A589FF15F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl6.sys EB7C2DADF52F50F69F198C14C3556DC1
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 1136E4A71849BCFCB057140AD03AAEE6
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys ABE9A16EF4A7E33ECE5F0DCC90DF5C74
C:\Windows\System32\DRIVERS\cmdguard.sys E194D3EE109994E90BCE4225BEEA5FBF
C:\Windows\System32\DRIVERS\cmdhlp.sys 8EB5FAE70575786CF40F2DEB80E56012
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\Drivers\CtAudDrv.sys 0F538DF1673E5216F3BAACB6911D9D0F
C:\Windows\System32\DRIVERS\CtClsFlt.sys 9A6CA307151505730DBFC91D97F01C7E
C:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB
C:\Windows\System32\DRIVERS\ssudbus.sys B8AF290680D6995D98801F70E1BAB56D
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 8A32FF671D452D36CC7421171B78F939
C:\Windows\System32\DRIVERS\dtliteusbbus.sys 0098B71A5D28FEAF321B4AC4549765D9
C:\Windows\System32\drivers\dxgkrnl.sys 4B21D102E49E9D44C478D6766A7FCBE5
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys 72753D5CC94A90F5CFC6C00ECC47163F
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\EEK\bin32\epp.sys FEFA44FADD6C4BAC432F4953FD582CCF
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GUBootStartup.sys 05C11D2DA6B396F6AD8C590D32CF81D7
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hmpalert.sys 33156B37BCDF9BEBE453A069DF9D194A
C:\Windows\system32\drivers\hmpnet.sys 3906AB15026B804E044949610B5E03A7
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 79DEAF71DE65ABFE6C9CCC10818C9DDD
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EF7A3616C7902A232FEDAAB886AA07C2
C:\Windows\System32\Drivers\ksecpkg.sys 78EF4037997534DD08545416EF4438E2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 22649DC583AE1F124C12FB1D39AE8B0B
C:\Windows\system32\drivers\mbam.sys A1D52DB330E18B5A7A718D31D950CA87
C:\Windows\system32\drivers\MBAMSwissArmy.sys 5023F594D5448E16F920157174C61358
C:\Windows\system32\drivers\mwac.sys 66DDF98174707CBADBCA6BBABDA1231C
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys D1BDF813C9FE5ED53134EDF360927735
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686
C:\Windows\System32\DRIVERS\mrxsmb.sys 6284D46BAA301BEDB9AB7FA7672B2410
C:\Windows\System32\DRIVERS\mrxsmb10.sys 78AD95493F015FA9941869A009C00286
C:\Windows\System32\DRIVERS\mrxsmb20.sys D7C3ED1FD46FAC7083473D9B1718255E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys A00996C9BFEF29A93B9F21DBE1DC502D
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys 25401B0C9576C8456B3E0BBD74FF0771
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 978E7A2E4BF4E8E70D0776EF0D9E97FB
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_x86.sys 68B57D7C11277EA89F78255480376B4D
C:\Windows\System32\DRIVERS\qcusbser.sys C087900935B6472233EECE8A86AE9C77
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys 72DFFA33F8ED1C847075EEE2C1E790EE
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys D86EA722F3337AA3F0253B6E359E6796
C:\Windows\System32\DRIVERS\srv2.sys 1931823AC05967E5F79B791E9FFC2398
C:\Windows\System32\DRIVERS\srvnet.sys 50A2FC7B0408F15B77E056076BBB6252
C:\Windows\System32\DRIVERS\ssudmdm.sys 1F568F98A6BBBB174965A182D17AA75D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys F49967C396969B71C3A72537DB03A68B
C:\Windows\System32\drivers\tcpip.sys C7E41209132B9CF084CCEA8593F61328
C:\Windows\System32\DRIVERS\tcpip.sys C7E41209132B9CF084CCEA8593F61328
C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 325A69967CC7B4BFB170F5636143A94A
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys 5D57798CAE5A0DD0B8F61C52B8E7C3D1
C:\Windows\system32\drivers\usbhub.sys 3835ECC1E928042F92D7AA1963D40523
C:\Windows\system32\drivers\usbohci.sys 81E1E90305A4C7A13BADC5DFA22ABA37
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\Windows\system32\drivers\usbuhci.sys B4A1789BE90403D9549EF9DBAD37A429
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys 3AA7D74157C922E0C794C2F44F3D5F21
C:\Windows\System32\Drivers\VBoxUSB.sys FE10BFADA31398EA4E4F9BE77A184255
C:\Windows\System32\DRIVERS\VClone.sys 6BEE3F8B3A08179BA475AA6043CAB30D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsscanner.sys EC53AE296AD313521B7C401EC156B6E9
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam.sys 5A833408ACFEADB92C7BEB2E7DB6B9BF
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\yk62x86.sys B07C5B7EFDF936FF93D4F540938725BE
C:\Windows\System32\drivers\zam32.sys 06897B431C07886454E0681723DD53E6
C:\Windows\System32\drivers\zamguard32.sys 06897B431C07886454E0681723DD53E6

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2066-05-17 10:51 - 2017-02-03 13:17 - 00009800 _____ C:\Windows\WindowsUpdate.log
2017-02-03 13:16 - 2017-02-03 13:17 - 00000000 ____D C:\FRST
2017-02-03 13:08 - 2017-02-03 13:08 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-03 12:55 - 2017-02-03 12:55 - 00000000 ____D C:\Users\Patrick\AppData\Local\CEF
2017-02-03 12:54 - 2017-02-03 12:54 - 00081224 _____ C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-03 12:53 - 2017-02-03 12:53 - 00000000 ____D C:\ProgramData\Shared Space
2017-02-03 12:53 - 2017-02-03 12:53 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-02-03 12:26 - 2017-02-03 12:26 - 00000000 ____D C:\zoek
2017-02-03 12:12 - 2017-02-03 12:29 - 00003276 _____ C:\runcheck.txt
2017-02-03 12:10 - 2017-02-03 12:10 - 04554550 _____ C:\Users\Patrick\Documents\2-3-17.zip
2017-02-03 12:09 - 2017-02-03 12:27 - 00000000 ____D C:\zoek_backup
2017-02-03 11:54 - 2017-02-03 12:08 - 00000000 ____D C:\ComboFix
2017-02-03 11:53 - 2017-02-03 12:27 - 00183926 _____ C:\Windows\ntbtlog.txt
2017-02-03 11:53 - 2017-02-03 11:53 - 00337688 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-03 11:48 - 2017-02-03 11:49 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2017-02-03 11:03 - 2017-02-03 11:03 - 00000188 _____ C:\Users\Patrick\Documents\Zoek Script.txt
2017-02-03 00:28 - 2017-02-03 00:28 - 00003336 _____ C:\Users\Patrick\Documents\Roguekiller.txt
2017-02-02 17:18 - 2017-02-02 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-01 18:57 - 2017-02-02 14:43 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\gtk-2.0
2017-02-01 18:54 - 2017-02-02 14:44 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\gsmartcontrol
2017-02-01 18:53 - 2017-02-02 14:44 - 00000000 ____D C:\Program Files\GSmartControl
2017-02-01 18:53 - 2017-02-01 18:53 - 00002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl.lnk
2017-01-31 21:53 - 2017-01-31 21:55 - 00000000 ____D C:\Program Files\Speccy
2017-01-31 18:28 - 2017-02-03 13:08 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-01-31 18:28 - 2017-02-03 13:08 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-01-31 18:28 - 2017-02-03 13:08 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-01-31 18:28 - 2017-02-03 13:08 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-01-29 17:45 - 2017-02-01 09:30 - 00000000 ___HD C:\Users\Patrick\dwhelper
2017-01-27 20:37 - 2017-01-27 20:37 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\SUPERAntiSpyware.com
2017-01-27 20:36 - 2017-01-28 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-27 20:36 - 2017-01-27 20:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-27 20:36 - 2017-01-27 20:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-26 09:33 - 2017-01-26 09:33 - 00001253 _____ C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VTM Bloodlines Antitribu Mod.lnk
2017-01-26 09:19 - 2017-01-26 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
2017-01-26 09:19 - 2017-01-26 09:19 - 00000292 _____ C:\Windows\vtmb.ini
2017-01-26 09:11 - 2017-01-26 09:11 - 00000000 ____D C:\Program Files\Activision
2017-01-23 10:20 - 2017-01-23 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2017-01-23 10:17 - 2017-01-23 10:17 - 00000000 ____D C:\Program Files\PrivaZer
2017-01-21 21:12 - 2017-01-21 21:39 - 00000000 ____D C:\Users\Patrick\Downloads\Deathstroke The Terminator
2017-01-16 10:51 - 2017-02-03 13:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-16 10:37 - 2017-01-16 10:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-01-16 10:37 - 2017-01-16 10:37 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-16 10:37 - 2017-01-16 10:37 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-01-16 10:37 - 2017-01-16 10:37 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-16 10:37 - 2017-01-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-11 12:16 - 2017-01-11 12:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 12:16 - 2017-01-11 12:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 12:16 - 2017-01-11 12:16 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 12:16 - 2017-01-11 12:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 12:16 - 2017-01-11 12:16 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 12:16 - 2017-01-11 12:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 12:16 - 2017-01-11 12:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 12:16 - 2017-01-11 12:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 12:16 - 2017-01-11 12:16 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-09 19:09 - 2017-01-09 19:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Grammarly
2017-01-09 19:06 - 2017-01-10 08:47 - 00000000 ____D C:\ProgramData\Patrick
2017-01-09 19:06 - 2017-01-10 08:46 - 00000000 ____D C:\Users\Patrick\AppData\Local\SquirrelTemp
2017-01-09 19:06 - 2017-01-09 19:06 - 00000000 ____D C:\ProgramData\SquirrelMachineInstalls
2017-01-09 10:57 - 2017-01-09 10:57 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2017-01-08 20:38 - 2017-02-03 11:13 - 00000000 ____D C:\ProgramData\TEMP
2017-01-08 20:14 - 2017-01-08 20:14 - 00000000 ____D C:\CryptoPreventQuarantine
2017-01-08 20:07 - 2017-01-08 20:07 - 00000000 ____D C:\ProgramData\GlarySoft
2017-01-08 19:32 - 2017-01-08 19:34 - 00000000 ____D C:\Program Files\Everything
2017-01-08 19:32 - 2017-01-08 19:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-01-04 23:27 - 2017-01-04 23:47 - 41181343 _____ C:\Users\Patrick\Downloads\01 Alices Adventures In Wonderland.m4b
2017-01-03 16:56 - 2017-01-03 16:56 - 00000674 _____ C:\Windows\system32\.crusader
2016-12-13 17:50 - 2016-12-13 17:50 - 20302848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 17:50 - 2016-12-13 17:50 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 17:50 - 2016-12-13 17:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 17:50 - 2016-12-13 17:50 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 17:50 - 2016-12-13 17:50 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 17:50 - 2016-12-13 17:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 17:50 - 2016-12-13 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 17:50 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 17:50 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-10 05:21 - 2016-12-14 18:47 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{d27e0177-beda-11e6-8011-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-12-10 05:21 - 2016-12-14 18:47 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{d27e0177-beda-11e6-8011-00256460faa9}.TM.blf
2016-12-10 05:21 - 2016-12-10 07:10 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{d27e0177-beda-11e6-8011-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-12-08 21:38 - 2016-12-08 21:38 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{2991b278-bdc5-11e6-8019-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-12-08 21:38 - 2016-12-08 21:38 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{2991b278-bdc5-11e6-8019-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-12-08 21:38 - 2016-12-08 21:38 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{2991b278-bdc5-11e6-8019-00256460faa9}.TM.blf
2016-12-08 14:54 - 2016-12-09 17:13 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2016-12-08 13:29 - 2016-12-08 19:53 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{dbf9537a-bd8c-11e6-bf92-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-12-08 13:29 - 2016-12-08 19:53 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{dbf9537a-bd8c-11e6-bf92-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-12-08 13:29 - 2016-12-08 19:53 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{dbf9537a-bd8c-11e6-bf92-00256460faa9}.TM.blf
2016-12-07 11:15 - 2016-12-07 12:03 - 00524288 ___SH C:\Users\Patrick\NTUSER.DAT{71beb100-bcaf-11e6-b2ce-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-12-07 11:15 - 2016-12-07 12:03 - 00524288 ___SH C:\Users\Patrick\NTUSER.DAT{71beb100-bcaf-11e6-b2ce-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-12-07 11:15 - 2016-12-07 12:03 - 00065536 ___SH C:\Users\Patrick\NTUSER.DAT{71beb100-bcaf-11e6-b2ce-00256460faa9}.TM.blf
2016-12-07 11:12 - 2016-12-07 11:13 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{71beb104-bcaf-11e6-b2ce-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-12-07 11:12 - 2016-12-07 11:13 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{71beb104-bcaf-11e6-b2ce-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-12-07 11:12 - 2016-12-07 11:13 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{71beb104-bcaf-11e6-b2ce-00256460faa9}.TM.blf
2016-12-06 17:17 - 2017-01-08 20:12 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2016-12-02 03:53 - 2017-01-22 18:09 - 00000333 _____ C:\DelFix.txt
2016-11-29 13:00 - 2016-12-06 12:30 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{9b038f9f-b666-11e6-941d-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-29 13:00 - 2016-12-06 12:30 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{9b038f9f-b666-11e6-941d-00256460faa9}.TM.blf
2016-11-29 13:00 - 2016-11-29 20:41 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{9b038f9f-b666-11e6-941d-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-26 11:00 - 2016-11-26 11:22 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f685116e-b409-11e6-9490-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-26 11:00 - 2016-11-26 11:22 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f685116e-b409-11e6-9490-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-26 11:00 - 2016-11-26 11:22 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f685116e-b409-11e6-9490-00256460faa9}.TM.blf
2016-11-25 11:17 - 2016-11-25 11:17 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-25 11:17 - 2016-11-25 11:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-25 11:17 - 2016-11-25 11:17 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-25 11:17 - 2016-11-25 11:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-25 11:17 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\system32\locale.nls
2016-11-19 15:32 - 2016-11-25 22:07 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{57fb2c7c-aeae-11e6-bb92-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-19 15:32 - 2016-11-25 22:07 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{57fb2c7c-aeae-11e6-bb92-00256460faa9}.TM.blf
2016-11-19 15:32 - 2016-11-19 15:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{57fb2c7c-aeae-11e6-bb92-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-19 08:06 - 2016-11-19 08:06 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{f498ce00-adcb-11e6-a7e6-00256460faa9}.TxR.2.regtrans-ms
2016-11-19 08:06 - 2016-11-19 08:06 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{f498ce00-adcb-11e6-a7e6-00256460faa9}.TxR.1.regtrans-ms
2016-11-19 08:06 - 2016-11-19 08:06 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{f498ce00-adcb-11e6-a7e6-00256460faa9}.TxR.0.regtrans-ms
2016-11-19 08:06 - 2016-11-19 08:06 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f498ce00-adcb-11e6-a7e6-00256460faa9}.TxR.blf
2016-11-18 13:07 - 2016-11-18 13:07 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f498ce01-adcb-11e6-a7e6-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-18 13:07 - 2016-11-18 13:07 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{f498ce01-adcb-11e6-a7e6-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-18 13:07 - 2016-11-18 13:07 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{f498ce01-adcb-11e6-a7e6-00256460faa9}.TM.blf
2016-11-18 09:23 - 2017-01-28 00:23 - 00026006 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-11-18 09:23 - 2016-11-18 09:23 - 00000000 ____D C:\VTRoot
2016-11-18 09:21 - 2016-11-18 09:21 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef4-ace5-11e6-bbd3-00256460faa9}.TxR.2.regtrans-ms
2016-11-18 09:21 - 2016-11-18 09:21 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef4-ace5-11e6-bbd3-00256460faa9}.TxR.1.regtrans-ms
2016-11-18 09:21 - 2016-11-18 09:21 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef4-ace5-11e6-bbd3-00256460faa9}.TxR.0.regtrans-ms
2016-11-18 09:21 - 2016-11-18 09:21 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef4-ace5-11e6-bbd3-00256460faa9}.TxR.blf
2016-11-17 09:11 - 2016-11-17 09:11 - 00001559 ____N C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2016-11-17 09:11 - 2016-11-17 09:11 - 00000670 _____ C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2016-11-17 08:54 - 2016-11-17 09:38 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef5-ace5-11e6-bbd3-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-17 08:54 - 2016-11-17 09:38 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef5-ace5-11e6-bbd3-00256460faa9}.TM.blf
2016-11-17 08:54 - 2016-11-17 08:54 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{e7a1aef5-ace5-11e6-bbd3-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-14 09:25 - 2016-11-14 11:03 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{b1b6bd75-aa8e-11e6-bb93-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-14 09:25 - 2016-11-14 11:03 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{b1b6bd75-aa8e-11e6-bb93-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-14 09:25 - 2016-11-14 11:03 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{b1b6bd75-aa8e-11e6-bb93-00256460faa9}.TM.blf
2016-11-12 19:47 - 2016-11-12 19:47 - 00000000 ____D C:\Windows\pss
2016-11-12 15:25 - 2016-11-12 15:28 - 00524288 ___SH C:\Users\Patrick\NTUSER.DAT{73ee5380-a92d-11e6-8068-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 15:25 - 2016-11-12 15:28 - 00524288 ___SH C:\Users\Patrick\NTUSER.DAT{73ee5380-a92d-11e6-8068-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 15:25 - 2016-11-12 15:28 - 00065536 ___SH C:\Users\Patrick\NTUSER.DAT{73ee5380-a92d-11e6-8068-00256460faa9}.TM.blf
2016-11-12 15:08 - 2016-11-12 15:11 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{90d15979-a922-11e6-8014-00256460faa9}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 15:08 - 2016-11-12 15:11 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{90d15979-a922-11e6-8014-00256460faa9}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 15:08 - 2016-11-12 15:11 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{90d15979-a922-11e6-8014-00256460faa9}.TM.blf
2016-11-12 08:00 - 2016-11-12 08:00 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-11-12 08:00 - 2016-11-12 08:00 - 00000000 ____D C:\Program Files\Secunia
2016-11-10 16:35 - 2016-11-10 16:35 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-10 16:35 - 2016-11-10 16:35 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-10 16:35 - 2016-11-10 16:35 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-10 16:35 - 2016-11-10 16:35 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 16:35 - 2016-11-10 16:35 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-10 16:35 - 2016-11-10 16:35 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-03 13:20 - 2016-09-10 12:09 - 00000000 ____D C:\ProgramData\VoodooShield
2017-02-03 13:19 - 2015-06-02 12:49 - 00921152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-03 13:17 - 2016-06-08 06:29 - 00012702 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-02-03 13:17 - 2015-11-16 07:56 - 00043035 _____ C:\Windows\ZAM.krnl.trace
2017-02-03 13:17 - 2015-06-23 14:13 - 00000000 ____D C:\Windows\CryptoGuard
2017-02-03 13:12 - 2015-06-03 11:04 - 00000000 ____D C:\ProgramData\MCShield
2017-02-03 13:11 - 2015-08-31 08:41 - 21165593 _____ C:\Windows\system32\Drivers\etc\HOSTS.ehm.bak
2017-02-03 13:11 - 2015-06-23 14:12 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-02-03 13:11 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 13:08 - 2015-09-12 18:59 - 00754664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00463936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00277176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00118288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00061128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-03 13:08 - 2015-09-12 18:59 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-03 13:00 - 2009-07-13 20:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-03 13:00 - 2009-07-13 20:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-03 12:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2017-02-03 12:09 - 2016-04-01 08:53 - 00000000 ____D C:\Users\Patrick\Desktop\Malware Removal Programs
2017-02-03 12:09 - 2015-06-12 09:55 - 00000000 ____D C:\Windows\erdnt
2017-02-03 12:05 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2017-02-03 11:48 - 2015-06-03 11:24 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Mozilla
2017-02-03 11:22 - 2015-09-18 10:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\PrivaZer
2017-02-03 11:21 - 2015-06-07 15:55 - 00000000 ____D C:\Program Files\PeerBlock
2017-02-03 11:21 - 2015-06-04 09:44 - 00000000 ____D C:\Program Files\System Ninja
2017-02-03 11:16 - 2016-10-10 20:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\uTorrent
2017-02-03 11:16 - 2016-01-10 13:11 - 00000000 ____D C:\Users\Patrick\AppData\Local\Mozilla
2017-02-03 11:16 - 2015-06-08 13:56 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Adobe
2017-02-03 11:16 - 2015-06-08 13:56 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Adobe
2017-02-03 11:16 - 2015-06-07 15:21 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\acccore
2017-02-03 11:15 - 2015-06-04 09:45 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Wipe
2017-02-03 11:14 - 2015-06-03 13:21 - 00000000 ____D C:\Program Files\Glary Utilities 5
2017-02-03 11:13 - 2015-06-02 12:58 - 00000000 ____D C:\Users\Patrick
2017-02-03 11:11 - 2015-06-24 19:53 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic
2017-02-02 23:42 - 2015-06-23 08:07 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-02 23:41 - 2016-09-06 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-02 23:41 - 2016-09-06 08:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-02 22:45 - 2015-08-07 22:56 - 00000000 ____D C:\Windows\Minidump
2017-02-02 22:16 - 2015-09-16 16:17 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-02-02 12:37 - 2015-06-02 13:20 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2017-02-02 12:30 - 2015-06-02 13:34 - 00000000 ____D C:\Users\Patrick\Documents\Calibre Library
2017-02-02 12:13 - 2016-06-14 12:27 - 00000000 ____D C:\Users\Patrick\Downloads\ShadowKeeper
2017-01-28 21:27 - 2015-06-03 10:59 - 00000000 ____D C:\ProgramData\Unchecky
2017-01-27 13:53 - 2015-06-03 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-01-26 21:32 - 2015-06-03 10:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-26 10:51 - 2015-10-24 13:15 - 00000000 ____D C:\Users\Patrick\Documents\Games
2017-01-26 10:49 - 2016-02-07 15:45 - 00000000 ____D C:\Users\Patrick\Desktop\Games
2017-01-26 09:36 - 2015-10-13 15:14 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-01-26 09:20 - 2015-06-03 13:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-24 13:31 - 2009-07-13 20:53 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-23 17:43 - 2016-09-25 09:40 - 00000000 ____D C:\Users\Patrick\Desktop\VPN & VM Tools
2017-01-23 10:20 - 2015-06-04 09:45 - 00000000 ____D C:\Program Files\Wipe
2017-01-23 10:17 - 2015-09-20 08:33 - 00001839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2017-01-23 10:16 - 2015-06-03 13:21 - 00001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-01-22 15:36 - 2009-07-13 18:03 - 51642368 _____ C:\Windows\system32\config\software.rmbak
2017-01-22 15:36 - 2009-07-13 18:03 - 04980736 _____ C:\Windows\system32\config\default.rmbak
2017-01-22 12:04 - 2015-06-26 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-01-22 12:04 - 2015-06-03 15:30 - 00000000 ____D C:\Program Files\Calibre2
2017-01-19 15:27 - 2015-06-03 10:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-19 15:27 - 2015-06-03 10:49 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-19 15:27 - 2015-06-03 10:49 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 12:42 - 2015-06-03 11:03 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\WinPatrol
2017-01-16 13:27 - 2015-06-22 13:03 - 00000000 ____D C:\Users\Patrick\AppData\Local\VirtualStore
2017-01-15 15:32 - 2015-06-02 13:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-11 16:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2017-01-08 20:14 - 2015-06-03 10:43 - 00000000 ____D C:\ProgramData\Comodo
2017-01-08 20:12 - 2015-08-30 09:02 - 00000000 ____D C:\Program Files\Opera
2017-01-08 20:12 - 2015-06-18 19:56 - 00000000 ____D C:\ProgramData\MicroWorld
2017-01-08 20:12 - 2015-06-11 18:41 - 00000000 ____D C:\EEK
2017-01-08 20:12 - 2015-06-03 11:00 - 00000000 ____D C:\ProgramData\Adobe
2017-01-08 20:12 - 2015-06-02 13:35 - 00000000 ____D C:\Hotfix
2017-01-08 20:12 - 2015-06-02 13:24 - 00000000 ____D C:\Program Files\Google

Some files in TEMP:
====================
2017-02-03 12:09 - 2017-02-03 12:12 - 0476672 _____ () C:\Users\Patrick\AppData\Local\temp\7za.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0020480 _____ (E Dev) C:\Users\Patrick\AppData\Local\temp\DaS_21.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0388608 _____ (Trend Micro Inc.) C:\Users\Patrick\AppData\Local\temp\hijackthis.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0030720 _____ (NirSoft) C:\Users\Patrick\AppData\Local\temp\NirCmd.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0256512 _____ () C:\Users\Patrick\AppData\Local\temp\PEVZ.EXE
2017-02-03 12:09 - 2017-02-03 12:12 - 0069632 _____ () C:\Users\Patrick\AppData\Local\temp\remove.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0098816 _____ () C:\Users\Patrick\AppData\Local\temp\sed.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0057344 _____ (Optimum X) C:\Users\Patrick\AppData\Local\temp\shortcut.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0161792 _____ (SteelWerX) C:\Users\Patrick\AppData\Local\temp\swreg.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0217088 _____ (SteelWerX) C:\Users\Patrick\AppData\Local\temp\swxcacls.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0154232 _____ (Noël Danjou) C:\Users\Patrick\AppData\Local\temp\wget.exe
2017-02-03 12:09 - 2017-02-03 12:12 - 0024064 _____ () C:\Users\Patrick\AppData\Local\temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {433a583b-0971-11e5-a284-9c5c1998d34b}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {433a583d-0971-11e5-a284-9c5c1998d34b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {433a583b-0971-11e5-a284-9c5c1998d34b}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {433a583d-0971-11e5-a284-9c5c1998d34b}
device ramdisk=[C:]\Recovery\433a583d-0971-11e5-a284-9c5c1998d34b\Winre.wim,{433a583e-0971-11e5-a284-9c5c1998d34b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\433a583d-0971-11e5-a284-9c5c1998d34b\Winre.wim,{433a583e-0971-11e5-a284-9c5c1998d34b}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {433a583b-0971-11e5-a284-9c5c1998d34b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {433a583e-0971-11e5-a284-9c5c1998d34b}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\433a583d-0971-11e5-a284-9c5c1998d34b\boot.sdi


LastRegBack: 2017-02-02 13:24

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by Patrick (03-02-2017 13:20:17)
Running from C:\Users\Patrick\Desktop\Malware Removal Programs
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-06-02 20:58:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2985130882-1756615807-8858886-500 - Administrator - Disabled)
Guest (S-1-5-21-2985130882-1756615807-8858886-501 - Limited - Disabled)
Patrick (S-1-5-21-2985130882-1756615807-8858886-1000 - Administrator - Enabled) => C:\Users\Patrick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
9-lab Removal Tool (HKLM\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIM 7 (HKLM\...\AIM_7) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.1.2285 - AVAST Software)
Baldur's Gate II (HKLM\...\Baldur's Gate II_is1) (Version: - GOG.com)
calibre (HKLM\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n)
COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.2.5 - Foolish IT LLC)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
DARK EARTH (HKLM\...\DARK EARTH) (Version: - )
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Glary Utilities 5.68 (HKLM\...\Glary Utilities 5) (Version: 5.68.0.89 - Glarysoft Ltd)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.)
Grammarly (HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\GrammarlyForWindows) (Version: 1.4.23 - Grammarly)
GSmartControl (HKLM\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.1.574 - SurfRight B.V.)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Kruptos 2 Professional (HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Kruptos 2 Professional 6.2.3) (Version: 6.2.3 - Kruptos 2 Software)
Kruptos 2 Professional (Version: 6.2.3 - Kruptos 2 Software) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PC Tools Registry Mechanic 11.0 (HKLM\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Planescape Torment (HKLM\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.15.0 - Goversoft LLC)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12.9.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.6.0 - Adlice Software)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Star Wars Galactic Battlegrounds: Saga (HKLM\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version: - )
STAR WARS® - Knights of the Old Republic™ (HKLM\...\1207666283_is1) (Version: 2.0.0.3 - GOG.com)
Starcraft (HKLM\...\Starcraft) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
System Ninja version 3.1.5 (HKLM\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.5 - SingularLabs)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Unchecky v1.0.2 (HKLM\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Vampire - The Masquerade Bloodlines (HKLM\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (Version: 1.00.0000 - Activision) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.50 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.50 - VoodooSoft, LLC)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 17.01 - PrivacyRoot.com)
Wireshark 2.0.3 (32-bit) (HKLM\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4862683D-496B-4F90-BC37-006D6D3B5CF2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-03] (AVAST Software)
Task: {5C1A8A26-5916-4124-9CBA-B4AA3C9A2CC6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {6CC0960B-B077-422C-AD33-EABFF5BCCCCC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
Task: {89BABECA-F21A-47AD-94B1-C83E1BF0417B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {97DE4D01-0526-4C02-92BB-C375D57249C8} - System32\Tasks\CryptoPrevent Update => C:\Program Files\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2017-01-31] (Foolish IT LLC)
Task: {9EB4D6E1-CD57-4CDB-B941-671F3B28D21E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-03 13:08 - 2017-02-03 13:08 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-03 12:54 - 2017-02-03 12:54 - 05833192 _____ () C:\Program Files\AVAST Software\Avast\defs\17020300\algo.dll
2017-02-03 13:08 - 2017-02-03 13:08 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-31 12:25 - 2016-12-31 12:25 - 00137040 _____ () C:\Program Files\VoodooShield\Features.dll
2016-07-04 09:10 - 2016-07-04 09:10 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-03 13:08 - 2017-02-03 13:08 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [151]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7923 more sites.

IE trusted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\secunia.com -> hxxps://secunia.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12738 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-31 08:41 - 2017-02-03 13:15 - 21176989 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 616588 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2985130882-1756615807-8858886-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CG6Service => 3
MSCONFIG\Services: CmdAgent => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: ehSched => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: K2Service.exe => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PCToolsSSDMonitorSvc => 2
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 3
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 3
MSCONFIG\Services: VoodooShieldService => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-01-2017 11:35:00 Scheduled Checkpoint
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2017 12:35:34 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:35:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:29:34 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:29:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:27:31 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:27:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:13:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).

Error: (02/03/2017 12:12:28 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:12:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2017 12:09:25 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).


System errors:
=============
Error: (02/03/2017 01:11:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (02/03/2017 01:11:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 01:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 12:52:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (02/03/2017 12:51:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 12:51:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 12:27:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/03/2017 12:27:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/03/2017 12:27:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/03/2017 12:27:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 3544.36 MB
Available physical RAM: 1854.66 MB
Total Virtual: 7087.05 MB
Available Virtual: 5223.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:110.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 864A2DB2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 04 February 2017 - 09:41 PM.


BC AdBot (Login to Remove)

 


#2 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 03 February 2017 - 09:07 PM

This is what I see under the properties of the dllhost.exe im Process Explorer. C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 04 February 2017 - 09:43 PM

Greetings Pat.

Please allow me just a bit of time to review what you have posted.

Edited by Oh My!, 04 February 2017 - 09:44 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 09:46 PM

Hey Gary, take all the time you need. If it helps I can post screenshots of the VT results I mentioned and the dllhost.exe that had me concerned in the first place. 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 04 February 2017 - 09:56 PM

Hi Pat.

Are you aware of the Hong Kong Open DNS Server settings on your computer?

Virustotal results showing 1/56 indicates the file is fine.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 10:00 PM

I was not aware of that. What I am aware of is this: Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [NameServer] 208.67.222.222,208.67.220.220,10.0.0.1 which I acquired after using DNSJumper.exe. If it's a serious threat or an issue we can remove it and go from there...



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 04 February 2017 - 10:22 PM

Hi Pat.

Thanks, we will get rid of those.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [NameServer] 208.67.222.222,208.67.220.220,10.0.0.1
Tcpip\..\Interfaces\{48AAE418-7A06-4B01-B67C-69F8C3DD738A}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{593F7501-4046-4535-BA5E-FCD7C80DB509}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{F8D1935D-8F20-43E6-943E-B57692889A9C}: [NameServer] 208.67.222.222,208.67.220.220,
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [151]
cmd: ipconfig /flushdns
cmd: sc query winmgmt
cmd: sfc /scannow
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 10:37 PM

Hi Gary,

 

It's been on the fixing in progress bar for over 12 minutes now, should I continue to wait?


Is it taking awhile because of the sfc command?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 04 February 2017 - 10:38 PM

Yes, probably because of the sfc command to check your files.

I will be logging off soon but will be back in the morning. If FRST hangs for another 10 minutes cancel it, remove the cmd: sfc /scannow line and run the fix again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 10:41 PM

Okay will do, thanks again!



#11 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 10:50 PM

It finished Gary. The sfc errors are probably still related to when I forcibly removed GWX app and updates a long while ago.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by Patrick (04-02-2017 19:25:36) Run:1
Running from C:\Users\Patrick\Desktop\Malware Removal Programs
Loaded Profiles: Patrick (Available Profiles: Patrick)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [NameServer] 208.67.222.222,208.67.220.220,10.0.0.1
Tcpip\..\Interfaces\{48AAE418-7A06-4B01-B67C-69F8C3DD738A}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{593F7501-4046-4535-BA5E-FCD7C80DB509}: [NameServer] 208.67.222.222,208.67.220.220,
Tcpip\..\Interfaces\{F8D1935D-8F20-43E6-943E-B57692889A9C}: [NameServer] 208.67.222.222,208.67.220.220,
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [151]
cmd: ipconfig /flushdns
cmd: sc query winmgmt
cmd: sfc /scannow
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}\\NameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48AAE418-7A06-4B01-B67C-69F8C3DD738A}\\NameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{593F7501-4046-4535-BA5E-FCD7C80DB509}\\NameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8D1935D-8F20-43E6-943E-B57692889A9C}\\NameServer => value removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..

========= ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


========= sc query winmgmt =========


SERVICE_NAME: winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example

C:\Windows\Logs\CBS\CBS.log


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:45:13 ====


Edited by PatL, 04 February 2017 - 10:56 PM.


#12 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 February 2017 - 10:51 PM

The DNS Cache is also disabled due to my excessive Hostman hostfile of over 20 MB. Which is why that probably didn't work....



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 05 February 2017 - 08:45 AM

Thanks for the information. Things look pretty good.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security check report

Edited by Oh My!, 05 February 2017 - 08:46 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 05 February 2017 - 04:23 PM

Here are the logs:

 

Emsisoft Emergency Kit - Version 12.0
Last update: 2/5/2017 12:43:35 PM
User account: Patrick-PC\Patrick
Computer name: PATRICK-PC
OS version: Windows 7x86 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    2/5/2017 12:45:43 PM

Scanned    70592
Found    0

Scan end:    2/5/2017 1:02:19 PM
Scan time:    0:16:36

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 MVPS Hosts File  
 SpywareBlaster 5.5    
 SUPERAntiSpyware     
 Secunia PSI (3.0.0.11005)   
 HostsMan 4.5.102    
 Zemana AntiMalware    
 CCleaner     
 Adobe Flash Player     24.0.0.194  
 Adobe Reader XI  
 Mozilla Firefox (51.0.1)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Comodo Firewall cmdagent.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Zemana AntiMalware ZAM.exe   
 Patrick Desktop Malware Removal Programs SecurityCheck.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast aswidsagent.exe  
 AVAST Software Avast AvastUI.exe  
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

What's our next step Master Gary?



#15 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 05 February 2017 - 04:32 PM

I apologize I placed this in my Malware Programs Folder and not directly to the Desktop, force of habit, I'm sorry. Should I re-run it?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users