Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No administrative rights when trying to change files on system drive


  • This topic is locked This topic is locked
6 replies to this topic

#1 Polaris-17

Polaris-17

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 12 February 2017 - 07:34 PM

I am sure I'm infected with well-built malware, probably crypted or something similar - not detecting by any anti-virus and anti-malware.

Symptoms:
1. Very slow while copying files (it was not happened earlier).
2. From yesterday, I've lost administrator rights even if I am a member of administrators group. Fortunately it can be fixed by running Combofix. If I run it, everything works correctly but only until next restart / login. Description: when I would like to change / delete files on system drive, I have warning that I should have administrative rights to do that. I have UAC disabled because I didn't need that ever and everything worked correctly till yesterday.
Any help will be appreciated. I'm rather advanced Windows user, often used AdwCleaner / Combofix and everything was fixed. Malware isn't detected by G Data Internet Security, Malwarebytes nor any of mentioned tools.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by John (administrator) on RANDOM (13-02-2017 01:02:53)
Running from D:\downloads
Loaded Profiles: John (Available Profiles: John & CT & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKBackup\AVKBackupService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Freedom Scientific, Inc.) C:\Program Files (x86)\Freedom Scientific\Shared\fsWow64Proxy\3.0\fsWow64Proxy.exe
(Freedom Scientific, Inc.) C:\Program Files (x86)\Freedom Scientific\Shared\fsSynth\2.0\fsSynth32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Freedom Scientific, Inc.) C:\Program Files\Freedom Scientific\JAWS\18.0\jfw.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Freedom Scientific) C:\Program Files (x86)\Freedom Scientific\Shared\FSOcr\FSOcrServer.exe
(Freedom Scientific, Inc.) C:\Program Files (x86)\Freedom Scientific\Shared\fsWow64Proxy\3.0\fsWow64Proxy.exe
(Freedom Scientific, Inc.) C:\Program Files (x86)\Freedom Scientific\Shared\fsSynth\2.0\fsSynth32.exe
(Freedom Scientific, Inc.) C:\Program Files\Freedom Scientific\JAWS\18.0\x86\jhookldr.exe
(Freedom Scientific, Inc.) C:\Program Files\Freedom Scientific\JAWS\18.0\fsATProxy.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879776 2016-06-23] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [400368 2016-12-18] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [23932760 2016-12-18] (RME)
HKLM\...\Run: [Set Drive G] => subst G: E:\
HKLM\...\Run: [HDD] => D:\HDDScan\HDDScan.exe [1272832 2010-07-20] ()
HKLM\...\Run: [JAWS] => C:\Program Files\Freedom Scientific\JAWS\18.0\jfw.exe [7851472 2016-12-21] (Freedom Scientific, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {4C9331A9-E642-4B75-89B6-DDD882DAFEB6} =>  -> No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {332A9128-72D4-4936-8617-9ECEC4498C2C} =>  -> No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {D1C388B4-13C9-4F71-A17E-B37044A3A97F} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hdd.bat [2017-01-11] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.54.1
Tcpip\..\Interfaces\{10B6AECD-34EB-46C4-9EA7-53549B610905}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2BB5BFAE-B0D4-41BC-8C3F-0D6CE382DA44}: [DhcpNameServer] 192.168.54.1
Tcpip\..\Interfaces\{546C51AB-DE99-4D45-BF0F-0FD9F699B8CC}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7B0E2CB9-FE91-465A-B37E-B6E5D672110B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9FE294DC-034F-4AE0-B674-3C489F1A5542}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{CEE54A78-A683-4C77-84F9-16581F5FE4C3}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F4EF6F69-BD5F-4A96-A04D-59A38FE5A2A4}: [DhcpNameServer] 208.67.222.222

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-622148090-2170510373-346326127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-622148090-2170510373-346326127-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-622148090-2170510373-346326127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: IeCatch5 Class -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2006-05-16] (FlashGet)
BHO-x32: MathPlayer BrowserHelperObject -> {32F66A28-7614-11D4-BD11-00104BD3F987} -> C:\Program Files (x86)\Design Science\MathPlayer\MathPlayerBHO.dll [2015-03-03] (Design Science, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: gFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2006-09-12] ()
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\Common Files\Techland\Translator\InternetTranslator.dll,-118 - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files (x86)\Common Files\Techland\Translator\InternetTranslator.dll [2009-05-19] (Techland)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-622148090-2170510373-346326127-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Filter-x32: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2015-03-03] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2015-03-03] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2015-03-03] (Design Science, Inc.)
Filter-x32: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2015-03-03] (Design Science, Inc.)
Filter-x32: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2015-03-03] (Design Science, Inc.)

FireFox:
========
FF DefaultProfile: z9iwrp0d.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default [2017-02-13]
FF Extension: (Firefox Hotfix) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-01-31]
FF Extension: (WebVisum) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default\Extensions\webvisum@webvisum.com.xpi [2017-01-31] [not signed]
FF Extension: (FlashGot) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-02-04]
FF Extension: (Adblock Plus) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-31]
FF Extension: (Copy All Links) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z9iwrp0d.default\Extensions\{e6a9a96e-4a08-4719-b9bd-0e91c35aaabc}.xpi [2017-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{20978f0f-2978-4992-ae97-7d373c44e04e}] - C:\Program Files (x86)\Common Files\Techland\Translator\MozillaTranslator
FF Extension: (Mozilla Translator) - C:\Program Files (x86)\Common Files\Techland\Translator\MozillaTranslator [2014-12-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-02-05]
FF HKLM-x32\...\Thunderbird\Extensions: [{20978f0f-2978-4992-ae97-7d373c44e04e}] - C:\Program Files (x86)\Common Files\Techland\Translator\MozillaTranslator
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HKU\S-1-5-21-622148090-2170510373-346326127-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [94888 2015-11-27] ()
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [4950632 2016-10-06] (G DATA Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [984904 2016-09-15] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3044496 2016-09-27] (G Data Software AG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [22800 2015-08-21] ()
R2 GDBackupSvc; C:\Program Files (x86)\G Data\InternetSecurity\AVKBackup\AVKBackupService.exe [4072264 2016-09-30] (G DATA Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3286120 2016-09-15] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [822600 2016-09-27] (G DATA Software AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [150256 2015-07-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 JTVNCProxy_18.0; C:\Program Files\Freedom Scientific\JAWS\18.0\JTVNCProxy.exe [25040 2016-12-21] (Freedom Scientific BLV Group LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 OpenVpnService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2016-12-27] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2016-12-27] (The OpenVPN Project)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 pr2athnt; C:\Windows\system32\pr2athnt.exe [788896 2009-07-03] (Techland Sp.z o.o.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S3 Loquendo TTS Engine Server; C:\Program Files (x86)\Loquendo\LTTS7\bin\TTSEngineServerWindowsService.exe -service -manual [X]
S3 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 S2Gvc32; "C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe" [X]
S3 wampapache64; "e:\wamp\bin\apache\apache2.4.9\bin\httpd.exe" -k runservice [X]
S3 wampmysqld64; e:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2015-01-13] (Motorola Solutions, Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2014-02-06] (CSR plc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [54544 2015-08-21] (Windows ® Win 7 DDK provider)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [123800 2016-12-18] (RME)
R1 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [29712 2014-08-18] (Freedom Scientific, Inc.)
S3 FSBRLDSP; C:\Windows\System32\DRIVERS\FSBRLDSP.sys [46880 2015-10-18] (Freedom Scientific BLV Group, LLC.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-05-14] ()
R3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15856 2014-08-18] (Freedom Scientific, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [180808 2017-02-04] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [37400 2017-02-04] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [30280 2017-02-04] (G DATA Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [304200 2017-02-04] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [88136 2017-02-04] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [74824 2017-02-04] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [116296 2017-02-04] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [153160 2017-02-04] (G Data Software AG)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [259312 2015-07-31] (Intel Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3426576 2016-05-03] (Intel Corporation)
R0 pe3athnt; C:\Windows\System32\drivers\pe3athnt.sys [79008 2009-07-03] (Techland Sp.z o.o.)
R0 pf2athnt; C:\Windows\System32\drivers\pf2athnt.sys [107680 2009-07-03] (Techland Sp.z o.o.)
S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [16752 2016-12-21] (Freedom Scientific BLV Group, LLC.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [81920 2009-09-18] (Roland Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-19] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-11-22] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2016-04-05] (USBPcap)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-02-16] (IDRIX)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [93248 2016-09-02] (VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 hwinterface; System32\Drivers\hwinterface.sys [X]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 WIMMount; \??\C:\Program Files\Levtec\Winstaller\imgsvc64\wimmount.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 00:55 - 2017-02-13 00:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2017-02-13 00:54 - 2017-02-13 00:54 - 00001423 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-13 00:54 - 2017-02-13 00:54 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Freedom Scientific
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-02-13 00:54 - 2017-02-13 00:54 - 00000000 ____D C:\Users\Administrator
2017-02-13 00:54 - 2014-12-18 00:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-02-13 00:39 - 2017-02-13 00:39 - 00067348 _____ C:\ComboFix.txt
2017-02-13 00:32 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-13 00:32 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-13 00:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-13 00:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-13 00:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-13 00:32 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-13 00:32 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-13 00:32 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-12 21:25 - 2017-02-12 21:25 - 00000000 ____D C:\Users\CT\AppData\Roaming\Freedom Scientific
2017-02-12 21:25 - 2017-02-12 21:25 - 00000000 ____D C:\Users\CT\AppData\Roaming\Apple Computer
2017-02-08 01:27 - 2017-02-08 01:27 - 00000000 __HDC C:\ProgramData\{C0A56C90-63A5-498A-9F30-3E1C9B7A3718}
2017-02-08 01:22 - 2017-02-08 01:22 - 00000000 __HDC C:\ProgramData\{DA31E3B5-AD7E-4759-A162-75CF964B70AC}
2017-02-08 01:20 - 2017-02-08 01:20 - 00000000 __HDC C:\ProgramData\{6AD36C45-4D01-4438-A91A-37F41EACF162}
2017-02-08 01:19 - 2017-02-08 01:24 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-02-08 00:28 - 2017-02-08 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-07 00:41 - 2017-02-07 00:41 - 00000000 ___DC C:\ProgramData\{0759FEF6-DE4D-416A-BBAF-6F185B9B44CC}
2017-02-06 19:47 - 2017-02-06 19:48 - 00000000 ____D C:\Program Files (x86)\HotSpotClicker
2017-02-06 19:47 - 2017-02-06 19:47 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JSonar
2017-02-06 19:47 - 2017-02-06 19:47 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HotSpotClicker
2017-02-06 19:47 - 2017-02-06 19:47 - 00000000 ____D C:\Program Files (x86)\JSonar
2017-02-06 19:41 - 2017-02-07 09:55 - 00000000 ____D C:\Users\John\AppData\Roaming\Freedom Scientific
2017-02-06 19:40 - 2017-02-06 19:40 - 00000000 ___HD C:\Program Files\Freedom Scientific Installation Information
2017-02-06 19:40 - 2017-02-06 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 18.0
2017-02-06 19:40 - 2017-02-06 19:40 - 00000000 ____D C:\ProgramData\Freedom Scientific
2017-02-06 19:40 - 2017-02-06 19:40 - 00000000 ____D C:\Program Files\ssce
2017-02-06 19:35 - 2017-02-06 19:40 - 00000000 ____D C:\Program Files\Freedom Scientific
2017-02-06 19:35 - 2017-02-06 19:39 - 00000000 ____D C:\Program Files (x86)\Freedom Scientific
2017-02-06 19:35 - 2017-02-06 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSReader 3.0
2017-02-06 12:48 - 2017-02-06 12:48 - 00000000 ____D C:\Users\John\AppData\Roaming\Native Keys
2017-02-04 23:33 - 2017-02-04 23:33 - 00116296 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2017-02-04 23:33 - 2017-02-04 23:33 - 00028208 _____ (G DATA Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2017-02-04 23:24 - 2017-02-04 23:24 - 00074824 _____ (G DATA Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2017-02-04 23:24 - 2017-02-04 23:24 - 00037400 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2017-02-04 23:24 - 2017-02-04 23:24 - 00030280 _____ (G DATA Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2017-02-04 23:24 - 2017-02-04 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2017-02-04 23:23 - 2017-02-04 23:23 - 00304200 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2017-02-04 23:23 - 2017-02-04 23:23 - 00180808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2017-02-04 23:23 - 2017-02-04 23:23 - 00153160 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2017-02-04 23:23 - 2017-02-04 23:23 - 00088136 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2017-02-04 23:05 - 2017-02-04 23:10 - 00000000 ____D C:\AdwCleaner
2017-02-04 21:52 - 2017-02-13 01:02 - 00000000 ____D C:\FRST
2017-02-04 18:50 - 2017-02-06 03:19 - 00000000 ____D C:\Program Files (x86)\East West
2017-02-03 11:55 - 2017-02-03 11:56 - 00000032 _____ C:\ProgramData\autobk.inc
2017-01-31 16:58 - 2017-02-11 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:58 - 2017-01-31 16:58 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-31 16:58 - 2017-01-31 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-30 02:42 - 2017-01-30 02:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x-sight interactive
2017-01-30 02:42 - 2017-01-30 02:42 - 00000000 ____D C:\Program Files (x86)\x-sight interactive
2017-01-30 02:42 - 2008-01-14 16:44 - 00050176 _____ C:\Windows\SysWOW64\oggdecoder.dll
2017-01-30 02:42 - 2007-07-23 18:12 - 00207360 _____ (Atma Software) C:\Windows\SysWOW64\oc.ocx
2017-01-30 02:42 - 2006-02-28 13:00 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2017-01-18 10:29 - 2017-01-30 21:50 - 00000000 ____D C:\Users\John\GameMaker-Studio 1.4
2017-01-18 10:29 - 2017-01-18 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Player
2017-01-17 17:18 - 2017-02-13 00:39 - 00000000 ____D C:\Qoobox
2017-01-16 14:23 - 2017-01-16 14:40 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2064-01-01 10:25 - 2016-07-04 09:11 - 00000000 ____D C:\ProgramData\eLicenser
2017-02-13 00:57 - 2015-10-16 18:03 - 00001144 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-13 00:57 - 2015-05-19 01:26 - 00000095 _____ C:\Users\John\.accessibility.properties
2017-02-13 00:57 - 2014-12-05 18:22 - 00000000 ____D C:\Users\John
2017-02-13 00:54 - 2014-12-18 00:34 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-13 00:49 - 2014-12-06 18:36 - 00000000 ____D C:\Program Files (x86)\FlashGet
2017-02-13 00:37 - 2009-07-14 05:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-13 00:37 - 2009-07-14 05:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-13 00:37 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-02-13 00:29 - 2016-03-30 18:10 - 00000000 ____D C:\ProgramData\VMware
2017-02-13 00:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 22:15 - 2015-09-13 13:11 - 14671246 _____ C:\Windows\ntbtlog.txt
2017-02-12 21:27 - 2015-10-16 18:03 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-12 21:25 - 2016-01-13 19:53 - 00000008 __RSH C:\Users\CT\ntuser.pol
2017-02-12 21:25 - 2015-09-22 09:27 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-12 21:25 - 2015-09-13 14:49 - 00000000 ____D C:\Users\CT
2017-02-12 21:15 - 2016-01-15 10:17 - 00000600 _____ C:\Users\John\AppData\Roaming\winscp.rnd
2017-02-11 17:24 - 2015-10-27 23:59 - 00000000 ____D C:\Program Files\Miranda NG TNM
2017-02-11 00:03 - 2015-03-09 16:31 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-02-10 15:06 - 2014-12-29 13:03 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2017-02-10 14:49 - 2016-11-24 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-10 10:31 - 2016-12-24 19:49 - 00000000 ____D C:\Users\John\nvdaremote
2017-02-08 03:21 - 2014-12-06 02:06 - 00945040 _____ C:\Windows\system32\perfh015.dat
2017-02-08 03:21 - 2014-12-06 02:06 - 00229290 _____ C:\Windows\system32\perfc015.dat
2017-02-08 03:21 - 2009-07-14 06:13 - 00006716 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 03:17 - 2014-12-06 23:13 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2017-02-08 01:27 - 2014-12-08 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-02-08 00:28 - 2015-10-16 18:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 10:02 - 2016-12-24 00:58 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.O.M
2017-02-07 01:43 - 2015-02-02 12:35 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 05:18 - 2016-08-06 00:06 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2017-02-06 03:21 - 2014-12-07 23:19 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2017-02-05 18:16 - 2016-03-17 13:37 - 00000000 ____D C:\Users\John\AppData\LocalLow\uTorrent
2017-02-05 16:02 - 2014-12-06 02:25 - 00000000 ____D C:\ProgramData\G Data
2017-02-05 05:03 - 2016-03-30 18:14 - 00000000 ____D C:\Users\John\AppData\Roaming\VMware
2017-02-04 23:23 - 2014-12-06 02:29 - 00000000 ____D C:\Program Files (x86)\G Data
2017-02-04 23:09 - 2015-11-18 16:51 - 00000008 __RSH C:\Users\John\ntuser.pol
2017-02-04 22:50 - 2016-02-02 10:28 - 00000000 ____D C:\Windows\SysWOW64\data
2017-02-04 22:50 - 2014-12-09 11:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-04 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2017-02-04 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-04 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-04 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2017-02-04 14:42 - 2014-12-05 18:32 - 00000000 ____D C:\Program Files (x86)\NVDA
2017-02-03 11:56 - 2014-12-08 02:38 - 00000048 _____ C:\Windows\system32\w3data.vss
2017-02-03 11:56 - 2014-12-08 02:38 - 00000048 _____ C:\Windows\system32\msvcsv60.dll
2017-02-03 11:56 - 2014-12-08 02:38 - 00000048 _____ C:\Windows\msocreg32.dat
2017-02-03 11:55 - 2015-08-10 17:59 - 00000000 ____D C:\Users\John\AppData\Roaming\Celemony Software GmbH
2017-02-02 23:02 - 2016-01-13 19:30 - 00000000 ____D C:\temp
2017-02-02 19:34 - 2016-12-12 20:32 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-02 19:34 - 2016-02-03 15:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-31 17:01 - 2014-12-06 11:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2017-01-31 03:44 - 2015-02-11 19:54 - 00000000 ____D C:\Users\John\AppData\Roaming\IrfanView
2017-01-31 00:59 - 2015-03-06 18:23 - 00000000 ____D C:\Users\John\AppData\Roaming\foobar2000
2017-01-30 23:47 - 2015-02-11 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-01-29 21:13 - 2016-12-25 17:06 - 00000000 ____D C:\Users\John\AppData\Roaming\Speech2Go
2017-01-27 16:13 - 2015-08-27 13:49 - 02249728 _____ (Matthew T. Ashland) C:\Windows\system32\MACDll.dll
2017-01-27 16:13 - 2015-08-27 13:49 - 02249728 _____ (Matthew T. Ashland) C:\Windows\MACDll.dll
2017-01-25 02:19 - 2016-11-30 11:06 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-01-24 01:33 - 2016-12-08 13:53 - 00000000 ____D C:\Users\John\AppData\Roaming\CodeBlocks
2017-01-23 22:10 - 2014-12-07 20:47 - 00000000 ____D C:\Program Files\WinRAR
2017-01-23 20:44 - 2014-12-07 20:47 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-23 20:44 - 2014-12-07 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-23 12:15 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-21 13:36 - 2015-01-22 15:42 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 14:34 - 2016-10-25 11:54 - 00002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-19 01:44 - 2014-12-28 01:21 - 00000000 _RSHD C:\Users\John\AppData\Roaming\GoldWave
2017-01-18 00:07 - 2014-12-08 01:33 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 23:41 - 2015-10-23 14:53 - 00000000 ____D C:\pdf2ocr

==================== Files in the root of some directories =======

2015-08-10 15:48 - 2015-08-10 15:49 - 0000131 _____ () C:\Program Files\Common Files\symbolicLink-create.bat
2014-12-06 02:29 - 2014-12-06 02:29 - 0000000 _____ () C:\Users\John\AppData\Roaming\gdfw.log
2014-12-06 02:29 - 2017-02-04 23:23 - 0001558 _____ () C:\Users\John\AppData\Roaming\gdscan.log
2015-02-25 13:33 - 2016-01-11 15:40 - 1364890 _____ () C:\Users\John\AppData\Roaming\Tiger Software Suite.log
2016-01-11 15:32 - 2016-01-11 15:32 - 0018110 _____ () C:\Users\John\AppData\Roaming\TSSUpdate.log
2016-01-15 10:17 - 2017-02-12 21:15 - 0000600 _____ () C:\Users\John\AppData\Roaming\winscp.rnd
2015-07-28 15:22 - 2015-07-28 15:22 - 0000193 _____ () C:\Users\John\AppData\Local\DC1Asettings.ini
2016-05-29 22:11 - 2017-02-10 12:04 - 0013312 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-27 00:04 - 2015-05-27 00:04 - 0000036 _____ () C:\Users\John\AppData\Local\housecall.guid.cache
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_essentials.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_mixbus3.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_bc3.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_ds.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_eg.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_eq.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000106 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_lc.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_mc.txt
2016-03-23 15:09 - 2016-03-23 15:09 - 0000105 _____ () C:\Users\John\AppData\Local\license_key_harrison_xt_me.txt
2014-12-09 13:58 - 2014-12-09 13:58 - 0000335 _____ () C:\Users\John\AppData\Local\Perfmon.PerfmonCfg
2015-01-12 23:44 - 2017-02-05 15:10 - 0000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2016-03-23 15:09 - 2016-03-23 15:09 - 0000218 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-12-05 21:50 - 2014-12-05 21:50 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2017-01-16 22:23 - 2017-01-16 22:23 - 0000010 _____ () C:\Users\John\AppData\Local\sponge.last.runtime.cache
2015-11-10 16:38 - 2015-11-10 16:40 - 0000000 _____ () C:\Users\John\AppData\Local\{1BC34592-2EB1-4128-85D5-640D75699E91}
2015-11-04 13:06 - 2015-11-04 13:06 - 0000000 _____ () C:\Users\John\AppData\Local\{2002A25D-6531-4D61-AA9B-D0FDE9F64A18}
2016-01-29 11:50 - 2016-01-29 11:50 - 0000000 _____ () C:\Users\John\AppData\Local\{716C68A9-0F8B-43DC-BB54-BF99B60D926B}
2017-01-16 14:41 - 2017-01-16 14:41 - 0000000 _____ () C:\Users\John\AppData\Local\{84577DC8-13AB-4334-AB30-36CF87749E40}
2017-01-16 14:41 - 2017-01-16 14:41 - 0000000 _____ () C:\Users\John\AppData\Local\{D45B695A-BD83-444D-91A0-A0F7C7565A43}
2015-02-26 01:17 - 2015-02-26 01:17 - 0000008 _____ () C:\ProgramData\.IrcamLab TS
2017-02-03 11:55 - 2017-02-03 11:56 - 0000032 _____ () C:\ProgramData\autobk.inc
2016-11-11 10:52 - 2016-11-11 10:52 - 0010218 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 19:04

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 AM

Posted 13 February 2017 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses

You should also enable your G DATA INTERNET SECURITY
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {4C9331A9-E642-4B75-89B6-DDD882DAFEB6} =>  -> No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {332A9128-72D4-4936-8617-9ECEC4498C2C} =>  -> No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {D1C388B4-13C9-4F71-A17E-B37044A3A97F} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-622148090-2170510373-346326127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S3 Loquendo TTS Engine Server; C:\Program Files (x86)\Loquendo\LTTS7\bin\TTSEngineServerWindowsService.exe -service -manual [X]
S3 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 S2Gvc32; "C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe" [X]
S3 wampapache64; "e:\wamp\bin\apache\apache2.4.9\bin\httpd.exe" -k runservice [X]
S3 wampmysqld64; e:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 hwinterface; System32\Drivers\hwinterface.sys [X]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 WIMMount; \??\C:\Program Files\Levtec\Winstaller\imgsvc64\wimmount.sys [X]
Task: {385F3A7A-741F-4AFC-9E0F-0A92486B472C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\Program Files\Common Files\symbolicLink-create.bat:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Public\DRM:?????? [48]
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 AM

Posted 19 February 2017 - 10:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 AM

Posted 20 February 2017 - 07:32 AM

Topic re-opened.

#5 Polaris-17

Polaris-17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 20 February 2017 - 05:56 PM

Hm. Now Windows seams to be more stable, bt pasting the log like you've requested. May be there is something I don't know about?.

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
Ran by John (19-02-2017 23:17:22) Run:1
Running from D:\downloads
Loaded Profiles: John (Available Profiles: John & CT & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-10-24] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {4C9331A9-E642-4B75-89B6-DDD882DAFEB6} =>  -> No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {332A9128-72D4-4936-8617-9ECEC4498C2C} =>  -> No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {D1C388B4-13C9-4F71-A17E-B37044A3A97F} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-622148090-2170510373-346326127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S3 Loquendo TTS Engine Server; C:\Program Files (x86)\Loquendo\LTTS7\bin\TTSEngineServerWindowsService.exe -service -manual [X]
S3 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 S2Gvc32; "C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe" [X]
S3 wampapache64; "e:\wamp\bin\apache\apache2.4.9\bin\httpd.exe" -k runservice [X]
S3 wampmysqld64; e:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 hwinterface; System32\Drivers\hwinterface.sys [X]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 WIMMount; \??\C:\Program Files\Levtec\Winstaller\imgsvc64\wimmount.sys [X]
Task: {385F3A7A-741F-4AFC-9E0F-0A92486B472C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\Program Files\Common Files\symbolicLink-create.bat:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Public\DRM:?????? [48]
C:\Windows\AutoKMS

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 0Cloudfogger => key removed successfully
HKCR\CLSID\{4C9331A9-E642-4B75-89B6-DDD882DAFEB6} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 1Cloudfogger => key removed successfully
HKCR\CLSID\{332A9128-72D4-4936-8617-9ECEC4498C2C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 2Cloudfogger => key removed successfully
HKCR\CLSID\{D1C388B4-13C9-4F71-A17E-B37044A3A97F} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-622148090-2170510373-346326127-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\System\CurrentControlSet\Services\ADExchange => key removed successfully
ADExchange => service removed successfully
HKLM\System\CurrentControlSet\Services\Loquendo TTS Engine Server => key removed successfully
Loquendo TTS Engine Server => service removed successfully
HKLM\System\CurrentControlSet\Services\Mobizen plugin => key removed successfully
Mobizen plugin => service removed successfully
HKLM\System\CurrentControlSet\Services\NMIndexingService => key removed successfully
NMIndexingService => service removed successfully
HKLM\System\CurrentControlSet\Services\S2Gvc32 => key removed successfully
S2Gvc32 => service removed successfully
HKLM\System\CurrentControlSet\Services\wampapache64 => key removed successfully
wampapache64 => service removed successfully
HKLM\System\CurrentControlSet\Services\wampmysqld64 => key removed successfully
wampmysqld64 => service removed successfully
HKLM\System\CurrentControlSet\Services\ArcCtrl => key removed successfully
ArcCtrl => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\dgderdrv => key removed successfully
dgderdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\ewusbmbb => key removed successfully
ewusbmbb => service removed successfully
HKLM\System\CurrentControlSet\Services\ewusbnet => key removed successfully
ewusbnet => service removed successfully
HKLM\System\CurrentControlSet\Services\ew_hwusbdev => key removed successfully
ew_hwusbdev => service removed successfully
HKLM\System\CurrentControlSet\Services\ew_usbenumfilter => key removed successfully
ew_usbenumfilter => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_cdcacm => key removed successfully
huawei_cdcacm => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_cdcecm => key removed successfully
huawei_cdcecm => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_enumerator => key removed successfully
huawei_enumerator => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_ext_ctrl => key removed successfully
huawei_ext_ctrl => service removed successfully
HKLM\System\CurrentControlSet\Services\hwdatacard => key removed successfully
hwdatacard => service removed successfully
HKLM\System\CurrentControlSet\Services\hwinterface => key removed successfully
hwinterface => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => key removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\npf_wifi => key removed successfully
npf_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxNetFlt => key removed successfully
VBoxNetFlt => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\vserial => key removed successfully
vserial => service removed successfully
HKLM\System\CurrentControlSet\Services\WIMMount => key removed successfully
WIMMount => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{385F3A7A-741F-4AFC-9E0F-0A92486B472C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{385F3A7A-741F-4AFC-9E0F-0A92486B472C} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
C:\Program Files\Common Files\symbolicLink-create.bat => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Public\DRM => ":??????" ADS could not remove.
"C:\Windows\AutoKMS" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4375151 B
Java, Flash, Steam htmlcache => 2472 B
Windows/system/drivers => 1184 B
Edge => 0 B
Chrome => 48213481 B
Firefox => 167075588 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66788 B
LocalService => 0 B
NetworkService => 0 B
John => 205855932 B
CT => 1533982 B
Administrator => 33150 B

RecycleBin => 0 B
EmptyTemp: => 415.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:17:33 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 AM

Posted 21 February 2017 - 08:06 AM

If no problems then you should be good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Polaris-17

Polaris-17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 25 February 2017 - 03:56 PM

Computer appears to work well. Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users