Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% Disk Usage, Antivirus Programs disable on boot


  • This topic is locked This topic is locked
19 replies to this topic

#1 broman400

broman400

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 03 March 2017 - 04:10 PM

Hi, I've scanned my computer with Norton Security, Malwarebytes, and AdwCleaner and still have extreme slowdowns, removed some viruses, trojans, malware but still no help. Also when I restart my computer either my Norton Security is corrupted or Malwarebytes cannot enable one of the protection modules. I also almost all the time have 100% Disk Usage and have noticed a lot of CompatTelRunner.exe processes running a lot. Recently, Norton found a Bloodhound.MalPE and removed it. Here is my FRST.txt information:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by broma_000 (administrator) on BRIAN-PC (03-03-2017 16:04:51)
Running from C:\Users\broma_000\Desktop\Downloads
Loaded Profiles: broma_000 (Available Profiles: broma_000 & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\ns.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\broma_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\ns.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-01-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Facebook Update] => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-30] (Facebook Inc.)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [f.lux] => C:\Users\broma_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Google Update] => C:\Users\broma_000\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Spotify Web Helper] => C:\Users\broma_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-06-23] (Spotify Ltd)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-01-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\RunOnce: [Uninstall C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Policies\Explorer: [HideSCAVolume] 0
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\FileSyncShell.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\FileSyncShell.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\broma_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\FileSyncShell.dll [2017-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-01-30]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c2427fe-66c5-426a-8c57-12f2f5516afb}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-23] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> is enabled.
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.11.0.0_neutral__c1wakc4j0nefm [2017-02-21]
FireFox:
========
FF ProfilePath: C:\Users\broma_000\AppData\Roaming\Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 [2017-03-01]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.ftp", "194.87.235.157 "
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.socks", "194.87.235.157 "
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.ssl", "194.87.235.157 "
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> ftp", "78.81.206.37"
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> ftp_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> socks", "78.81.206.37"
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> socks_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> ssl", "78.81.206.37"
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> ssl_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352 -> type", 0
FF Extension: (Adblock Plus) - C:\Users\broma_000\AppData\Roaming\Mozilla\Firefox\Profiles\fipuzroi.default-1447639330352\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-19]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-02-05]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon [2017-03-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-01] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\broma_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @tools.google.com/Google Update;version=3 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @tools.google.com/Google Update;version=9 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN77284705240691524&UM=2"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Google Slides) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-30]
CHR Extension: () - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2017-03-02]
CHR Extension: (Google Docs) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]
CHR Extension: (Google Drive) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (Turn Off the Lights) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-02-11]
CHR Extension: (YouTube) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: () - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-03-02]
CHR Extension: (Adobe Acrobat) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-11]
CHR Extension: (Google Sheets) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-02-22]
CHR Extension: (Bookmarks) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi [2016-05-30]
CHR Extension: (Norton Identity Safe) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-30]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-05-30]
CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-11]
CHR Extension: (Recently Closed Tabs) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2016-05-30]
CHR Extension: (Click&Clean App) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-02-11]
CHR Extension: (Gmail) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ftpsvc; C:\WINDOWS\system32\inetsrv\ftpsvc.dll [382976 2016-10-03] (Microsoft Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-19] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-02-05] (RaMMicHaeL)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\BASHDefs\20170301.003\BHDrvx64.sys [1874136 2017-02-28] (Symantec Corporation)
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-02-04] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-07-26] ()
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
U5 iastorA; C:\Windows\System32\Drivers\iastorA.sys [647736 2012-09-01] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\IPSDefs\20170302.001\IDSvia64.sys [1038024 2017-03-01] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-14] (ManyCam LLC)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-02] (Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew01.sys [3363112 2015-08-30] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 Rockusb; C:\WINDOWS\System32\drivers\rockusb.sys [66704 2014-09-22] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-01] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2015-01-18] (The OpenVPN Project) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-22] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2015-11-13] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-02 17:07 - 2012-08-20 00:45 - 07986176 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2017-03-02 17:07 - 2012-08-20 00:45 - 07712768 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 02188800 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-03-02 17:07 - 2012-08-20 00:45 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-03-02 17:07 - 2012-08-20 00:45 - 00671744 ____N (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll
2017-03-02 17:07 - 2012-08-20 00:45 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2017-03-02 17:07 - 2012-08-20 00:45 - 00224256 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2017-03-02 17:07 - 2012-07-17 13:49 - 00042513 _____ C:\WINDOWS\system32\Powell.xml
2017-03-02 17:07 - 2011-05-17 20:25 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2017-03-02 01:53 - 2013-08-02 11:07 - 00000000 ____D C:\Users\broma_000\Desktop\RKBatchTool v1.7
2017-03-02 01:48 - 2017-03-02 01:48 - 00000000 ____D C:\Users\broma_000\Desktop\universaladbdriver_v3.0
2017-03-02 01:46 - 2016-12-13 13:48 - 00000000 ____D C:\Users\broma_000\Desktop\DriverAssitant_v4.4
2017-03-02 01:44 - 2017-02-12 07:15 - 807082456 _____ C:\Users\broma_000\Desktop\wasser-3.0.6-minix-x7-rk3188.img
2017-03-02 01:33 - 2017-03-02 01:33 - 00000000 ____D C:\Users\broma_000\Desktop\T428 4.4.2 Finless 2.0
2017-03-01 19:24 - 2017-03-03 15:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-03-01 19:00 - 2017-03-01 19:00 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-03-01 19:00 - 2017-03-01 19:00 - 00002377 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-03-01 03:48 - 2017-03-01 03:48 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-03-01 03:41 - 2017-03-01 03:41 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-03-01 03:35 - 2017-03-01 03:35 - 00000000 __SHD C:\found.008
2017-03-01 02:29 - 2017-03-01 02:29 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-23 04:09 - 2017-02-23 04:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-23 01:19 - 2017-03-03 02:29 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-23 01:19 - 2017-03-02 17:10 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-23 01:19 - 2017-03-02 17:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-23 01:19 - 2017-03-01 03:41 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-23 01:18 - 2017-03-02 17:10 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 01:18 - 2017-02-23 01:18 - 00001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 01:18 - 2017-02-23 01:18 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\Obsidium
2017-02-23 01:18 - 2017-02-23 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 01:18 - 2017-02-23 01:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 01:18 - 2017-02-23 01:18 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 01:18 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-23 01:11 - 2017-02-23 01:11 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-23 01:11 - 2017-02-23 01:11 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-23 01:11 - 2017-02-23 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-23 01:11 - 2017-02-23 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-23 01:11 - 2017-02-23 01:11 - 00000000 ____D C:\Program Files\iTunes
2017-02-23 01:11 - 2017-02-23 01:11 - 00000000 ____D C:\Program Files\iPod
2017-02-23 01:11 - 2017-02-23 01:11 - 00000000 ____D C:\Program Files\CCleaner
2017-02-22 23:07 - 2017-02-22 23:07 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-22 22:46 - 2017-02-22 22:46 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2017-02-22 22:46 - 2017-02-22 22:46 - 00000712 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2017-02-22 22:45 - 2017-02-22 22:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-22 22:35 - 2017-02-22 22:39 - 00002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-02-22 22:35 - 2017-02-22 22:35 - 00001253 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.7.lnk
2017-02-22 22:35 - 2017-02-22 22:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-02-22 22:35 - 2017-02-22 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-02-22 22:35 - 2017-02-22 22:35 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-02-22 22:35 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-02-22 03:11 - 2017-02-22 03:11 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-22 02:33 - 2017-02-22 02:33 - 00000000 ____D C:\Users\broma_000\Desktop\ProcessExplorer
2017-02-22 02:27 - 2017-02-22 02:27 - 00000000 ____D C:\Users\broma_000\Desktop\Sysmon
2017-02-22 01:20 - 2017-02-06 14:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-22 01:20 - 2017-02-06 14:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 03:34 - 2017-03-01 04:05 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbroma_000.job
2017-02-21 03:34 - 2017-03-01 03:34 - 00003274 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbroma_000
2017-02-21 03:31 - 2017-02-21 03:38 - 00000225 _____ C:\WINDOWS\SysWOW64\_WKERNEL.SYL
2017-02-21 03:31 - 2017-02-21 03:31 - 00000000 ____D C:\Users\broma_000\Desktop\YLSK1.3
2017-02-21 03:30 - 2017-02-21 03:30 - 00001103 _____ C:\Users\Public\Desktop\WinUtilities.lnk
2017-02-21 03:30 - 2017-02-21 03:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities
2017-02-21 03:29 - 2017-02-22 01:06 - 00000000 ____D C:\Program Files (x86)\WinUtilities
2017-02-21 03:29 - 2010-07-25 22:23 - 00544768 _____ (Stardock Corporation) C:\WINDOWS\SysWOW64\wbocx.ocx
2017-02-21 03:29 - 2010-07-25 22:23 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2017-02-21 03:29 - 2010-07-25 22:23 - 00056496 _____ (Stardock.Net, Inc) C:\WINDOWS\SysWOW64\wbhelp2.dll
2017-02-21 03:29 - 2010-07-25 22:23 - 00033968 _____ (Neil Banfield) C:\WINDOWS\SysWOW64\anim.dll
2017-02-21 03:29 - 2010-07-25 22:23 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF32.DLL
2017-02-21 03:29 - 2010-07-25 22:23 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF16.DLL
2017-02-11 22:40 - 2017-02-11 22:40 - 00001096 _____ C:\Users\Public\Desktop\UnCleaner.lnk
2017-02-11 22:40 - 2017-02-11 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2017-02-11 22:40 - 2017-02-11 22:40 - 00000000 ____D C:\Program Files\UnCleaner
2017-02-11 22:10 - 2017-02-11 22:16 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2017-02-11 22:10 - 2017-02-11 22:10 - 00000928 _____ C:\Users\broma_000\Desktop\Acrylic Wi-Fi Home.lnk
2017-02-11 22:10 - 2017-02-11 22:10 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2017-02-11 22:10 - 2017-02-11 22:10 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\Acrylic Wi-Fi Home
2017-02-11 20:32 - 2017-02-11 20:32 - 00000000 ____D C:\Program Files\Linksys
2017-02-11 19:32 - 2017-02-11 19:32 - 00000000 ____D C:\ProgramData\Trend Micro
2017-02-06 17:18 - 2017-02-06 17:18 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-06 17:15 - 2017-02-06 17:15 - 00002417 _____ C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-06 17:15 - 2017-02-06 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-02-06 17:15 - 2017-02-06 17:15 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-02-06 17:14 - 2017-02-06 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2017-02-06 17:14 - 2017-02-06 17:14 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-02-06 16:22 - 2017-02-06 16:22 - 00001142 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-02-06 16:22 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2017-02-05 05:09 - 2017-02-05 05:09 - 00000434 _____ C:\TDSSKiller.3.1.0.6_05.02.2017_05.09.06_log.txt
2017-02-05 04:04 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-02-05 04:04 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-05 04:04 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-05 04:04 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-05 04:04 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-05 04:04 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-05 04:04 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-05 04:04 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-05 04:04 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-05 04:04 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-05 04:04 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-05 04:04 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-05 04:04 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-05 04:04 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-05 04:04 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-05 04:04 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-05 04:04 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-05 04:04 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-05 04:04 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-05 04:04 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-05 04:04 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-05 04:04 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-05 04:04 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-05 04:04 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-05 04:04 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-05 04:04 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-05 04:04 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-05 04:04 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-05 04:04 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-05 04:04 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-05 04:04 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-05 04:04 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-05 04:04 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-05 04:04 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-05 04:04 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-05 04:04 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-05 04:04 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-05 04:04 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-05 04:04 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-05 04:04 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-05 04:04 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-05 04:04 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-05 04:04 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-05 04:04 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-05 04:04 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-05 04:04 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-05 04:04 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-05 04:04 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-05 04:04 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-05 04:04 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-05 04:04 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-05 04:04 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-05 04:04 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-05 04:04 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-05 04:04 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-05 04:04 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-05 04:04 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-05 04:04 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-05 04:04 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-05 04:04 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-05 04:04 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-05 04:04 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-05 04:04 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-05 04:04 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-05 04:04 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-05 04:04 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-05 04:04 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-05 04:04 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-05 04:04 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-05 04:04 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-05 04:04 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-05 04:04 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-05 04:04 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-05 04:04 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-05 04:04 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-05 04:04 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-05 04:04 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-05 04:04 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-05 04:04 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-05 04:04 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-05 04:04 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-05 04:04 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-05 04:04 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-05 04:04 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-05 04:04 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-05 04:04 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-05 04:04 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-05 04:04 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-05 04:04 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-05 04:04 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-05 04:04 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-05 04:04 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-05 04:04 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-05 04:04 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-05 04:04 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-05 04:04 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-05 04:04 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-05 04:04 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-05 04:04 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-05 04:04 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-05 04:04 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-05 04:04 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-05 04:04 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-05 04:04 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-05 04:04 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-05 04:04 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-05 04:04 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-05 04:04 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-05 04:04 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-05 04:04 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-05 04:04 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-05 04:04 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-05 04:04 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-05 04:04 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-05 04:04 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-05 04:04 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-05 04:04 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-05 04:04 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-05 04:04 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-05 04:04 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-05 04:04 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-05 04:04 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-05 04:04 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-05 04:04 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-05 04:04 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-05 04:04 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-05 04:04 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-05 04:04 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-05 04:04 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-05 04:04 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-05 04:04 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-05 04:04 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-05 04:03 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-05 04:03 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-05 04:03 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-05 04:03 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-05 04:03 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-05 04:03 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-05 04:03 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-05 04:03 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-05 04:03 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-05 04:03 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-05 04:03 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-05 04:03 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-05 04:03 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-05 04:03 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-05 04:03 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-05 04:03 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-05 04:03 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-05 04:03 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-05 04:03 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-05 04:03 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-05 04:03 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-05 04:03 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-05 04:03 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-05 03:56 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-05 03:56 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-05 03:42 - 2017-02-05 03:42 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-02-04 20:05 - 2017-02-04 20:05 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 16:02 - 2016-10-03 02:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-03 02:48 - 2013-03-15 13:33 - 00000000 ____D C:\Users\broma_000\AppData\Local\Adobe
2017-03-03 02:19 - 2014-12-08 23:34 - 00000000 ____D C:\FRST
2017-03-03 02:19 - 2013-03-16 19:13 - 00000000 ____D C:\Users\broma_000\AppData\Local\CrashDumps
2017-03-03 02:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-02 17:37 - 2016-10-03 03:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-03-02 17:13 - 2014-06-11 00:00 - 00000000 __SHD C:\Users\broma_000\IntelGraphicsProfiles
2017-03-02 17:09 - 2016-10-03 03:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 17:08 - 2016-07-16 01:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 17:07 - 2016-10-03 02:31 - 00000000 ____D C:\Program Files\IDT
2017-03-02 14:54 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-03-02 02:06 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 01:51 - 2014-08-22 22:37 - 00000000 ____D C:\Users\broma_000\.android
2017-03-02 01:40 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 19:56 - 2016-03-28 01:42 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-01 19:18 - 2016-10-03 02:37 - 00000000 ____D C:\Users\broma_000
2017-03-01 19:16 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-01 19:15 - 2014-12-10 00:53 - 00000000 ____D C:\AdwCleaner
2017-03-01 19:03 - 2016-10-03 02:36 - 01249206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-01 19:00 - 2016-10-02 00:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-03-01 19:00 - 2016-10-02 00:21 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-03-01 19:00 - 2015-03-16 16:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-03-01 04:05 - 2014-07-06 22:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-01 03:50 - 2014-12-14 03:08 - 00007605 _____ C:\Users\broma_000\AppData\Local\Resmon.ResmonCfg
2017-03-01 03:48 - 2016-10-02 00:23 - 00008298 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-03-01 03:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-01 03:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-01 03:41 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-23 04:10 - 2014-10-04 14:16 - 00000000 ____D C:\Program Files\Java
2017-02-23 04:09 - 2014-10-04 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-23 04:07 - 2013-10-18 20:15 - 00000000 ____D C:\ProgramData\Oracle
2017-02-23 04:06 - 2014-10-04 14:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-23 04:04 - 2014-09-10 19:37 - 00000000 ____D C:\ProgramData\Unchecky
2017-02-23 01:56 - 2013-01-30 13:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-23 01:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-23 01:16 - 2015-06-06 21:48 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\MPC-BE
2017-02-23 01:16 - 2013-03-15 16:42 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\Media Player Classic
2017-02-23 01:16 - 2013-03-15 14:18 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\uTorrent
2017-02-23 01:11 - 2014-07-07 14:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-22 23:08 - 2013-01-30 13:20 - 00017394 _____ C:\WINDOWS\system32\results.xml
2017-02-22 23:04 - 2013-07-13 18:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 23:01 - 2013-03-15 16:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 22:48 - 2015-08-29 02:15 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-02-22 22:35 - 2016-10-03 02:31 - 00000000 ____D C:\Program Files\Intel
2017-02-22 22:35 - 2013-01-30 13:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-22 15:10 - 2016-01-24 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-02-22 01:20 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 22:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-21 03:31 - 2013-03-15 13:32 - 00000000 ____D C:\Users\broma_000\AppData\Local\Packages
2017-02-11 22:59 - 2013-03-15 21:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-11 22:54 - 2016-10-03 02:28 - 05012760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-11 22:52 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-11 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-11 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-11 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-11 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-11 22:41 - 2016-10-03 06:27 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-11 22:41 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-02-11 20:28 - 2016-12-25 18:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-02-11 19:41 - 2016-05-30 14:11 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-11 19:41 - 2016-05-30 14:11 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-11 19:40 - 2013-03-15 16:32 - 00000000 ____D C:\Users\broma_000\Documents\My Digital Editions
2017-02-11 19:40 - 2012-10-23 21:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-06 17:15 - 2014-03-02 21:00 - 00000000 ___RD C:\Users\broma_000\SkyDrive
2017-02-06 17:14 - 2013-03-15 14:30 - 00000000 ____D C:\Users\broma_000\AppData\Local\Bandizip
2017-02-06 16:22 - 2015-11-24 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-02-06 02:00 - 2013-03-15 13:33 - 00000000 ____D C:\Users\broma_000\AppData\Roaming\Adobe
2017-02-05 04:31 - 2016-10-04 19:29 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-02-05 03:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-05 03:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-05 03:14 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-05 03:14 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-05 03:14 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-05 03:14 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
==================== Files in the root of some directories =======
2013-03-15 13:33 - 2014-03-22 16:21 - 0043128 _____ () C:\Users\broma_000\AppData\Roaming\AbsoluteReminder.xml
2014-10-03 15:54 - 2014-10-03 15:54 - 1177208 _____ () C:\Users\broma_000\AppData\Roaming\AndyCleanupTool.exe
2014-10-03 15:54 - 2014-10-03 15:54 - 1176696 _____ () C:\Users\broma_000\AppData\Roaming\AndyCleanVM.exe
2013-03-15 16:23 - 2013-05-08 20:23 - 0000096 _____ () C:\Users\broma_000\AppData\Roaming\Camdata.ini
2013-03-15 16:23 - 2013-05-08 20:23 - 0000408 _____ () C:\Users\broma_000\AppData\Roaming\CamLayout.ini
2013-03-15 16:23 - 2013-05-08 20:23 - 0000408 _____ () C:\Users\broma_000\AppData\Roaming\CamShapes.ini
2013-03-15 16:23 - 2013-05-08 20:23 - 0004520 _____ () C:\Users\broma_000\AppData\Roaming\CamStudio.cfg
2014-03-22 16:20 - 2014-03-22 16:20 - 0076976 _____ () C:\Users\broma_000\AppData\Roaming\LoJackSetup.exe
2013-06-26 13:33 - 2013-06-26 13:33 - 0000037 ___SH () C:\Users\broma_000\AppData\Local\70149b02515b3bb20dd492.47983420
2014-12-24 16:37 - 2014-12-24 16:37 - 0001456 _____ () C:\Users\broma_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-14 03:08 - 2017-03-01 03:50 - 0007605 _____ () C:\Users\broma_000\AppData\Local\Resmon.ResmonCfg
2014-03-22 16:22 - 2014-03-22 16:22 - 6274864 _____ (Absolute Software Corp.) C:\Users\broma_000\AppData\Local\Setup.exe
2013-03-15 17:42 - 2013-03-15 17:46 - 0027024 _____ () C:\Users\broma_000\AppData\Local\WiDiSetupLog.20130315.184213.txt
2013-06-27 20:01 - 2013-06-27 20:07 - 0036914 _____ () C:\Users\broma_000\AppData\Local\WiDiSetupLog.20130627.210108.wdl
2013-12-11 16:31 - 2013-12-11 16:31 - 0015459 _____ () C:\Users\broma_000\AppData\Local\WiDiSetupLog.20131211.163127.wdl
2014-05-26 19:03 - 2014-05-26 19:03 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-11-23 23:11 - 2015-11-24 01:07 - 0019535 _____ () C:\ProgramData\empty.ico
2016-10-01 23:17 - 2016-10-01 23:17 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2013-03-15 16:40 - 2013-06-23 20:41 - 0000020 _____ () C:\ProgramData\IpAndPort.fig
2015-09-07 15:10 - 2011-04-15 04:33 - 0000068 _____ () C:\ProgramData\Logo_Language.ini
2013-03-15 16:40 - 2015-11-25 04:04 - 0000197 _____ () C:\ProgramData\RmUserCfg.ini
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\mfc120jpn.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-01 19:27
==================== End of FRST.txt ============================

Attached Files


Edited by broman400, 03 March 2017 - 04:32 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 04 March 2017 - 01:16 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Regarding the log files your computer may have problems with the file system or bad sectors on the HDD.

 

2017-03-01 03:35 - 2017-03-01 03:35 - 00000000 __SHD C:\found.008

 

Run CHKDSK to check for disk errors
 

  • Click Start => go to RUN and type in cmd and then hit Enter.
  • At the command prompt, copy and paste the following command chkdsk c: /x /f /r and then press Enter.
  • When you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK will be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up a lot of time to complete! Don't interrupt the process!
  • When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled WinInit and id of 1001.
  • Double-click WinInit to open the CHKDSK results. Another ways to obtain the logs are described here
  • Click on the Copy button and post the result in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 05 March 2017 - 06:00 AM

I forgot to mention that you need to run CMD.exe as administrator.

 

Click Start > All Programs > Accessories, right click on Command Prompt and select "run administrator".

 

Then copy/paste the following text at the command prompt and press enter after it:

 

chkdsk c: /x /f /r

 

Next continue as described in my previous post.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 broman400

broman400
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 05 March 2017 - 10:11 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/5/2017 8:06:26 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Brian-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  494592 file records processed.                                                        

File verification completed.
  16303 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  600822 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 2924 unused index entries from index $SII of file 0x9.
Cleaning up 2924 unused index entries from index $SDH of file 0x9.
Cleaning up 2924 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  53116 data files processed.                                           

CHKDSK is verifying Usn Journal...
  38350816 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  494576 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  21615012 free clusters processed.                                                       

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

 464113450 KB total disk space.
 376880532 KB in 293180 files.
    152276 KB in 53119 indexes.
         0 KB in bad sectors.
    620594 KB in use by the system.
     65536 KB occupied by the log file.
  86460048 KB available on disk.

      4096 bytes in each allocation unit.
 116028362 total allocation units on disk.
  21615012 allocation units available on disk.

Internal Info:
00 8c 07 00 f7 47 05 00 72 81 07 00 00 00 00 00  .....G..r.......
e7 22 00 00 6a 00 00 00 00 00 00 00 00 00 00 00  ."..j...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-06T01:06:26.202555400Z" />
    <EventRecordID>12032</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Brian-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  494592 file records processed.                                                        

File verification completed.
  16303 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  600822 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 2924 unused index entries from index $SII of file 0x9.
Cleaning up 2924 unused index entries from index $SDH of file 0x9.
Cleaning up 2924 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  53116 data files processed.                                           

CHKDSK is verifying Usn Journal...
  38350816 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  494576 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  21615012 free clusters processed.                                                       

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

 464113450 KB total disk space.
 376880532 KB in 293180 files.
    152276 KB in 53119 indexes.
         0 KB in bad sectors.
    620594 KB in use by the system.
     65536 KB occupied by the log file.
  86460048 KB available on disk.

      4096 bytes in each allocation unit.
 116028362 total allocation units on disk.
  21615012 allocation units available on disk.

Internal Info:
00 8c 07 00 f7 47 05 00 72 81 07 00 00 00 00 00  .....G..r.......
e7 22 00 00 6a 00 00 00 00 00 00 00 00 00 00 00  ."..j...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 06 March 2017 - 04:19 AM

Hi,

 

 

The log looks ok. It seems that CHKDSK fixed some issues with the file system but there are no bad sectors on the drive which is a good sign. To exclude any problems related to the HDD let me see the SMART attributes too:

 

 

1. Download CrystalDiskInfo 7.0.5 Portable

 

2. Unpack the program on your desktop.

 

3. Run it and resize the window to show all of the columns.

 

4. Make a screenshot and upload it at http://imgur.com/

 

5. Post the link to the image in your next reply.

 

 

 

I have double checked the FRST logs and found no malware on your computer. However we can still remove a few potentially unwanted entries.

 

 

Please download the following file => Attached File  fixlist.txt   1.23KB   3 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

 

 

Regarding your concerns about having multiple instances of CompatTelRunner.exe this is a normal behaviour since the process is related to Microsoft Customer Experience Improvement Program (aka Telemetry). It checks your system for compatibility issues and tells Microsoft if your system is ready to receive Windows Updates. I would advise you not to disable it.

 

 

 

If you still have problems with Malwarebytes Anti-Malware and Norton Internet Security you can try to reinstall them to see if that will fix the issues.

Be sure to save your license information first!

 

To remove Malwarebytes you can use the following tool:

https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/

 

To Remove Norton use this one:

https://support.norton.com/sp/en/us/home/current/solutions/v60392881_EndUserProfile_en_us

 

 

 

Also you have a lot of programs running in the background. This can slow down your system immensely. You can disable some of them using the Task Manager and Task Scheduler:

 

https://www.howtogeek.com/162446/how-to-manage-startup-applications-in-windows-8/

 

The programs you removed will no longer automatically launch once Windows starts up

Remember, we aren't removing the programs, just turning them off when your computer boots up.
These entries can also always be rechecked if you need them at a later stage.

 

You can check this article as well. Most of the advice are applicable to Windows 10 too.

 

 

Let me know how are things after the steps above.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 broman400

broman400
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 07 March 2017 - 01:25 AM

I used the FixList.txt with FRST and it was a success, also I ran a program called Tweaking.com - Windows Repair which greatly improved my system performance. Still a bit laggy, but it helped it a lot.

 

Here is the url of the CrystalDiskInfo image: http://imgur.com/a/F1i7J



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 07 March 2017 - 02:33 AM

Hi,

 

 

Please post the content of fixlog.txt in your next reply. Also I didn't instruct you to run Tweaking.com Windows Repair All in One. The tool is very powerful but his main purpose is to solve some problems with Windows and not to boost the performance.

 

The log file from CrystalDiskInfo is ok.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 broman400

broman400
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 07 March 2017 - 02:35 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by broma_000 (07-03-2017 00:21:55) Run:2
Running from C:\Users\broma_000\Desktop\Downloads
Loaded Profiles: broma_000 (Available Profiles: broma_000 & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN77284705240691524&UM=2"
CHR Extension: (Chrome Media Router) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1FE79EAFF944}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath
Task: {2BB6F013-E6AB-4060-869A-908EAEE7BD78} - System32\Tasks\{0CC8BBF3-B43F-4E5D-99E1-4CC95C4D65DF} => pcalua.exe -a "C:\Windows\Video Cleaner Pro Uninstaller.exe"
AlternateDataStreams: C:\ProgramData\Temp:5B811727 [328]
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1 [129]
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-4254226789-487654737-2996639702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
Chrome StartupUrls => removed successfully
C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1FE79EAFF944} => key removed successfully
HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB6F013-E6AB-4060-869A-908EAEE7BD78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB6F013-E6AB-4060-869A-908EAEE7BD78} => key removed successfully
C:\WINDOWS\System32\Tasks\{0CC8BBF3-B43F-4E5D-99E1-4CC95C4D65DF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CC8BBF3-B43F-4E5D-99E1-4CC95C4D65DF} => key removed successfully
C:\ProgramData\Temp => ":5B811727" ADS removed successfully.
C:\ProgramData\Temp => ":792D4CF1" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24828924 B
Java, Flash, Steam htmlcache => 1452 B
Windows/system/drivers => 97740 B
Edge => 169000848 B
Chrome => 117523528 B
Firefox => 377563588 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 168482 B
NetworkService => 39092224 B
broma_000 => 28548590 B
DefaultAppPool => 0 B
RecycleBin => 0 B
EmptyTemp: => 721.8 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 00:23:48 ====


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 07 March 2017 - 02:54 AM

Ok, let me know if the rest of the steps (links) from my previous post solved the remaining problems (with Norton, Malwarebytes, performance, etc.).

 

Also check your PM.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 11 March 2017 - 02:35 PM

Hi,

 

It's been several days. Do you still need help on this?

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 13 March 2017 - 09:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 15 March 2017 - 06:05 PM

This topic has been re-opened at the request of the person who originally posted.

cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:58 PM

Posted 15 March 2017 - 06:06 PM

Hi,

 

 

No worry about the delay. Please let me know what is current situation. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 broman400

broman400
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 16 March 2017 - 01:10 AM

Replying to you private message,

I ran Blackbird twice, the second time I opened it it said AutoLoggers weren't blocked so I ran it again. Norton & MalwareBytes seem to be fine now. About the startup programs I'm not sure which programs to disable.



#15 broman400

broman400
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 16 March 2017 - 02:10 AM

Just rebooted the computer, saw a lot of ShellExperienceHost.exe services, I forgot to mention I removed a lot of Startup items using Revo Uninstaller Pro, but boot up is still ridiculously slow and the same 100% disk usage issues.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users