Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Always Requested Resource is in use


  • This topic is locked This topic is locked
16 replies to this topic

#1 wjmccrthy

wjmccrthy

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 05 September 2017 - 07:34 PM

I am very perplexed.  I am trying to follow the instructions, but the result is the same -- THE REQUESTED RESOURCE IS IN USE.  I cannot run most anti-virus programs and am having some trouble accessing various websites.

 

I am unable to run rkill or the zemena scanner, because the requested resource is in use.

 

Malwarebytes rootkit detects over 800 items everytime I run it.

 

How can I fix this?  Most websites are unreachable because of this virus.

 

Please help!

Thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by wjmcc (administrator) on DESKTOP-UCKJ985 (05-09-2017 20:25:19)
Running from C:\Users\wjmcc\Desktop
Loaded Profiles: wjmcc (Available Profiles: defaultuser0 & wjmcc)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => "C:\WINDOWS\system32\igfxtray.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [Plumbytes Anti-Malware] => C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe [1849072 2017-05-29] (Anti-Malware)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-09-02] (SUPERAntiSpyware)
IFEO\Acrobat.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acrodist.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\formscentralforacrobat.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6220e6ec-06ca-48bf-9a5c-45b1d20ce39e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6220e6ec-06ca-48bf-9a5c-45b1d20ce39e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84090baa-e214-4192-9031-0fd814259647}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cc25454f-91c3-4c3d-b577-9b47093137e5}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-02] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-02] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-03] ()
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-03] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-02] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default [2017-09-05]
CHR Extension: (Google Slides) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-04]
CHR Extension: (Google Docs) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-04]
CHR Extension: (Google Drive) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-04]
CHR Extension: (YouTube) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-04]
CHR Extension: (Adobe Acrobat) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-04]
CHR Extension: (Bing) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-09-04]
CHR Extension: (Google Sheets) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-04]
CHR Extension: (Gmail) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\wjmcc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-04]
CHR HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-07-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-11] (SUPERAntiSpyware.com)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 pbamw_service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe [126192 2017-05-19] (PLUMBYTES)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-12-05] (Intel Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-09-04] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-05 20:25 - 2017-09-05 20:25 - 000014788 _____ C:\Users\wjmcc\Desktop\FRST.txt
2017-09-05 20:25 - 2017-09-05 20:25 - 000000000 ____D C:\FRST
2017-09-05 20:20 - 2017-09-05 20:22 - 000000000 ____D C:\Users\wjmcc\Desktop\AVS
2017-09-05 20:20 - 2017-09-05 20:19 - 002395648 _____ (Farbar) C:\Users\wjmcc\Desktop\FRST64.exe
2017-09-05 20:19 - 2017-09-05 20:19 - 002395648 _____ (Farbar) C:\Users\wjmcc\Downloads\FRST64.exe
2017-09-05 20:04 - 2017-09-05 20:04 - 000113488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mounquxa.sys
2017-09-05 03:33 - 2017-09-05 03:33 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-09-05 03:33 - 2017-09-05 03:33 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\TileDataLayer
2017-09-05 03:33 - 2017-09-05 03:33 - 000000000 ____D C:\Users\DefaultAppPool
2017-09-05 03:33 - 2017-09-03 18:56 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Sun
2017-09-05 03:33 - 2017-08-08 08:09 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2017-09-04 20:53 - 2017-09-04 20:53 - 001790024 _____ (Malwarebytes) C:\Users\wjmcc\Desktop\JRT.exe
2017-09-04 20:49 - 2017-09-04 20:50 - 030472456 _____ (SUPERAntiSpyware) C:\Users\wjmcc\Downloads\SUPERAntiSpyware (1).exe
2017-09-04 18:19 - 2017-09-04 18:19 - 000738880 _____ (Oracle Corporation) C:\Users\wjmcc\Downloads\JavaSetup8u144.exe
2017-09-04 18:19 - 2017-09-04 18:19 - 000738880 _____ (Oracle Corporation) C:\Users\wjmcc\Downloads\JavaSetup8u144 (2).exe
2017-09-04 18:19 - 2017-09-04 18:19 - 000738880 _____ (Oracle Corporation) C:\Users\wjmcc\Downloads\JavaSetup8u144 (1).exe
2017-09-04 17:52 - 2017-09-04 17:52 - 000594988 _____ C:\WINDOWS\Minidump\090417-31656-01.dmp
2017-09-04 17:42 - 2017-09-04 17:44 - 000632604 _____ C:\WINDOWS\Minidump\090417-38562-01.dmp
2017-09-04 17:40 - 2017-09-04 17:40 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-04 17:40 - 2017-09-04 17:40 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-04 17:17 - 2017-09-04 17:17 - 000614628 _____ C:\WINDOWS\Minidump\090417-36359-01.dmp
2017-09-04 14:28 - 2017-09-04 14:39 - 000000000 ____D C:\Users\wjmcc\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-09-04 14:28 - 2017-09-04 14:28 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware
2017-09-04 14:15 - 2017-09-04 14:15 - 000000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2017-09-04 14:15 - 2017-09-04 14:15 - 000000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2017-09-04 14:15 - 2017-09-04 14:15 - 000000000 ____D C:\Users\.NET v4.5\AppData\Local\TileDataLayer
2017-09-04 14:15 - 2017-09-04 14:15 - 000000000 ____D C:\Users\.NET v4.5 Classic\AppData\Local\TileDataLayer
2017-09-04 14:15 - 2017-09-04 14:15 - 000000000 ____D C:\Users\.NET v4.5 Classic
2017-09-04 14:15 - 2017-09-04 14:15 - 000000000 ____D C:\Users\.NET v4.5
2017-09-04 14:15 - 2017-09-03 18:56 - 000000000 ____D C:\Users\.NET v4.5\AppData\Roaming\Sun
2017-09-04 14:15 - 2017-09-03 18:56 - 000000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\Sun
2017-09-04 14:15 - 2017-08-08 08:09 - 000000000 ____D C:\Users\.NET v4.5\AppData\Roaming\TuneUp Software
2017-09-04 14:15 - 2017-08-08 08:09 - 000000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\TuneUp Software
2017-09-04 14:14 - 2017-09-04 14:14 - 001757848 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-09-04 14:14 - 2017-09-04 14:14 - 000000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2017-09-04 14:14 - 2017-09-04 14:14 - 000000020 ___SH C:\Users\.NET v2.0\ntuser.ini
2017-09-04 14:14 - 2017-09-04 14:14 - 000000020 ___SH C:\Users\.NET v2.0 Classic\ntuser.ini
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\Classic .NET AppPool\AppData\Local\TileDataLayer
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\Classic .NET AppPool
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\.NET v2.0\AppData\Local\TileDataLayer
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\.NET v2.0 Classic\AppData\Local\TileDataLayer
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\.NET v2.0 Classic
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\Users\.NET v2.0
2017-09-04 14:14 - 2017-09-04 14:14 - 000000000 ____D C:\inetpub
2017-09-04 14:14 - 2017-09-03 18:56 - 000000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Sun
2017-09-04 14:14 - 2017-09-03 18:56 - 000000000 ____D C:\Users\.NET v2.0\AppData\Roaming\Sun
2017-09-04 14:14 - 2017-09-03 18:56 - 000000000 ____D C:\Users\.NET v2.0 Classic\AppData\Roaming\Sun
2017-09-04 14:14 - 2017-08-08 08:09 - 000000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\TuneUp Software
2017-09-04 14:14 - 2017-08-08 08:09 - 000000000 ____D C:\Users\.NET v2.0\AppData\Roaming\TuneUp Software
2017-09-04 14:14 - 2017-08-08 08:09 - 000000000 ____D C:\Users\.NET v2.0 Classic\AppData\Roaming\TuneUp Software
2017-09-04 12:20 - 2017-09-04 12:20 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32A10098.sys
2017-09-04 12:20 - 2017-09-04 12:20 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1D100033.sys
2017-09-04 12:02 - 2017-09-05 16:01 - 000000000 ____D C:\Users\wjmcc\AppData\Local\imexfrj
2017-09-04 12:00 - 2017-09-04 19:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-04 11:35 - 2017-09-04 11:35 - 000000000 ____D C:\Program Files\Plumbytes Software
2017-09-04 11:30 - 2017-09-04 11:30 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4B6059C1.sys
2017-09-04 11:28 - 2017-09-04 11:28 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6EFD5849.sys
2017-09-04 11:19 - 2017-09-04 11:19 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5E915166.sys
2017-09-04 11:18 - 2017-09-04 11:18 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\68C75135.sys
2017-09-04 10:22 - 2017-09-04 12:02 - 000000000 ____D C:\WINDOWS\system32\imebqun
2017-09-04 10:17 - 2017-09-04 10:17 - 000579172 _____ C:\WINDOWS\Minidump\090417-34968-01.dmp
2017-09-04 10:17 - 2017-09-04 10:17 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3A9F2219.sys
2017-09-04 10:14 - 2017-09-04 10:14 - 000000000 ____D C:\WINDOWS\system32\winslvd
2017-09-04 10:09 - 2017-09-04 10:09 - 000566436 _____ C:\WINDOWS\Minidump\090417-33796-01.dmp
2017-09-04 10:09 - 2017-09-04 10:09 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\16EC1C5F.sys
2017-09-04 10:06 - 2017-09-05 20:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-04 10:05 - 2017-09-04 10:06 - 000561596 _____ C:\WINDOWS\Minidump\090417-40359-01.dmp
2017-09-04 10:05 - 2017-09-04 10:05 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7292190E.sys
2017-09-04 10:03 - 2017-09-04 10:07 - 000000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\WINDOWS\system32\unialim
2017-09-04 09:51 - 2017-09-04 09:51 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6ED00DEE.sys
2017-09-04 09:50 - 2017-09-04 09:52 - 000625908 _____ C:\WINDOWS\Minidump\090417-33093-01.dmp
2017-09-04 00:28 - 2017-09-04 07:28 - 000000000 ____D C:\WINDOWS\system32\lsawern
2017-09-03 21:23 - 2017-09-03 21:23 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4E21520F.sys
2017-09-03 20:25 - 2017-09-03 21:07 - 000117573 _____ C:\Users\wjmcc\Desktop\avgrep.txt
2017-09-03 19:37 - 2017-09-03 19:38 - 000585620 _____ C:\WINDOWS\Minidump\090317-29375-01.dmp
2017-09-03 19:21 - 2017-09-03 19:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6AC974C6.sys
2017-09-03 19:21 - 2017-09-03 19:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51237474.sys
2017-09-03 19:15 - 2017-09-03 19:15 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46316FDC.sys
2017-09-03 19:15 - 2017-09-03 19:15 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0DE9701E.sys
2017-09-03 19:04 - 2017-09-03 19:04 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Sun
2017-09-03 19:01 - 2017-09-03 19:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-09-03 19:01 - 2017-09-03 19:01 - 000002103 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-09-03 18:57 - 2017-09-03 18:57 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-03 18:57 - 2017-09-03 18:57 - 000000000 ____D C:\Program Files\VideoLAN
2017-09-03 18:56 - 2017-09-03 19:04 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-09-03 18:56 - 2017-09-03 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-03 18:56 - 2017-09-03 19:04 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 ____D C:\Users\Default\AppData\Roaming\Sun
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2017-09-03 18:54 - 2017-09-03 18:54 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-09-03 18:54 - 2017-09-03 18:54 - 000000000 ____D C:\Program Files (x86)\Secunia
2017-09-03 18:51 - 2017-09-03 18:50 - 061819320 _____ (Malwarebytes ) C:\Users\wjmcc\Desktop\mbarw-setup-consumer-0.9.18.807.exe
2017-09-03 18:24 - 2017-09-03 18:10 - 002549112 _____ (Microsoft Corporation) C:\Users\wjmcc\Desktop\DefaultPack.EXE
2017-09-03 17:55 - 2017-09-03 17:55 - 000000000 _____ C:\autoexec.bat
2017-09-03 17:54 - 2017-09-04 09:23 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Enigma Software Group
2017-09-03 17:54 - 2017-09-03 17:54 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-09-03 17:54 - 2017-09-03 17:54 - 000000000 ____D C:\sh4ldr
2017-09-03 13:35 - 2017-09-03 13:35 - 000547380 _____ C:\WINDOWS\Minidump\090317-32937-01.dmp
2017-09-03 13:35 - 2017-09-03 13:35 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\10CF6B68.sys
2017-09-03 13:28 - 2017-09-03 13:28 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\02AD6613.sys
2017-09-03 13:24 - 2017-09-03 13:23 - 008182736 _____ (Malwarebytes) C:\Users\wjmcc\Desktop\AdwCleaner.exe
2017-09-03 12:42 - 2017-09-03 12:39 - 011599120 _____ (SurfRight B.V.) C:\Users\wjmcc\Desktop\HitmanPro_x64.exe
2017-09-03 10:45 - 2017-09-03 10:45 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\177D69C0.sys
2017-09-03 10:18 - 2017-09-03 10:19 - 000531580 _____ C:\WINDOWS\Minidump\090317-31859-01.dmp
2017-09-03 09:39 - 2017-09-03 09:40 - 000546060 _____ C:\WINDOWS\Minidump\090317-33046-01.dmp
2017-09-02 20:40 - 2017-09-04 12:17 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-02 20:17 - 2017-09-04 19:44 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-02 18:16 - 2017-09-04 19:44 - 000000000 ____D C:\Users\wjmcc\Desktop\mbar
2017-09-02 18:15 - 2017-09-02 18:10 - 016410524 _____ C:\Users\wjmcc\Desktop\mbar-1.09.3.1001.zip
2017-09-02 17:55 - 2017-09-02 17:55 - 016563352 _____ (Malwarebytes Corp.) C:\Users\wjmcc\Desktop\mbar-1.09.3.1001.exe
2017-09-02 13:01 - 2017-09-04 15:57 - 000000000 ____D C:\Users\wjmcc\AppData\Local\ElevatedDiagnostics
2017-09-02 12:54 - 2017-09-05 19:44 - 000000000 ____D C:\Users\wjmcc\AppData\Local\winqtqf
2017-09-02 12:54 - 2017-09-02 18:46 - 000000000 ____D C:\Users\wjmcc\AppData\Local\regtool
2017-09-02 12:48 - 2017-09-02 12:48 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\190B797A.sys
2017-09-02 12:47 - 2017-09-05 20:09 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-09-02 12:28 - 2017-09-05 20:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-02 12:28 - 2017-09-02 12:28 - 000577316 _____ C:\WINDOWS\Minidump\090217-24750-01.dmp
2017-09-02 12:23 - 2017-09-02 12:23 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\57B166B7.sys
2017-09-02 12:23 - 2017-09-02 12:23 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\09D96693.sys
2017-09-02 12:20 - 2017-09-02 12:20 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\18CC63E5.sys
2017-09-02 12:10 - 2017-09-02 12:10 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\354D5C2A.sys
2017-09-02 12:07 - 2017-09-02 12:07 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6F615A47.sys
2017-09-02 12:07 - 2017-09-02 12:07 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3D3A5A6B.sys
2017-09-02 12:01 - 2017-09-02 12:01 - 000557180 _____ C:\WINDOWS\Minidump\090217-31234-01.dmp
2017-09-02 11:54 - 2017-09-02 11:54 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\72E44FD1.sys
2017-09-02 11:52 - 2017-09-02 11:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\709A4E43.sys
2017-09-02 11:52 - 2017-09-02 11:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\000B4EC5.sys
2017-09-02 11:51 - 2017-09-02 11:51 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22C24E1F.sys
2017-09-02 11:44 - 2017-09-02 11:44 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42B248B9.sys
2017-09-02 11:44 - 2017-09-02 11:44 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\108A48DD.sys
2017-09-02 11:29 - 2017-09-02 11:29 - 000559804 _____ C:\WINDOWS\Minidump\090217-37515-01.dmp
2017-09-02 11:29 - 2017-09-02 11:29 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\33953D04.sys
2017-09-02 11:25 - 2017-09-02 11:26 - 000557764 _____ C:\WINDOWS\Minidump\090217-38984-01.dmp
2017-09-02 11:25 - 2017-09-02 11:25 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1EAB3A35.sys
2017-09-02 11:21 - 2017-09-02 11:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\203936FB.sys
2017-09-02 11:16 - 2017-09-05 20:25 - 001084558 _____ C:\WINDOWS\ntbtlog.txt
2017-09-02 11:16 - 2017-09-02 11:17 - 000577412 _____ C:\WINDOWS\Minidump\090217-25218-01.dmp
2017-09-02 11:00 - 2017-09-04 17:51 - 647491783 _____ C:\WINDOWS\MEMORY.DMP
2017-09-02 11:00 - 2017-09-02 11:00 - 000000000 _____ C:\WINDOWS\Minidump\090217-38125-01.dmp
2017-09-02 10:57 - 2017-09-02 10:57 - 000000000 ____D C:\WINDOWS\Panther
2017-09-02 10:55 - 2017-09-02 10:55 - 000000000 ____D C:\WINDOWS\SysWOW64\uniydcf
2017-09-02 10:55 - 2017-09-02 10:55 - 000000000 ____D C:\WINDOWS\system32\uniydcf
2017-09-02 10:55 - 2017-09-02 10:55 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\et
2017-09-02 10:52 - 2017-09-02 10:52 - 000021602 _____ C:\WINDOWS\System32\Tasks\L4GBhxOtzsNr
2017-09-02 10:49 - 2017-09-02 11:39 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-02 10:49 - 2017-09-02 10:49 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-02 10:49 - 2017-09-02 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 10:49 - 2017-09-02 10:49 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-02 10:48 - 2017-09-02 10:48 - 000000000 _____ C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.173
2017-09-02 10:33 - 2017-09-02 10:52 - 000000000 ____D C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.1733Keygen_20170826
2017-09-02 10:31 - 2017-09-02 10:31 - 000320854 _____ C:\Users\wjmcc\Desktop\Phillips.Lee_Signed_Letter.pdf
2017-08-31 15:29 - 2017-08-31 15:29 - 000078744 _____ (MTQ0HV) C:\WINDOWS\system32\Drivers\b78ea611549e5e536844b2d8a6096253.sys
2017-08-31 15:29 - 2017-08-31 15:29 - 000037159 _____ C:\WINDOWS\uninstaller.dat
2017-08-25 18:58 - 2017-08-25 18:58 - 000954861 _____ C:\Users\wjmcc\Desktop\20170825_Invoice_Sherefe - MC8584.pdf
2017-08-25 09:27 - 2017-08-26 11:30 - 000037859 _____ C:\Users\wjmcc\Desktop\Soundex_bud.xlsx
2017-08-20 07:18 - 2017-08-20 07:18 - 000002529 ____N C:\Users\Public\Desktop\TurboTax 2016.lnk
2017-08-20 07:18 - 2017-08-20 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-08-20 07:13 - 2017-08-20 07:14 - 122027056 _____ C:\Users\wjmcc\Desktop\Turbo Tax Deluxe 2016.exe
2017-08-19 12:13 - 2017-08-26 09:06 - 000390800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-19 09:06 - 2017-08-19 09:10 - 000024731 _____ C:\Users\wjmcc\Desktop\Transactions-2017-8-19.xlsx
2017-08-19 08:11 - 2017-08-19 08:11 - 000018180 _____ C:\Users\wjmcc\Desktop\DisclosureStatement.pdf
2017-08-19 07:35 - 2017-08-19 07:55 - 022158193 _____ C:\Users\wjmcc\Desktop\Jul 2017.xlsx
2017-08-15 07:01 - 2017-08-15 07:01 - 000000000 ____D C:\Users\wjmcc\AppData\Local\DBG
2017-08-13 15:50 - 2017-08-13 15:50 - 000002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-08-09 08:12 - 2017-08-09 08:12 - 000002591 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-08-09 08:12 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 08:12 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 08:12 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 08:12 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 08:12 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 08:12 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 08:12 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 08:12 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 08:12 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 08:12 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 08:12 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 08:12 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 08:12 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 08:12 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 08:12 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 08:12 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 08:12 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 08:12 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 08:12 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 08:12 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 08:12 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 08:12 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 08:12 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 08:12 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 08:12 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 08:12 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 08:12 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 08:12 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 08:12 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 08:12 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 08:12 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 08:12 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 08:12 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 08:12 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 08:12 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 08:12 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 08:12 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 08:12 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 08:12 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 08:12 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 08:12 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 08:12 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 08:12 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 08:12 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 08:12 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 08:12 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 08:12 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 08:12 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 08:12 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 08:12 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 08:12 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 08:12 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 08:12 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 08:12 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 08:12 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 08:12 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 08:12 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 08:12 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 08:12 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 08:12 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 08:12 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 08:12 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 08:12 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 08:12 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 08:12 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 08:12 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 08:12 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 08:12 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 08:12 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 08:12 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 08:12 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 08:12 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 08:12 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 08:12 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 08:12 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 08:12 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 08:12 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 08:12 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 08:12 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 08:12 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 08:12 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 08:12 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 08:12 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 08:12 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 08:12 - 2017-02-21 09:29 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-08-09 08:11 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 08:11 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 08:11 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 08:11 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 08:11 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 08:11 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 08:11 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 08:11 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 08:11 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 08:10 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 08:10 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 08:10 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 08:10 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 08:10 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 08:10 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 08:09 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 08:09 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 08:09 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 08:09 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 08:09 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 08:09 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 08:09 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 08:09 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 08:09 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 08:09 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 08:09 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 08:09 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 08:09 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 08:09 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 08:09 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 08:09 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 08:09 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 08:09 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 08:09 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 08:09 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 08:09 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 08:09 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 08:09 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 08:09 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 08:09 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 08:09 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 08:09 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 08:09 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 08:09 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 08:09 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 08:09 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 08:09 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 08:09 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 08:09 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 08:09 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 08:09 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 08:09 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 08:09 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 08:09 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 08:09 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 08:09 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 08:09 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 08:09 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 08:09 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 08:09 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 08:09 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 08:09 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 08:09 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 08:09 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 08:09 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 08:09 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 08:09 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 08:09 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 08:09 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 08:09 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 08:09 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 08:09 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 08:09 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 08:09 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 08:09 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 08:09 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 08:09 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 08:09 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 08:09 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 08:09 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 08:09 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 08:09 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 08:09 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 08:09 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 08:09 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 08:09 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 08:09 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 08:09 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 08:09 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 08:09 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 08:09 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 08:09 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 08:09 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 08:09 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 08:09 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 08:09 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 08:09 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 08:09 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 08:09 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 08:09 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 08:09 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 08:09 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 08:09 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 08:09 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 08:09 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 08:09 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 08:09 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 08:09 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 08:09 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 08:09 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 08:09 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 08:09 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 08:09 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 08:09 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 08:09 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 08:09 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 08:09 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 08:09 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 08:08 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 08:08 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 08:08 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 08:08 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 08:08 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 08:08 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 08:08 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 08:08 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 08:08 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 08:08 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 08:08 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 08:08 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 08:08 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 08:08 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 08:08 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 08:08 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 08:08 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 08:08 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 08:08 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 08:08 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 08:08 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 08:08 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 08:08 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 08:08 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 08:08 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 08:08 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 08:08 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 08:08 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 08:08 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 08:08 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 08:08 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 08:08 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 08:08 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 08:08 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 08:08 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 08:08 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 08:08 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 08:08 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 08:08 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 08:08 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 08:08 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 08:08 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 08:08 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 08:08 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 08:08 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 08:08 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 08:08 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 08:08 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 08:08 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 08:08 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 08:08 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 08:08 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 08:08 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 08:08 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 08:08 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 08:08 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 08:08 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 08:08 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 08:08 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 08:08 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 08:08 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 08:08 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 08:08 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 08:08 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 08:08 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 08:08 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 08:08 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 08:08 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 08:08 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 08:08 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 08:08 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 08:08 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 08:08 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 08:08 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 08:08 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 08:08 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 08:05 - 2017-08-09 08:05 - 000000000 ____D C:\Users\wjmcc\Desktop\AVG PC Tuneup 16.32.2.3320
2017-08-09 07:54 - 2017-08-09 07:54 - 000000000 ____D C:\Users\wjmcc\Desktop\AVGPcTuneup2015SerialKeyDownload_20150530_1429
2017-08-09 07:52 - 2017-08-09 08:31 - 000001813 ____N C:\Users\wjmcc\Desktop\AVG PC TuneUp.lnk
2017-08-08 08:09 - 2017-08-08 08:09 - 000000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2017-08-08 08:09 - 2017-08-08 08:09 - 000000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2017-08-06 20:54 - 2017-08-06 20:54 - 000000000 ____D C:\Users\wjmcc\AppData\Local\CEF
2017-08-06 20:53 - 2017-08-06 20:53 - 003311808 _____ (AVG Technologies CZ, s.r.o.) C:\Users\wjmcc\Downloads\AVG_PCTuneUp_878.exe
2017-08-06 19:24 - 2017-08-06 19:24 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\TuneUp Software
2017-08-06 19:24 - 2017-08-06 19:24 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\AVG
2017-08-06 19:23 - 2017-09-04 17:46 - 000000000 ___HD C:\$AVG
2017-08-06 19:22 - 2017-09-04 17:48 - 000000000 ____D C:\ProgramData\MFAData
2017-08-06 19:22 - 2017-09-04 17:48 - 000000000 ____D C:\Program Files (x86)\AVG
2017-08-06 19:22 - 2017-09-03 21:37 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-08-06 19:22 - 2017-08-06 19:22 - 000000000 ____D C:\Users\wjmcc\AppData\Local\MFAData
2017-08-06 19:19 - 2017-09-04 17:48 - 000000000 ____D C:\Users\wjmcc\AppData\Local\Avg
2017-08-06 19:19 - 2017-09-04 17:45 - 000000000 ____D C:\Users\wjmcc\AppData\Local\AvgSetupLog
2017-08-06 19:19 - 2017-08-24 05:28 - 000000000 ____D C:\ProgramData\Avg
2017-08-06 19:18 - 2017-08-06 19:18 - 000000000 ____D C:\Users\wjmcc\Desktop\AVG
2017-08-06 19:09 - 2017-08-06 19:09 - 000000000 ____D C:\Users\wjmcc\Desktop\AVGInternetSecurity16.131.7924x86x64LicenseKeys_20170623
2017-08-06 18:42 - 2017-08-06 18:42 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-06 00:07 - 2017-03-18 07:40 - 015728640 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-05 20:13 - 2017-06-17 11:42 - 001999810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-05 20:04 - 2017-06-17 11:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-05 20:04 - 2017-03-18 07:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-05 19:59 - 2017-06-17 11:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-05 18:16 - 2017-07-01 07:27 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CC6A184C-C69D-41A6-B793-DD50FB772B6D}
2017-09-05 13:58 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-04 20:56 - 2016-12-10 08:31 - 000000000 ____D C:\AdwCleaner
2017-09-04 19:44 - 2016-11-26 12:53 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-04 18:04 - 2016-11-19 10:16 - 000000000 ____D C:\Users\wjmcc\AppData\Local\Google
2017-09-04 17:52 - 2017-08-02 12:06 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-04 17:47 - 2017-06-17 11:31 - 000000000 ____D C:\Users\wjmcc
2017-09-04 17:46 - 2017-03-18 17:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-04 17:46 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-04 17:45 - 2016-11-19 10:16 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-04 17:40 - 2016-11-24 10:12 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Azureus
2017-09-04 17:22 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-04 14:15 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-04 14:14 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-04 14:14 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-09-04 14:14 - 2017-03-18 16:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-09-04 14:14 - 2017-03-18 16:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-09-04 14:14 - 2017-03-18 16:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-09-04 14:14 - 2017-03-18 16:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-09-04 14:14 - 2017-03-18 16:56 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
2017-09-04 14:02 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-04 12:17 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-09-04 05:26 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-03 19:01 - 2017-05-07 18:44 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-09-03 18:58 - 2017-07-08 09:22 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-09-03 18:57 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-03 18:57 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-03 18:42 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\registration
2017-09-03 09:41 - 2017-06-17 11:31 - 000000000 ____D C:\Users\defaultuser0
2017-09-02 22:44 - 2017-03-18 17:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-09-02 22:44 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-02 21:08 - 2016-10-10 17:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-02 20:43 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-02 20:40 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Resources
2017-09-02 20:17 - 2016-11-26 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 12:46 - 2017-05-13 05:38 - 000000680 _____ C:\Users\wjmcc\Desktop\Adobe Acrobat XI.lnk
2017-09-02 10:57 - 2016-12-17 10:46 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-02 10:57 - 2016-11-26 13:36 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-02 10:48 - 2016-11-19 10:17 - 000002302 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-09-02 10:45 - 2017-06-17 11:40 - 000002566 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2017-09-02 10:45 - 2017-05-07 19:00 - 000000000 ____D C:\Users\wjmcc\AppData\Local\WinZip
2017-09-02 08:44 - 2017-03-27 19:36 - 000008973 _____ C:\Users\wjmcc\Desktop\Glucose.xlsx
2017-08-26 09:10 - 2017-01-07 10:06 - 000000554 _____ C:\Users\wjmcc\Desktop\JRT.txt
2017-08-25 11:11 - 2017-03-26 18:19 - 000000000 ____D C:\Users\wjmcc\Documents\TurboTax
2017-08-25 09:28 - 2016-11-19 09:49 - 000000000 ____D C:\Users\wjmcc\AppData\Local\Packages
2017-08-20 07:18 - 2017-03-26 13:24 - 000000000 ____D C:\Users\wjmcc\AppData\Roaming\Intuit
2017-08-20 07:18 - 2017-03-26 13:24 - 000000000 ____D C:\Program Files (x86)\TurboTax
2017-08-11 18:45 - 2017-05-07 18:45 - 000002469 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-08-11 18:45 - 2017-05-07 18:45 - 000002294 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-08-11 18:45 - 2017-05-07 18:45 - 000002133 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-08-09 09:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-09 08:55 - 2016-10-10 17:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 08:49 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 08:33 - 2017-07-28 07:16 - 000002920 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741146877-3840377638-3316074432-1001
2017-08-09 08:16 - 2016-11-27 10:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 08:15 - 2016-11-27 10:58 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 05:15 - 2017-03-18 07:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
 
==================== Files in the root of some directories =======
 
2017-05-13 05:38 - 2017-05-13 05:38 - 000000000 _____ () C:\Users\wjmcc\AppData\Roaming\1RTPmvNX
2017-03-26 13:24 - 2017-03-26 18:51 - 000000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
2017-09-04 17:15 - 2017-09-04 17:40 - 000079904 _____ () C:\Users\wjmcc\AppData\Local\Temp\i4jdel0.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-28 13:48
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by wjmcc (05-09-2017 20:26:24)
Running from C:\Users\wjmcc\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-17 15:46:19)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1741146877-3840377638-3316074432-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1741146877-3840377638-3316074432-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1741146877-3840377638-3316074432-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1741146877-3840377638-3316074432-501 - Limited - Disabled)
wjmcc (S-1-5-21-1741146877-3840377638-3316074432-1001 - Administrator - Enabled) => C:\Users\wjmcc
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.22 - Adobe Systems)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\{B8ED0CDE-765A-4050-BC45-D7C4B226F73E}) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Plumbytes Anti-Malware 2017 (HKLM\...\Plumbytes Anti-Malware 2017) (Version:  - Plumbytes Software)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B96EE85-BBC4-45B7-9DF7-E99541D5FB68} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {13BD7203-CABA-400F-9D75-79082385942B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {187582A9-BF6C-42E8-8415-B9FDCD56866C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {5962CF5C-AA15-43FE-8553-62D8D011B624} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-02] (Microsoft Corporation)
Task: {778DB635-718D-45C3-8E47-150FACC5A742} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {908CBE61-A59B-4FCB-B3A6-AC69EC0C101A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-03] (Adobe Systems Incorporated)
Task: {966D6614-5F9A-408D-9BC4-74CF74F64745} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {ACB69727-0283-471F-AF54-7556E69F95E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {CB99B168-7A75-4989-AA3F-AA07D8FB4EB0} - System32\Tasks\L4GBhxOtzsNr => l4gbhxotzsnr.exe
Task: {D96EF7DB-E6BA-466F-B0EA-6A0C2BD53762} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-02] ()
Task: {DB86C19B-EC79-4266-8FEE-8825B18B1644} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-02] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\wjmcc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\wjmcc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-10 17:29 - 2017-09-02 20:41 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-04 17:40 - 2017-08-23 04:48 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libglesv2.dll
2017-09-04 17:40 - 2017-08-23 04:48 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123simsen.com -> www.123simsen.com
 
There are 7927 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-11-26 11:44 - 2017-02-04 11:35 - 000454123 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 license.superantispyware.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 15583 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wjmcc\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DCE77B49-DDB1-4787-945F-0DCDCF0FD794}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{A528DCA4-5205-405A-ACCA-683D5A9B0790}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3B6E86FA-F301-4DD4-A5C4-4F3720113392}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{718C3F4A-113C-4F17-96D2-95E9E3AD0DF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A2712006-4F65-4027-855B-912F593CD9FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{37A4B267-7EDB-41EF-886B-4E8868125EBA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9CF02923-E7A9-4F96-B0F2-95F3B47BD7A0}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{1E179AD3-1940-4284-BE42-6C2BF3601921}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{B96F966A-1ADA-4AD9-B651-177B8AC60958}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{E9ADDCA9-645F-472E-BC29-97F3E51ACCDC}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{439C4623-E7F3-41FE-91B3-AC4491A98D55}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{4684F46F-C5E4-4C0F-AD2B-B1D67B7DB1BC}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{CC1263F0-36AE-41A1-B4D4-F3118CAC78F0}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
FirewallRules: [{741AA89B-7CF5-4401-8185-A0CD93975A8E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C6243F8D-F0C1-4BAD-B0B7-838770F9D287}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A10398A0-51C9-4154-BD42-F0C9069D8022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{00BA46DD-D8B0-4030-80C7-960662ACA9F1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2B96D402-C721-45CE-8B31-CB4D5696EBB4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{485DAB20-56C4-414B-9F93-02597B28E87B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{759CC455-68DC-4139-AF98-9BBCBE5E56D8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A2CF9D94-3728-4FFA-8836-2DDD227A8393}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D7AFBF63-3257-46E6-8511-78E18585CD6B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2CE5B3F2-F82C-435C-B8E5-519E89DA0FEA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-08-2017 21:01:53 Scheduled Checkpoint
20-08-2017 07:18:23 Installed TurboTax 2016 wrapper
26-08-2017 09:08:33 JRT Pre-Junkware Removal
02-09-2017 13:13:04 Scheduled Checkpoint
04-09-2017 10:03:16 Installed SpyHunter
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2017 09:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x4b4
Faulting application start time: 0x01d3264ce937861e
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: c21b7e5c-6dc8-4881-b722-779d3959dbed
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/05/2017 07:34:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0xdcc
Faulting application start time: 0x01d3263aea0bb6ee
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: ec99a8f9-c3c5-494b-a50d-9551cab23164
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/05/2017 07:22:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x15f0
Faulting application start time: 0x01d32639298237cc
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: fc33c47b-0684-4bb1-9855-412a72662afd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/05/2017 03:50:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1728
Faulting application start time: 0x01d3261b8cf211c8
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: 99597d0a-06f8-40b0-bf67-3120a047fcc5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/05/2017 03:13:04 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
 
Error: (09/05/2017 02:12:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1058
Faulting application start time: 0x01d3260ddebc087d
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: 76ae32c9-3f5e-488f-b88d-20d0e3b596ab
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/05/2017 01:22:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1d0c
Faulting application start time: 0x01d32606ec367adb
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: d135420a-560c-4d47-a7e6-8bf0051a9e7e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/04/2017 09:32:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wudutkh.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x162c
Faulting application start time: 0x01d325e6b82d85a5
Faulting application path: C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe
Faulting module path: C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll
Report Id: dde89fb5-4268-4347-b61b-ca705fc10ad7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/04/2017 05:22:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 17998. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (09/04/2017 05:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: CortanaApi.dll, version: 10.0.15063.250, time stamp: 0x58f6ff85
Exception code: 0xc0000005
Fault offset: 0x00000000002aa230
Faulting process id: 0x568
Faulting application start time: 0x01d325c354e4a2fe
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Report Id: 01f9f733-9478-4cb5-a8ff-6fe39205472e
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (09/05/2017 08:27:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/05/2017 08:26:49 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2017 08:26:25 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:26:25 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:26:22 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:26:22 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:26:22 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2017 08:25:20 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:25:20 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/05/2017 08:25:20 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UCKJ985)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-09-04 17:42:54.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:54.126
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:54.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:51.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:51.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:51.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:42:48.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:37:23.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:37:23.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 17:37:23.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 9%
Total physical RAM: 16271.94 MB
Available physical RAM: 14679.97 MB
Total Virtual: 18703.94 MB
Available Virtual: 17197.38 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1843.9 GB) (Free:1676.33 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:4657.52 GB) (Free:4022.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 215F3AFB)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1843.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=27)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 05 September 2017 - 08:18 PM

Hi wjmccrthy :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Are you able to provide me the MBAR log? It should be in the MBAR folder, and it's a file called "mbar-log-DATE-(TIME).txt".

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 05 September 2017 - 08:44 PM

Thanks for the quick reply.

 

Here are the last two logs, both before and after deletion.

 

Here is the one before deletion:

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
wjmcc :: DESKTOP-UCKJ985 [administrator]
 
9/4/2017 12:00:12 PM
mbar-log-2017-09-04 (12-00-12).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 376774
Time elapsed: 16 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 860
c:\users\public\winsupport.vbs (Trojan.Banker.E) -> Delete on reboot. [dc6197a63349cd6903ca93a2a162c33d]
c:\users\wjmcc\winsupport.vbs (Trojan.Banker.E) -> Delete on reboot. [f24b59e4c7b5c76fc508e74e9d66db25]
c:\windows\serviceprofiles\localservice\winsupport.vbs (Trojan.Banker.E) -> Delete on reboot. [59e47ac35d1f2c0a6766d461e71cef11]
c:\windows\serviceprofiles\networkservice\winsupport.vbs (Trojan.Banker.E) -> Delete on reboot. [221bab92d8a4a690f1dcd560d82b55ab]
c:\windows\system32\config\systemprofile\winsupport.vbs (Trojan.Banker.E) -> Delete on reboot. [0736a4997606de5829a4c96c21e27987]
c:\programdata\microsoft\windows\qjc0rmg.vbs (Trojan.Banker.RPA) -> Delete on reboot. [85b8ea537c0038fe3806cc6a6c9738c8]
c:\users\wjmcc\appdata\roaming\microsoft\windows\qjc0rmg.vbs (Trojan.Banker.RPA) -> Delete on reboot. [fb42c875fe7e41f576c840f6798a5ea2]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\qjc0rmg.vbs (Trojan.Banker.RPA) -> Delete on reboot. [eb52e954463652e4d36b55e111f2da26]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\qjc0rmg.vbs (Trojan.Banker.RPA) -> Delete on reboot. [3d0088b5c9b3a5911d2116204eb5eb15]
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\qjc0rmg.vbs (Trojan.Banker.RPA) -> Delete on reboot. [d16c46f7f686063084bafe38bf44fd03]
c:\programdata\qspccgt.vbs (Backdoor.Agent.E) -> Delete on reboot. [43faad903a42b77f84f2c67006fd37c9]
c:\users\wjmcc\appdata\roaming\qspccgt.vbs (Backdoor.Agent.E) -> Delete on reboot. [b6877cc18cf089ad03730c2a22e121df]
c:\windows\serviceprofiles\localservice\appdata\roaming\qspccgt.vbs (Backdoor.Agent.E) -> Delete on reboot. [46f7db62e99384b2e19583b352b1a957]
c:\windows\serviceprofiles\networkservice\appdata\roaming\qspccgt.vbs (Backdoor.Agent.E) -> Delete on reboot. [3d00ff3ed9a3a39384f20d2949baf10f]
c:\windows\system32\config\systemprofile\appdata\roaming\qspccgt.vbs (Backdoor.Agent.E) -> Delete on reboot. [8cb1e35a5428c1751a5c64d255ae35cb]
c:\programdata\microsoft\windows\start menu\programs\startup\installationfolder.vbs (Backdoor.Agent.E) -> Delete on reboot. [39046dd0bdbfbb7b9cce2b0ca85bb749]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\installationfolder.vbs (Backdoor.Agent.E) -> Delete on reboot. [1429b08d403cd75fee7c71c65ca71ce4]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\installationfolder.vbs (Backdoor.Agent.E) -> Delete on reboot. [bd80c07d364691a5ed7da790c43f8779]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\installationfolder.vbs (Backdoor.Agent.E) -> Delete on reboot. [330a46f7483496a0cc9e3cfbbb487a86]
c:\programdata\microsoft\windows\start menu\programs\startup\create pain.vbs (Trojan.Agent) -> Delete on reboot. [40fd76c75d1f32047f3b043310f30cf4]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\create pain.vbs (Trojan.Agent) -> Delete on reboot. [f746ef4e1d5f0432ac0e68cf18eb5da3]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\create pain.vbs (Trojan.Agent) -> Delete on reboot. [ed501f1efa8249ed5f5b5fd833d024dc]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\create pain.vbs (Trojan.Agent) -> Delete on reboot. [ae8f91ac6f0d62d4b802fc3b00030bf5]
c:\programdata\microsoft\windows\start menu\programs\startup\aggs.vbs (Trojan.Agent.E) -> Delete on reboot. [f04d1e1f2a52bb7b881b3dfc51b2ff01]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\aggs.vbs (Trojan.Agent.E) -> Delete on reboot. [1d20b08db2ca43f3485b9c9d3ec5ad53]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\aggs.vbs (Trojan.Agent.E) -> Delete on reboot. [e954f34a4d2f3600e7bcb881db280ff1]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\aggs.vbs (Trojan.Agent.E) -> Delete on reboot. [3d0078c57efeef47059e1e1bd62d9c64]
c:\programdata\microsoft\windows\start menu\programs\startup\gfsh.vbs (Malware.Trace) -> Delete on reboot. [e8552f0e1a620a2cf596cb6f90730ef2]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\gfsh.vbs (Malware.Trace) -> Delete on reboot. [93aa4af3522a2d09ff8c6fcb6d96ca36]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\gfsh.vbs (Malware.Trace) -> Delete on reboot. [fc410a33afcdf640d2b9eb4f778c02fe]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\gfsh.vbs (Malware.Trace) -> Delete on reboot. [2914e4596616bd79781391a98d762ad6]
c:\users\wjmcc\appdata\local\temp\likemefast.vbs (Trojan.Agent.XN) -> Delete on reboot. [c677310ca0dcdf570aceb08a34cf926e]
c:\windows\serviceprofiles\localservice\appdata\local\temp\likemefast.vbs (Trojan.Agent.XN) -> Delete on reboot. [38052419eb91181e7c5cce6c54af22de]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\likemefast.vbs (Trojan.Agent.XN) -> Delete on reboot. [af8e19242458d36308d06dcd08fbb24e]
c:\windows\temp\likemefast.vbs (Trojan.Agent.XN) -> Delete on reboot. [c17cc4790676fb3bc018a199976c19e7]
c:\programdata\certificate.vbs (Trojan.Agent.E) -> Delete on reboot. [91ac71cc2d4fe94d46207cbf53b0b848]
c:\users\wjmcc\appdata\roaming\certificate.vbs (Trojan.Agent.E) -> Delete on reboot. [69d476c7334943f3b3b3360542c12ad6]
c:\windows\serviceprofiles\localservice\appdata\roaming\certificate.vbs (Trojan.Agent.E) -> Delete on reboot. [c17cc8751666989e9fc74eedd82b867a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\certificate.vbs (Trojan.Agent.E) -> Delete on reboot. [e05d59e4304c082e0363d46756ad7789]
c:\windows\system32\config\systemprofile\appdata\roaming\certificate.vbs (Trojan.Agent.E) -> Delete on reboot. [3d00ff3e384443f3c3a333085da6fd03]
c:\programdata\microsoft\windows\start menu\programs\startup\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b7868bb2e19bbf77dea850eee1227e82]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e05d1c21de9ed561e4a20e30b3507090]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [85b8a19ce6964beb3254122c9172ea16]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c4790d30df9daf87b5d10f2f56adc040]
c:\users\wjmcc\appdata\local\temp\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0934f34a522a2e08a5e2a19d57ac1de3]
c:\windows\serviceprofiles\localservice\appdata\local\temp\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [cf6e0f2ea8d483b31a6d76c83ec5af51]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0d3095a87b017abc04839f9f26ddd52b]
c:\windows\temp\tempsystem.vbs (Trojan.Agent.VBS) -> Delete on reboot. [82bb40fdbcc0eb4bd2b5033ba65de11f]
c:\programdata\microsoft\windows\start menu\programs\startup\byyd.vbs (Malware.Trace) -> Delete on reboot. [89b4ad90ef8da3935a53a19fe22111ef]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\byyd.vbs (Malware.Trace) -> Delete on reboot. [330a370681fb46f05b52cd73c142e818]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\byyd.vbs (Malware.Trace) -> Delete on reboot. [3effd9646e0ed95d604dfa46669da65a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\byyd.vbs (Malware.Trace) -> Delete on reboot. [231a0c31e993bf776d403b050102619f]
c:\programdata\microsoft\windows\start menu\programs\startup\aged.vbs (Malware.Trace) -> Delete on reboot. [f944fc41e89454e21b964000000353ad]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\aged.vbs (Malware.Trace) -> Delete on reboot. [87b657e669131224d5dcef51d92ae41c]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\aged.vbs (Malware.Trace) -> Delete on reboot. [19245fdeaece3df998190b3505fe7987]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\aged.vbs (Malware.Trace) -> Delete on reboot. [1f1ec5782b51a591c9e86fd1b1521de3]
c:\programdata\microsoft\windows\start menu\programs\startup\winlogom.vbs (Trojan.Tibia.E) -> Delete on reboot. [79c4a4994933ae881aa191b0a0635aa6]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\winlogom.vbs (Trojan.Tibia.E) -> Delete on reboot. [132a82bb2854d85e7645f150ac5719e7]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winlogom.vbs (Trojan.Tibia.E) -> Delete on reboot. [6fcefd40413be25409b2c77a0cf7ca36]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winlogom.vbs (Trojan.Tibia.E) -> Delete on reboot. [66d7cf6ee795fd3962597dc4828155ab]
c:\users\wjmcc\appdata\local\temp\winlogom.vbs (Trojan.Agent) -> Delete on reboot. [75c849f4f08cfb3be9e4f74a42c142be]
c:\windows\serviceprofiles\localservice\appdata\local\temp\winlogom.vbs (Trojan.Agent) -> Delete on reboot. [ac91e85590ecb680f5d8f74a877cf60a]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\winlogom.vbs (Trojan.Agent) -> Delete on reboot. [ef4ecd704636b77fab22a1a052b1c040]
c:\windows\temp\winlogom.vbs (Trojan.Agent) -> Delete on reboot. [cc714df02b511d196667261b9c6731cf]
c:\programdata\microsoft\windows\start menu\programs\startup\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [37068cb1cdaf3afc5d0f063c0102b34d]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [340967d6e09cc6706903c77b24df659b]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [310cfe3f78043afcadbff44e15ee3dc3]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a09d3a0380fc171ff27abd8529da6c94]
c:\programdata\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [1a23a598f48846f0531a1230fd066a96]
c:\users\wjmcc\appdata\roaming\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [57e6a09db2ca3ef899d4a89aea193bc5]
c:\windows\serviceprofiles\localservice\appdata\roaming\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [73ca1528f08c7fb7b7b696ac49ba40c0]
c:\windows\serviceprofiles\networkservice\appdata\roaming\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e855e35ab3c97cba501d1032bd4631cf]
c:\windows\system32\config\systemprofile\appdata\roaming\trojan.vbs (Trojan.Agent.VBS) -> Delete on reboot. [73cacc71a2da43f3c3aa62e06e95926e]
c:\users\wjmcc\appdata\local\sjemg.vbs (Malware.Trace.E) -> Delete on reboot. [8cb15fdecab2c37300dab290a1622ed2]
c:\windows\serviceprofiles\localservice\appdata\local\sjemg.vbs (Malware.Trace.E) -> Delete on reboot. [a39a99a47408a88e2eac6dd5f40f926e]
c:\windows\serviceprofiles\networkservice\appdata\local\sjemg.vbs (Malware.Trace.E) -> Delete on reboot. [2f0eaf8e225a3402e1f965dd679ce41c]
c:\windows\system32\config\systemprofile\appdata\local\sjemg.vbs (Malware.Trace.E) -> Delete on reboot. [c37a0a330b71fa3c6f6bb58d09fa867a]
c:\users\wjmcc\appdata\local\temp\programskaspersky.vbs (Trojan.Agent.E) -> Delete on reboot. [08351e1fa1db7fb7fdf4f250a063e61a]
c:\windows\serviceprofiles\localservice\appdata\local\temp\programskaspersky.vbs (Trojan.Agent.E) -> Delete on reboot. [d8650835552746f0fef377cb956eb848]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\programskaspersky.vbs (Trojan.Agent.E) -> Delete on reboot. [0d30003da8d4c670a54cfb473dc655ab]
c:\windows\temp\programskaspersky.vbs (Trojan.Agent.E) -> Delete on reboot. [1b22ec513b41d26405ec241e02013fc1]
c:\users\wjmcc\appdata\local\emxtm.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [58e5d4692359af873cc68eb59271c838]
c:\windows\serviceprofiles\localservice\appdata\local\emxtm.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [73cab78690ec54e233cfb68de41f9868]
c:\windows\serviceprofiles\networkservice\appdata\local\emxtm.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [95a8cb726c10f343649ec77cfe057789]
c:\windows\system32\config\systemprofile\appdata\local\emxtm.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [2419013caad21f17758d79ca4db6837d]
c:\users\wjmcc\appdata\local\temp\aw.vbs (Trojan.Downloader) -> Delete on reboot. [fc4159e4ee8e82b4f18ad76c7b887090]
c:\windows\serviceprofiles\localservice\appdata\local\temp\aw.vbs (Trojan.Downloader) -> Delete on reboot. [cb720538205c40f66e0db48f45bee61a]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\aw.vbs (Trojan.Downloader) -> Delete on reboot. [42fbe855b8c4ba7cfd7ed56ec93ab14f]
c:\windows\temp\aw.vbs (Trojan.Downloader) -> Delete on reboot. [bc81d7667804999d1a61ee55e320ce32]
c:\programdata\69safe.vbs (Malware.Traces) -> Delete on reboot. [b8858db05d1fe254072c77cd92711ce4]
c:\users\wjmcc\appdata\roaming\69safe.vbs (Malware.Traces) -> Delete on reboot. [4fee013c69136dc980b321233cc7d32d]
c:\windows\serviceprofiles\localservice\appdata\roaming\69safe.vbs (Malware.Traces) -> Delete on reboot. [2c113607e6966acc8ea57fc541c2748c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\69safe.vbs (Malware.Traces) -> Delete on reboot. [98a54cf1e99347ef8fa47dc743c00df3]
c:\windows\system32\config\systemprofile\appdata\roaming\69safe.vbs (Malware.Traces) -> Delete on reboot. [69d447f62b51a5914fe468dcab58a759]
c:\programdata\microsoft\windows\start menu\programs\startup\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [fd40a4991765be786a6256efb44f55ab]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3ffe1e1f84f8989e5d6f61e4ea19d030]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [40fd56e77705999dcdff9baa26dd0ff1]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [77c6132afc80bd79eddf76cfe51e768a]
c:\programdata\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [53ea85b80a72979f3f8e12339b6854ac]
c:\users\wjmcc\appdata\roaming\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ed50ee4f7309a78fa22bad98bc47cb35]
c:\windows\serviceprofiles\localservice\appdata\roaming\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a796ef4e0577fa3cc904da6b0ff4857b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a994f04def8d072f99343a0bcb382cd4]
c:\windows\system32\config\systemprofile\appdata\roaming\facespy.vbs (Trojan.Agent.VBS) -> Delete on reboot. [d7666bd23547df5735983c0944bf9b65]
c:\programdata\winntservice.vbs (Trojan.Downloader) -> Delete on reboot. [b489d766bac2b97d2db52520778c1ce4]
c:\users\wjmcc\appdata\roaming\winntservice.vbs (Trojan.Downloader) -> Delete on reboot. [f944231a324aa6902db5360f1ee59d63]
c:\windows\serviceprofiles\localservice\appdata\roaming\winntservice.vbs (Trojan.Downloader) -> Delete on reboot. [4df064d99edea98d5290a1a4fd067d83]
c:\windows\serviceprofiles\networkservice\appdata\roaming\winntservice.vbs (Trojan.Downloader) -> Delete on reboot. [3c014cf16c1055e1b82abf8649baab55]
c:\windows\system32\config\systemprofile\appdata\roaming\winntservice.vbs (Trojan.Downloader) -> Delete on reboot. [a29b3eff4933bb7b30b24005e61da35d]
c:\programdata\microsoft\windows\start menu\programs\startup\example startup name.vbs (Trojan.Agent) -> Delete on reboot. [2f0ec875e498b086e9cc6cdaae5530d0]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\example startup name.vbs (Trojan.Agent) -> Delete on reboot. [6ad307368fed30060fa64df960a320e0]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\example startup name.vbs (Trojan.Agent) -> Delete on reboot. [ca73df5e394365d13a7bf74f729124dc]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\example startup name.vbs (Trojan.Agent) -> Delete on reboot. [1528cd70314baa8c575ec77f3ec528d8]
c:\programdata\microsoft\windows\start menu\programs\startup\dowlond.vbs (Trojan.Agent.VBS) -> Delete on reboot. [2b1291acf488270f6f510b3c27dc966a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\dowlond.vbs (Trojan.Agent.VBS) -> Delete on reboot. [41fce6572c5036004977b592b350dd23]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\dowlond.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b984f449ccb089ad457b074047bcd12f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\dowlond.vbs (Trojan.Agent.VBS) -> Delete on reboot. [003df944ceae2412b70982c5ba491ae6]
c:\users\wjmcc\appdata\local\temp\invs.vbs (Trojan.Agent) -> Delete on reboot. [3508b786afcdf73f071d8fbb48bba55b]
c:\windows\serviceprofiles\localservice\appdata\local\temp\invs.vbs (Trojan.Agent) -> Delete on reboot. [7cc10e2f6f0df44204204efcfb08b64a]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\invs.vbs (Trojan.Agent) -> Delete on reboot. [50ed192498e461d5d54fd47647bc4fb1]
c:\windows\temp\invs.vbs (Trojan.Agent) -> Delete on reboot. [162782bb0577f14583a1cd7d48bbc937]
c:\programdata\dev.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b786d5684e2e79bd24399cae679c2bd5]
c:\users\wjmcc\appdata\roaming\dev.vbs (Trojan.Agent.VBS) -> Delete on reboot. [63dac17cc7b559dd62fb4109d330af51]
c:\windows\serviceprofiles\localservice\appdata\roaming\dev.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e954c7760973c67054092723649f946c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\dev.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f34a2a1395e751e50b522b1f669d7f81]
c:\windows\system32\config\systemprofile\appdata\roaming\dev.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e35af14cff7d7eb895c8e961d62db34d]
c:\programdata\microsoft\windows\start menu\programs\startup\hum.vbs_emad.vbe (Worm.AutoRun.E) -> Delete on reboot. [43fac17c4c3057df9ac5df6ba95a7b85]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\hum.vbs_emad.vbe (Worm.AutoRun.E) -> Delete on reboot. [7ac3a499f18be74f75ea3b0fd52e728e]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hum.vbs_emad.vbe (Worm.AutoRun.E) -> Delete on reboot. [08353805a2da26104a15c8828a79d12f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hum.vbs_emad.vbe (Worm.AutoRun.E) -> Delete on reboot. [68d5e657e09c989e025d7cce6c9707f9]
c:\programdata\protector.vbs (Malware.Trace.E) -> Delete on reboot. [8db0de5f64181c1ac8441f2c0ff4da26]
c:\users\wjmcc\appdata\roaming\protector.vbs (Malware.Trace.E) -> Delete on reboot. [83bafc41a6d6a39338d42328fc0711ef]
c:\windows\serviceprofiles\localservice\appdata\roaming\protector.vbs (Malware.Trace.E) -> Delete on reboot. [2c112f0e0c7073c3878522295ea5ca36]
c:\windows\serviceprofiles\networkservice\appdata\roaming\protector.vbs (Malware.Trace.E) -> Delete on reboot. [67d6330abdbfab8bd23a1c2f7b8816ea]
c:\windows\system32\config\systemprofile\appdata\roaming\protector.vbs (Malware.Trace.E) -> Delete on reboot. [d06d87b62755b38366a69dae778cae52]
c:\programdata\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [b489cf6ef18b1a1cbd51aaa160a3f010]
c:\users\wjmcc\appdata\roaming\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [bb8265d80d6fb185bb538dbe06fd8c74]
c:\windows\serviceprofiles\localservice\appdata\roaming\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [ed5091ac5f1d65d18b8354f7f01315eb]
c:\windows\serviceprofiles\networkservice\appdata\roaming\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [172679c4611b80b6b559f655d231c040]
c:\windows\system32\config\systemprofile\appdata\roaming\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [aa9304398bf15ed89579202b649f758b]
c:\users\public\documents\protector.vbs (Malware.Trace.E) -> Delete on reboot. [6ecf0f2e215b2d09ff109dae20e3e21e]
c:\users\wjmcc\documents\protector.vbs (Malware.Trace.E) -> Delete on reboot. [142997a6f18b43f359b6da71867d649c]
c:\windows\serviceprofiles\localservice\documents\protector.vbs (Malware.Trace.E) -> Delete on reboot. [90ad5fde18643df987885eed4ab95da3]
c:\windows\serviceprofiles\networkservice\documents\protector.vbs (Malware.Trace.E) -> Delete on reboot. [fe3f013c601ce74fe827ca8126dd7b85]
c:\users\public\documents\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [d7665edf43399f97040caf9c56ad748c]
c:\users\wjmcc\documents\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [39040b32c0bc2f0729e7c48760a3f709]
c:\windows\serviceprofiles\localservice\documents\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [fa432c11fb810e289977b596d62dac54]
c:\windows\serviceprofiles\networkservice\documents\keeper.vbs (Malware.Trace.E) -> Delete on reboot. [0f2e0f2e6c10f6408c84b49704ffa15f]
c:\programdata\microsoft\windows\start menu\programs\startup\silentstart.vbs.lnk (Trojan.Agent.VBS) -> Delete on reboot. [5edfb4893943a78fbbef71db5da644bc]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\silentstart.vbs.lnk (Trojan.Agent.VBS) -> Delete on reboot. [3ffefd40b9c33df93674fe4e9e6526da]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\silentstart.vbs.lnk (Trojan.Agent.VBS) -> Delete on reboot. [d9649ba2522a92a4dad0212b16ed17e9]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\silentstart.vbs.lnk (Trojan.Agent.VBS) -> Delete on reboot. [cc718ab3a2da82b43a70aca0897a9967]
c:\users\wjmcc\appdata\local\temp\tmivvdcbb.vbs (Trojan.Downloader.E) -> Delete on reboot. [2815e35af587290d8e93143936cd6c94]
c:\windows\serviceprofiles\localservice\appdata\local\temp\tmivvdcbb.vbs (Trojan.Downloader.E) -> Delete on reboot. [102d2e0fafcd53e3d150a7a64ab9af51]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\tmivvdcbb.vbs (Trojan.Downloader.E) -> Delete on reboot. [aa939da055271a1c839e75d8f21147b9]
c:\windows\temp\tmivvdcbb.vbs (Trojan.Downloader.E) -> Delete on reboot. [5be29aa35527e1551b062a237b888878]
c:\programdata\microsoft\windows\start menu\programs\startup\microsoft devices.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e35ac27b6a123afcba562e20b84b11ef]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\microsoft devices.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ff3ed766b7c57cba8090d47a699a23dd]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\microsoft devices.vbs (Trojan.Agent.VBS) -> Delete on reboot. [51ec8fae78040d296fa1df6fcb38ac54]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\microsoft devices.vbs (Trojan.Agent.VBS) -> Delete on reboot. [88b55be2e29a58de957bf15d2fd459a7]
c:\microsoft devices.vbs (Trojan.Agent.VBS) -> Delete on reboot. [53ea2c11c4b8f93d080988c6e2216799]
c:\programdata\microsoft\windows\start menu\programs\startup\nnn2.vbs (Trojan.Agent.VBS) -> Delete on reboot. [fa436fceeb9100361180034d44bf6799]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\nnn2.vbs (Trojan.Agent.VBS) -> Delete on reboot. [6cd175c89fdd7db999f8a3ad4bb8ba46]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\nnn2.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a499d16c93e9a492b2df96ba3ac9df21]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\nnn2.vbs (Trojan.Agent.VBS) -> Delete on reboot. [91ac291495e7b680ace5d878fa0920e0]
c:\programdata\microsoft\windows\start menu\programs\startup\advanced driver update.vbs (Trojan.Agent) -> Delete on reboot. [ac91d865c6b6c76f6e29c18f699ae21e]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\advanced driver update.vbs (Trojan.Agent) -> Delete on reboot. [fa435ae359238bab8a0d222e29da53ad]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\advanced driver update.vbs (Trojan.Agent) -> Delete on reboot. [2c113eff790323137f18fc541ee5b050]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\advanced driver update.vbs (Trojan.Agent) -> Delete on reboot. [3ffe41fc3448cf67c2d50f41808316ea]
c:\programdata\microsoft\windows\start menu\programs\startup\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [86b761dcaad28ea8cef49cb4de25a15f]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [d964122bf18b87af7f437bd5a16213ed]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c6778ab3265640f6c20084cc2cd723dd]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f6476ad3c3b9092d675bc18f3dc647b9]
c:\programdata\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0d302c1166163afc6d56a4ac40c306fa]
c:\users\wjmcc\appdata\roaming\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7ac3b489542851e5bf04ff51a75ce020]
c:\windows\serviceprofiles\localservice\appdata\roaming\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a69737064e2e1422cdf65bf50300f50b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [56e79f9e275538fe2d96dc74e51eaf51]
c:\windows\system32\config\systemprofile\appdata\roaming\crack-full.vbs (Trojan.Agent.VBS) -> Delete on reboot. [9f9ee05da7d52610e7dc62eeb54e44bc]
c:\programdata\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [132a112c92eaa393c379c58e46bdb848]
c:\users\wjmcc\appdata\roaming\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7ebfca734e2e76c02d0f57fcbf44847c]
c:\windows\serviceprofiles\localservice\appdata\roaming\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f74691ac6a1274c2f44811421de6758b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3a03f7463a420f27b389e172ec17738d]
c:\windows\system32\config\systemprofile\appdata\roaming\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [bf7e0e2f9fdd01352913c58e9e65847c]
c:\programdata\microsoft\windows\start menu\programs\startup\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3a032d10ff7d37ff093480d3a1629f61]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ac91360781fbaf87f54880d3778c56aa]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3ffe3706d1abc07679c4272c9f6431cf]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\regwiz.vbs (Trojan.Agent.VBS) -> Delete on reboot. [39042617a9d3c472e5580152020148b8]
c:\programdata\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3c01132a90eca88e4a6fa0b3fd0641bf]
c:\users\wjmcc\appdata\roaming\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e95424197dff72c416a3c98a768d758b]
c:\windows\serviceprofiles\localservice\appdata\roaming\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [330ab08d7c00b77fbffa68eb689b6b95]
c:\windows\serviceprofiles\networkservice\appdata\roaming\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [fb4290ada8d483b3b504242f8b788080]
c:\windows\system32\config\systemprofile\appdata\roaming\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [9ba2da632e4e9e980caded667e85ee12]
c:\programdata\microsoft\windows\start menu\programs\startup\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [73cac578aece9f97a911cc87bc4708f8]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [16276ad3f18b0630f4c62a293fc46b95]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [69d4b885235940f69822a5ae7291e719]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ddddd.vbs (Trojan.Agent.VBS) -> Delete on reboot. [6cd11e1f2a5200363a80d281b94ae020]
c:\programdata\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [36079e9f82fa1620cba54e08d132946c]
c:\users\wjmcc\appdata\roaming\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [64d93ffe39431026066a7dd9699a40c0]
c:\windows\serviceprofiles\localservice\appdata\roaming\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f04d4eefb8c4082e432df6604eb5e21e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [64d9b18c750725110f61dc7a838031cf]
c:\windows\system32\config\systemprofile\appdata\roaming\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a29bed50f58752e4b1bf69ede41ff808]
c:\programdata\microsoft\windows\start menu\programs\startup\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [fc4177c6423aae88de9355011de61fe1]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [66d7e954ea92ac8a541dabab05fea45c]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [51ec07364a32261082ef0254fe05e020]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [64d9221bb8c46ec82e43d08625dea25e]
c:\users\wjmcc\appdata\local\temp\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7ac3a09d77055ed8046f57ff10f327d9]
c:\windows\serviceprofiles\localservice\appdata\local\temp\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b28bb6875329eb4b3241470ff70cbe42]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b38ab885dd9f78bed89b86d051b209f7]
c:\windows\temp\social-point_hack.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c67727169edee452ed8692c46c97eb15]
c:\programdata\rmhomkr.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [e25b102de597af87aafd9ebcb2518977]
c:\users\wjmcc\appdata\roaming\rmhomkr.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [54e96dd0ceae38fe04a3e97109fa49b7]
c:\windows\serviceprofiles\localservice\appdata\roaming\rmhomkr.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [330a7bc24d2f162010977ddddb281be5]
c:\windows\serviceprofiles\networkservice\appdata\roaming\rmhomkr.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [58e581bc7b011422c8df2f2b28dbac54]
c:\windows\system32\config\systemprofile\appdata\roaming\rmhomkr.vbs (Backdoor.Agent.DCE) -> Delete on reboot. [2419122b81fb2a0c4c5b2d2d1ce77d83]
c:\users\wjmcc\appdata\local\temp\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f9440538710b5cda63780f4c61a2639d]
c:\windows\serviceprofiles\localservice\appdata\local\temp\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [52eb6fcea4d8d75f9d3e1249ac5758a8]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a994ee4f7c00c86e5e7dc59605fee61a]
c:\windows\temp\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [211c52ebf08c83b39a417ae1cd368e72]
c:\programdata\microsoft\windows\start menu\programs\startup\lol.vbs (Trojan.Agent.VBS) -> Delete on reboot. [92ab4af3106c80b63dfd5309e51eec14]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\lol.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3508bb82c2bad75f3505fc6018ebcd33]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\lol.vbs (Trojan.Agent.VBS) -> Delete on reboot. [5ae3d667cbb1c0768eac500ccb38d12f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\lol.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ff3eda63017b989e54e6dd7fee1554ac]
c:\programdata\safe.vbs (Trojan.Agent.E) -> Delete on reboot. [7fbea29b0b71a0961fc22d30b3506898]
c:\users\wjmcc\appdata\roaming\safe.vbs (Trojan.Agent.E) -> Delete on reboot. [330a89b47a0275c1d70ac4999f641be5]
c:\windows\serviceprofiles\localservice\appdata\roaming\safe.vbs (Trojan.Agent.E) -> Delete on reboot. [db6282bb3a4281b59a470558a85bfa06]
c:\windows\serviceprofiles\networkservice\appdata\roaming\safe.vbs (Trojan.Agent.E) -> Delete on reboot. [9da08bb28def201612cf2439030059a7]
c:\windows\system32\config\systemprofile\appdata\roaming\safe.vbs (Trojan.Agent.E) -> Delete on reboot. [1f1e9e9fcbb106308061fc6161a2718f]
c:\programdata\invs.vbs (Malware.Trace.E) -> Delete on reboot. [68d543fac4b8e55168993d210003936d]
c:\users\wjmcc\appdata\roaming\invs.vbs (Malware.Trace.E) -> Delete on reboot. [58e5a5981d5f211528d9d28c4fb4ad53]
c:\windows\serviceprofiles\localservice\appdata\roaming\invs.vbs (Malware.Trace.E) -> Delete on reboot. [a09dc37a5f1d82b4f30efb63000337c9]
c:\windows\serviceprofiles\networkservice\appdata\roaming\invs.vbs (Malware.Trace.E) -> Delete on reboot. [0c312617b6c694a25fa2b7a744bfbf41]
c:\windows\system32\config\systemprofile\appdata\roaming\invs.vbs (Malware.Trace.E) -> Delete on reboot. [69d4211c097371c59869e37b41c227d9]
c:\programdata\microsoft\windows\start menu\programs\startup\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f8450736304c0630d144b7a858abcf31]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7dc039041666b08638dd243b956ecd33]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e55880bd2b513cfaea2bf669867dd52b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winupdat.vbs (Trojan.Agent.VBS) -> Delete on reboot. [013c78c5f58770c6da3bf06f30d338c8]
c:\programdata\aiaksfoiaksjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [003dda637a02b482e45e3829679cf709]
c:\users\wjmcc\appdata\roaming\aiaksfoiaksjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [46f763da6f0dd85ebb87fa67a3606b95]
c:\windows\serviceprofiles\localservice\appdata\roaming\aiaksfoiaksjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [98a5bb82a0dcf6409fa379e84bb8ea16]
c:\windows\serviceprofiles\networkservice\appdata\roaming\aiaksfoiaksjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [d766ec51f58745f11e24bda43fc46898]
c:\windows\system32\config\systemprofile\appdata\roaming\aiaksfoiaksjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [c07d0d302755d85e50f296cb4cb7768a]
c:\programdata\aiksfoiakjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [6fce45f87a02a88ef054164bb2517f81]
c:\users\wjmcc\appdata\roaming\aiksfoiakjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [1a2346f797e558deaf95471a020105fb]
c:\windows\serviceprofiles\localservice\appdata\roaming\aiksfoiakjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [4cf15ce1b0cc48ee91b32041ef14ad53]
c:\windows\serviceprofiles\networkservice\appdata\roaming\aiksfoiakjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [88b570cdee8e8ea8c87c5f0213f0ab55]
c:\windows\system32\config\systemprofile\appdata\roaming\aiksfoiakjsof.vbs (Trojan.Agent.MNR) -> Delete on reboot. [9da0ef4e6e0e84b2281c1c45ba4918e8]
c:\users\wjmcc\appdata\local\temp\asgeafvrgerg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [d36a0b328cf0b680d3738ad7b84bc13f]
c:\windows\serviceprofiles\localservice\appdata\local\temp\asgeafvrgerg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [eb525be26f0d73c3a4a27fe214efe41c]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\asgeafvrgerg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [e558f6474933ce6866e06af74eb515eb]
c:\windows\temp\asgeafvrgerg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [5be2b18ced8f290d54f23e23dc273dc3]
c:\users\wjmcc\appdata\local\temp\asgesafrgserg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [172649f448345ed85ee9223ff80bc23e]
c:\windows\serviceprofiles\localservice\appdata\local\temp\asgesafrgserg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [65d8bc810f6d71c5f651a7bac2419d63]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\asgesafrgserg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [4eef62db2c50e2545ee998c9ec17d42c]
c:\windows\temp\asgesafrgserg.vbs (Trojan.Agent.MNR) -> Delete on reboot. [6ad343fa18649f97db6cfa6759aadf21]
c:\programdata\microsoft\windows\start menu\programs\startup\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [67d690ad2c5079bd4a20de83e51e768a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [cc7168d5423ae551fe6c95cc030032ce]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c77669d4cfad45f15812e180e61d936d]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ae8f5ae37ffddd59dd8db8a9e61dc63a]
c:\users\public\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [4df09ba2493313235615016012f1847c]
c:\users\wjmcc\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [71ccfb42621ae353b9b267fad62d4db3]
c:\windows\serviceprofiles\localservice\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [e756e35ac2baa98d96d55a07ee15ff01]
c:\windows\serviceprofiles\networkservice\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [69d47ebf29536dc90962a9b825de0ff1]
c:\windows\system32\config\systemprofile\servieca.vbs (Trojan.Agent.VBS) -> Delete on reboot. [72cb4eef17658aac3437e0814eb5e818]
c:\programdata\microsoft\windows\start menu\programs\startup\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [47f645f884f8c76f6eaab0b4e61d35cb]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [52eb3c01f488360023f58ada4db636ca]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a697c677a6d606308197273d4cb7a957]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [1f1e7dc06a123ff776a2461e9073956b]
c:\users\wjmcc\appdata\local\temp\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0934d568e696f54167b23e26828144bc]
c:\windows\serviceprofiles\localservice\appdata\local\temp\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [60dd0c315923f343938633318f74639d]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [4fee1a237b01c86ed04994d0a0638d73]
c:\windows\temp\houdini victi.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3effef4e87f5b482e8313c28e320bd43]
c:\programdata\microsoft\windows\start menu\programs\startup\help windows.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [98a596a7a1db77bfb3ea36359271df21]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\help windows.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [e756fd40b2caf1454c51df8cb35029d7]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\help windows.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [3eff8ab34e2e49ed702dc8a3df24669a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\help windows.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [b588e85586f6d660495498d343c0916f]
c:\users\wjmcc\appdata\local\temp\mdwhuzmxv.vbs (Trojan.Agent) -> Delete on reboot. [b28b7dc0e39938fe8c58d09b4fb47090]
c:\windows\serviceprofiles\localservice\appdata\local\temp\mdwhuzmxv.vbs (Trojan.Agent) -> Delete on reboot. [a09d74c9413bfe38b034026908fbec14]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\mdwhuzmxv.vbs (Trojan.Agent) -> Delete on reboot. [ce6f59e4017b043208dcc4a7798af010]
c:\windows\temp\mdwhuzmxv.vbs (Trojan.Agent) -> Delete on reboot. [132a90ad89f3e94df6eef477996a34cc]
c:\programdata\microsoft\windows\start menu\programs\startup\windows update.vbs (Backdoor.Messa.E) -> Delete on reboot. [0835d36ad3a969cdf6e85d0f0bf804fc]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\windows update.vbs (Backdoor.Messa.E) -> Delete on reboot. [7cc1be7f4b3141f51dc10c6019ea3ac6]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows update.vbs (Backdoor.Messa.E) -> Delete on reboot. [102d3a03c8b4dd59a5394a220af9b44c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows update.vbs (Backdoor.Messa.E) -> Delete on reboot. [a697f746205cd95dd5099dcf6e95e11f]
c:\programdata\microsoft\windows\start menu\programs\startup\asgwegwegwegsc.vbs (Trojan.Agent.WS) -> Delete on reboot. [60dd2f0ef28a80b601e43438cf34bb45]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\asgwegwegwegsc.vbs (Trojan.Agent.WS) -> Delete on reboot. [88b546f796e69c9a687dce9e3ac937c9]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\asgwegwegwegsc.vbs (Trojan.Agent.WS) -> Delete on reboot. [54e970cd691364d2697c38349e65b749]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\asgwegwegwegsc.vbs (Trojan.Agent.WS) -> Delete on reboot. [a89569d486f6f145b2334428da29c13f]
c:\programdata\microsoft\windows\start menu\programs\startup\hidebat.vbs (Trojan.Agent) -> Delete on reboot. [52eba697b0cce056ca71a2cb9271926e]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\hidebat.vbs (Trojan.Agent) -> Delete on reboot. [63da77c6ceae7db9ab90acc1867dfc04]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hidebat.vbs (Trojan.Agent) -> Delete on reboot. [ff3efc4187f568ce0c2f234a788b52ae]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hidebat.vbs (Trojan.Agent) -> Delete on reboot. [a79677c6d8a41521fb40b0bdca396e92]
c:\programdata\microsoft\windows\start menu\programs\startup\usb.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [5de0da63fa82ff3767135d108380ca36]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\usb.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [8ab354e9d9a3e35355251e4f6b98916f]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\usb.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [9aa31a238cf0e94dbac07eef38cb659b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\usb.vbs (Backdoor.Agent.VBS) -> Delete on reboot. [dd60aa93cdafe6507604c3aa8e7503fd]
c:\programdata\microsoft\windows\start menu\programs\startup\system32.vbs (Backdoor.Agent.XN) -> Delete on reboot. [9f9ed5688eee53e3be21bdb1a45f12ee]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\system32.vbs (Backdoor.Agent.XN) -> Delete on reboot. [8cb19ba26319b5819c434b2346bd43bd]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\system32.vbs (Backdoor.Agent.XN) -> Delete on reboot. [d26b42fbbbc192a422bdd59928dbd52b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\system32.vbs (Backdoor.Agent.XN) -> Delete on reboot. [80bd2a132c5086b02ab56e00b0539070]
c:\programdata\microsoft\windows\start menu\programs\startup\sys.vbs (Backdoor.Agent.XN) -> Delete on reboot. [dd600b32d4a8fe3807103e31669d02fe]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\sys.vbs (Backdoor.Agent.XN) -> Delete on reboot. [8db0ff3e166665d1d44346297a8911ef]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\sys.vbs (Backdoor.Agent.XN) -> Delete on reboot. [5ae3b9844735fe38c156e28d838054ac]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\sys.vbs (Backdoor.Agent.XN) -> Delete on reboot. [5ce166d795e72d098a8d3c3328dbc838]
c:\programdata\microsoft\windows\start menu\programs\startup\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [0a33a29b6319a1951e3d8de241c213ed]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [1924b984aad20531de7d0d621ce742be]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [c6773b020a724beb7ae1432c877cb947]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [6dd050edfd7fca6c2b30e788b350629e]
c:\users\wjmcc\appdata\local\temp\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [98a5ec51a0dcfa3c7ede412e15ee30d0]
c:\windows\serviceprofiles\localservice\appdata\local\temp\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [53ea59e4d3a9b08672ea5c1361a29e62]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [9da0fa439fddaa8c66f6541bb44f847c]
c:\windows\temp\xcdc.vbs (Trojan.Agent) -> Delete on reboot. [87b6c67757251a1ce27ac5aa5fa4b749]
c:\programdata\microsoft\windows\start menu\programs\startup\edkaba.vbs (Backdoor.Agent.E) -> Delete on reboot. [aa9369d4601cf83e27b81c55d231738d]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\edkaba.vbs (Backdoor.Agent.E) -> Delete on reboot. [ef4e57e6b1cbce6835aa76fb758e9c64]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\edkaba.vbs (Backdoor.Agent.E) -> Delete on reboot. [cb72f34aa9d3eb4bf4ebcaa7cd36bb45]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\edkaba.vbs (Backdoor.Agent.E) -> Delete on reboot. [97a6d568d0ac1224fce36f0226dd7987]
c:\pass.vbs (Backdoor.Agent.VB) -> Delete on reboot. [85b8f944720a6ec82c27e48ecf34b050]
c:\users\wjmcc\appdata\local\temp\win-star.vbs (Malware.Trace) -> Delete on reboot. [07367dc0720a1620a8d7d39f07fcda26]
c:\windows\serviceprofiles\localservice\appdata\local\temp\win-star.vbs (Malware.Trace) -> Delete on reboot. [c27b59e4087447efa6d9c8aaf01312ee]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\win-star.vbs (Malware.Trace) -> Delete on reboot. [c8752a13d9a346f0433c61117c87867a]
c:\windows\temp\win-star.vbs (Malware.Trace) -> Delete on reboot. [ca73d766ee8ea98d0e7193dfce357f81]
c:\programdata\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [3508e954f4884cea7382254d2cd74fb1]
c:\users\wjmcc\appdata\roaming\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [fc41ce6f6d0f2d09d91cbdb540c3f907]
c:\windows\serviceprofiles\localservice\appdata\roaming\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [f24ba19cd8a43cfa61944b27e71cd62a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [59e41b22314ba492b63f254d699a3fc1]
c:\windows\system32\config\systemprofile\appdata\roaming\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [9da093aa146890a64baa30422cd721df]
c:\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [25189ca1ef8d0432688e531fd033619f]
c:\programdata\microsoft\windows\start menu\programs\startup\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [3b02a29b98e4bb7b6f88a8caab58b44c]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [9f9ef5489ddf2214b245d2a0857ed52b]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [7bc254e97dff4de9bd3a175b05fed22e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\cwcayacxne..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [14290538700c43f3b146a3cf52b145bb]
c:\programdata\microsoft\windows\start menu\programs\startup\diagx.exe.vbs (Backdoor.Agent.E) -> Delete on reboot. [de5f44f9df9dbb7bd870066dbe45ef11]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\diagx.exe.vbs (Backdoor.Agent.E) -> Delete on reboot. [e6572a139ce0d85ec3856c07a063f808]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\diagx.exe.vbs (Backdoor.Agent.E) -> Delete on reboot. [a39ae35aafcd989e49ffd49f689bfc04]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\diagx.exe.vbs (Backdoor.Agent.E) -> Delete on reboot. [80bd58e54834a4922226591a877c5aa6]
c:\windows\prvrk.vbs (Malware.Trace) -> Delete on reboot. [28156ecf265668cec4ad91e2b152d12f]
c:\programdata\microsoft\windows\start menu\programs\startup\internet security.vbs (Backdoor.Agent.Gen) -> Delete on reboot. [0b3256e7bbc171c5c9f69ad98b78966a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\internet security.vbs (Backdoor.Agent.Gen) -> Delete on reboot. [52eba19ced8f6cca04bbfd76669dbc44]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\internet security.vbs (Backdoor.Agent.Gen) -> Delete on reboot. [102d92ab0c7040f6af10096a4db602fe]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\internet security.vbs (Backdoor.Agent.Gen) -> Delete on reboot. [a69763da3f3d67cfa11ea9cac63dcf31]
c:\windows\system\hasm.vbs (Malware.Trace) -> Delete on reboot. [86b78db0483479bd6f88c5ae4bb8847c]
c:\programdata\microsoft\windows\start menu\programs\startup\hp_service.vbs (Trojan.Agent) -> Delete on reboot. [132a3a031d5fbc7a4e42cfa823e059a7]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\hp_service.vbs (Trojan.Agent) -> Delete on reboot. [92abfb4246364de96e22b6c140c3619f]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hp_service.vbs (Trojan.Agent) -> Delete on reboot. [2f0eec51374540f69bf5a4d33ec5f10f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hp_service.vbs (Trojan.Agent) -> Delete on reboot. [a598ca73dd9ffc3a7d135f18689bcf31]
c:\windows\system32\com\vsxm.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3409f5484b3161d52a4a60182ad9dc24]
c:\windows\syswow64\com\vsxm.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b5881d2093e9ec4a4232ceaaa45fe61a]
c:\windows\system32\dark rose.vbs (Backdoor.Agent) -> Delete on reboot. [7dc081bc7705c5717888de9ddb288779]
c:\windows\syswow64\dark rose.vbs (Backdoor.Agent) -> Delete on reboot. [e855c17cd8a4c86e7090a4d7a45f9868]
c:\windows\system32\com\csc.vbs (Trojan.Agent) -> Delete on reboot. [ae8fc37a0973112598bcbdcad72c51af]
c:\windows\syswow64\com\csc.vbs (Trojan.Agent) -> Delete on reboot. [ac91320b790391a58bc99fe840c38b75]
c:\users\wjmcc\appdata\local\temp\mando.vbs (Malware.Trace) -> Delete on reboot. [e05d3eff3547af87c6fbc0daf211c838]
c:\windows\serviceprofiles\localservice\appdata\local\temp\mando.vbs (Malware.Trace) -> Delete on reboot. [57e61726ee8ea88e0db43565ea19f40c]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\mando.vbs (Malware.Trace) -> Delete on reboot. [66d73b02394353e3b908455532d18d73]
c:\windows\temp\mando.vbs (Malware.Trace) -> Delete on reboot. [4bf2b7867dff8caae3de7d1dec1759a7]
c:\users\wjmcc\appdata\local\temp\kuba.vbs (Malware.Trace) -> Delete on reboot. [2a13c57834482f07a320ecae8e75ac54]
c:\windows\serviceprofiles\localservice\appdata\local\temp\kuba.vbs (Malware.Trace) -> Delete on reboot. [c37ab18cfa82b68010b305950af944bc]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\kuba.vbs (Malware.Trace) -> Delete on reboot. [1d20f9442557d462f0d3d5c55aa9e818]
c:\windows\temp\kuba.vbs (Malware.Trace) -> Delete on reboot. [d56895a81d5f56e0d9ea8317a85b37c9]
c:\users\wjmcc\appdata\local\temp\wlsid.vbs (Malware.Trace) -> Delete on reboot. [94a90637c8b495a103c46634a85bb14f]
c:\windows\serviceprofiles\localservice\appdata\local\temp\wlsid.vbs (Malware.Trace) -> Delete on reboot. [a796b786bfbd023436910496ba493ac6]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\wlsid.vbs (Malware.Trace) -> Delete on reboot. [4bf286b75e1e93a3705781193ec57e82]
c:\windows\temp\wlsid.vbs (Malware.Trace) -> Delete on reboot. [7bc2ed505824d1656067524850b3758b]
c:\users\wjmcc\appdata\local\temp\milk.vbs (Malware.Trace) -> Delete on reboot. [b28b57e69be13402cff90d8d679ce818]
c:\windows\serviceprofiles\localservice\appdata\local\temp\milk.vbs (Malware.Trace) -> Delete on reboot. [f84557e69ddfb38302c64d4d8a792dd3]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\milk.vbs (Malware.Trace) -> Delete on reboot. [a39a83bab1cbfb3be6e2f6a4f50edf21]
c:\windows\temp\milk.vbs (Malware.Trace) -> Delete on reboot. [f647d26b403c8caa5d6b2a705aa9fd03]
c:\users\wjmcc\appdata\local\temp\muldu.vbs (Malware.Trace) -> Delete on reboot. [2f0e62dbf38971c52c10653625dee818]
c:\windows\serviceprofiles\localservice\appdata\local\temp\muldu.vbs (Malware.Trace) -> Delete on reboot. [a6971a23fc80da5c7ebe435838cb7a86]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\muldu.vbs (Malware.Trace) -> Delete on reboot. [95a82b1244381c1af5472972c53ead53]
c:\windows\temp\muldu.vbs (Malware.Trace) -> Delete on reboot. [5ce181bc413b1f1779c322796a992fd1]
c:\users\wjmcc\appdata\local\temp\lhck.vbs (Malware.Trace) -> Delete on reboot. [49f40f2ecbb1ea4c57f45f3ce02306fa]
c:\windows\serviceprofiles\localservice\appdata\local\temp\lhck.vbs (Malware.Trace) -> Delete on reboot. [ab9246f74e2e3bfb2f1cfd9e52b10df3]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\lhck.vbs (Malware.Trace) -> Delete on reboot. [ac9186b7403ca1954a0112899b6808f8]
c:\windows\temp\lhck.vbs (Malware.Trace) -> Delete on reboot. [6dd055e8fc80181e103bd8c37a89f808]
c:\windows\install_flash-player_build2x1.vbs (Trojan.Downloader) -> Delete on reboot. [16278cb10d6f26109e900e8f3cc76898]
c:\programdata\microsoft\windows\start menu\programs\startup\ahiiqz.vbs (Trojan.Agent) -> Delete on reboot. [46f746f74834d363e6d67e1ff60dae52]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\ahiiqz.vbs (Trojan.Agent) -> Delete on reboot. [0a331a230b719b9b9824613c15ee11ef]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ahiiqz.vbs (Trojan.Agent) -> Delete on reboot. [102d41fca1dbcf674379a3fab84b48b8]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ahiiqz.vbs (Trojan.Agent) -> Delete on reboot. [ae8f39041963d85e5567029bc43f39c7]
c:\programdata\microsoft\windows\start menu\programs\startup\hxssyn.vbs (Trojan.Agent) -> Delete on reboot. [8bb26ecf5428de5806b7009d5ba8966a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\hxssyn.vbs (Trojan.Agent) -> Delete on reboot. [102dc7762b513ef8d0eda0fdfa09c838]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hxssyn.vbs (Trojan.Agent) -> Delete on reboot. [ea538eaf6c1074c22598d0cde61d4fb1]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\hxssyn.vbs (Trojan.Agent) -> Delete on reboot. [26170d300a72b5815c61623bd231f010]
c:\programdata\microsoft\windows\start menu\programs\startup\flpprv.vbs (Trojan.Agent) -> Delete on reboot. [9e9ffa43bbc10135477757468f7444bc]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\flpprv.vbs (Trojan.Agent) -> Delete on reboot. [a29b201dbac20d29ac12217c0df6bc44]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\flpprv.vbs (Trojan.Agent) -> Delete on reboot. [231ac479304c2214605eb4e9946f49b7]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\flpprv.vbs (Trojan.Agent) -> Delete on reboot. [53ea98a589f3c274c0fea0fdf211857b]
c:\windows\system\sys.vbs (Worm.AutoRun) -> Delete on reboot. [80bdb08d9fddc175c2e107971be8d729]
c:\windows\mhnkzu.vbs (Malware.Trace) -> Delete on reboot. [43fa2b127804ba7c7df1eab59a694bb5]
c:\programdata\swemail.vbs (Backdoor.IRCBot) -> Delete on reboot. [65d8c5786e0ebb7bd632e8be2cd7e31d]
c:\users\wjmcc\appdata\roaming\swemail.vbs (Backdoor.IRCBot) -> Delete on reboot. [c27b52eb1a627eb8f0187135f0138e72]
c:\windows\serviceprofiles\localservice\appdata\roaming\swemail.vbs (Backdoor.IRCBot) -> Delete on reboot. [9da072cb502c04322cdc9214c24153ad]
c:\windows\serviceprofiles\networkservice\appdata\roaming\swemail.vbs (Backdoor.IRCBot) -> Delete on reboot. [6cd185b81864b97da95f951142c150b0]
c:\windows\system32\config\systemprofile\appdata\roaming\swemail.vbs (Backdoor.IRCBot) -> Delete on reboot. [80bda39a7dffab8b0206297db0537c84]
c:\users\wjmcc\favorites\favrites.vbs (Malware.Trace) -> Delete on reboot. [74c98fae1864c07678c217949a69a15f]
c:\windows\serviceprofiles\localservice\favorites\favrites.vbs (Malware.Trace) -> Delete on reboot. [300d7dc0e99304326bcf7b30e81be818]
c:\windows\serviceprofiles\networkservice\favorites\favrites.vbs (Malware.Trace) -> Delete on reboot. [c37ade5f9ce0a2946ad003a805fe0af6]
c:\program files\internet explorer\new7mail.vbs (Spyware.OnlineGames) -> Delete on reboot. [49f4102d86f651e592f68a23f11228d8]
c:\program files (x86)\internet explorer\new7mail.vbs (Spyware.OnlineGames) -> Delete on reboot. [aa933d00f98374c210789617d82b718f]
c:\program files\internet explorer\newmail.vbs (Spyware.OnlineGames) -> Delete on reboot. [9f9e9e9f700c270f5336703ddf2425db]
c:\program files (x86)\internet explorer\newmail.vbs (Spyware.OnlineGames) -> Delete on reboot. [ce6ff34a7ffde6508bfe3677f3101fe1]
c:\program files\internet explorer\overmail.vbs (Spyware.OnlineGames) -> Delete on reboot. [89b44cf1b9c3b1852e62d3da0102827e]
c:\program files (x86)\internet explorer\overmail.vbs (Spyware.OnlineGames) -> Delete on reboot. [201df449df9dd561f29e456813f0ab55]
c:\program files\windows nt\360se.vbs (Malware.Trace) -> Delete on reboot. [e95483ba394377bf3ea8bcf38d7605fb]
c:\program files (x86)\windows nt\360se.vbs (Malware.Trace) -> Delete on reboot. [b38a3c01daa2cb6b25c1c5ea62a10bf5]
c:\program files\windows nt\36ose.vbs (Malware.Trace) -> Delete on reboot. [95a8330ac4b8cd6955920ea1828106fa]
c:\program files (x86)\windows nt\36ose.vbs (Malware.Trace) -> Delete on reboot. [0e2f3c0185f7d2649e492d82d0338080]
c:\program files\winzip\fav.vbs (Malware.Trace) -> Delete on reboot. [a29b4cf1512b1d19015f6a4609fa8a76]
c:\program files\winzip\mypc.vbs (Malware.Trace) -> Delete on reboot. [99a44bf23c40c6704325c6ea13f001ff]
c:\autorun.vbs (Trojan.Agent) -> Delete on reboot. [90adaf8e423a4fe75606d9dabc47b749]
c:\lz32.dll.vbs (Worm.VBS) -> Delete on reboot. [013c2518a3d939fdc5672c8a13f0c63a]
c:\microsofts.vbs (Malware.Trace) -> Delete on reboot. [ee4f1d204c30e551263711a5be45758b]
c:\ms32dll.dll.vbs (VBS.GodZilla) -> Delete on reboot. [320b5de0c0bc69cd6118b9fdf211cf31]
c:\nar.vbs (Worm.AutoRun) -> Delete on reboot. [c875c37ad1ab95a10d899b1b2dd67c84]
c:\pagefile.sys.vbs (Trojan.Agent) -> Delete on reboot. [f449af8e80fc5cda02ee645259aaae52]
c:\read me.txt.vbs (Worm.AutoRun) -> Delete on reboot. [72cbda639be1f640232d477031d2fb05]
c:\tj.vbs (Malware.Trace) -> Delete on reboot. [c578221bea9220169a97febacf34fb05]
c:\xxicecubexx.dll.vbs (Worm.AutoRun) -> Delete on reboot. [003d043935473ff7847f41785aa9837d]
c:\programdata\microsoft\windows\start menu\programs\startup\googl.vbs (Trojan.Agent) -> Delete on reboot. [bd800a33790314228ed47a40956ef60a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\googl.vbs (Trojan.Agent) -> Delete on reboot. [52eb9ca1cfadb87ec0a2ecce28db6f91]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\googl.vbs (Trojan.Agent) -> Delete on reboot. [52eb94a9b6c684b2a1c15e5c9172d828]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\googl.vbs (Trojan.Agent) -> Delete on reboot. [76c714295e1e0f2764feb10926dd847c]
c:\programdata\microsoft\windows\start menu\programs\startup\iexp10re.vbs (Trojan.Agent) -> Delete on reboot. [09346ecf7309f93d59151b9fc63d03fd]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\iexp10re.vbs (Trojan.Agent) -> Delete on reboot. [1d20f7462359e35371fd45753fc47e82]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\iexp10re.vbs (Trojan.Agent) -> Delete on reboot. [e7561f1eaece6bcbfc72d1e9bf44738d]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\iexp10re.vbs (Trojan.Agent) -> Delete on reboot. [9aa33a03bebe2f0767079426659e57a9]
c:\programdata\microsoft\windows\start menu\programs\startup\qq.vbs (Trojan.Agent) -> Delete on reboot. [8eaf6dd00775181ee5fdae0c7b88867a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\qq.vbs (Trojan.Agent) -> Delete on reboot. [dd603a03651785b1d21016a4e41f4fb1]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\qq.vbs (Trojan.Agent) -> Delete on reboot. [0c3184b9df9d5bdb18ca902af21130d0]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\qq.vbs (Trojan.Agent) -> Delete on reboot. [9ca12f0eceaee94d489aac0e8f743bc5]
c:\programdata\microsoft\windows\start menu\programs\startup\recycled.vbs (Worm.AutoRun) -> Delete on reboot. [0a33a697e09cc86e40aaf1c9808324dc]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\recycled.vbs (Worm.AutoRun) -> Delete on reboot. [16272617aecee25439b1378303007b85]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\recycled.vbs (Worm.AutoRun) -> Delete on reboot. [c776112cceae88ae8a604a70e023f907]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\recycled.vbs (Worm.AutoRun) -> Delete on reboot. [b28b4fee720afe3877732b8f6b9829d7]
c:\windows\system32\8078.vbs (Malware.Trace) -> Delete on reboot. [be7f72cbb1cb5fd7af5ab00cd330cc34]
c:\windows\syswow64\8078.vbs (Malware.Trace) -> Delete on reboot. [82bbbf7e0676a3938b7ed4e832d1a15f]
c:\windows\system32\boot.vbs (Spyware.ActMon) -> Delete on reboot. [4bf278c5ea9263d328e07d40f60de719]
c:\windows\syswow64\boot.vbs (Spyware.ActMon) -> Delete on reboot. [2716211c1468f046af5918a5d52eac54]
c:\windows\system32\drivers.vbs (Malware.Trace) -> Delete on reboot. [d8653706a3d97abc7b96605fc0434ab6]
c:\windows\syswow64\drivers.vbs (Malware.Trace) -> Delete on reboot. [003d06373d3fec4a66ab09b6c73c6f91]
c:\windows\system32\helpme.vbs (Malware.Trace) -> Delete on reboot. [6ecf112c4b319a9c5a72348dce35e21e]
c:\windows\syswow64\helpme.vbs (Malware.Trace) -> Delete on reboot. [300dec518cf0cd69eae22a97d1329b65]
c:\windows\system32\launch.vbs (Malware.Trace) -> Delete on reboot. [9ca16ad3a4d840f69986566d8e75ac54]
c:\windows\syswow64\launch.vbs (Malware.Trace) -> Delete on reboot. [3508a09d4c30dd5942dd695a9a696f91]
c:\windows\system32\mssvrdll.vbs (Worm.AutoRun) -> Delete on reboot. [6bd2dd60fd7ff640024808bc5ba8817f]
c:\windows\syswow64\mssvrdll.vbs (Worm.AutoRun) -> Delete on reboot. [c17c7fbe512b38fea6a46d57b94a12ee]
c:\windows\system32\myie.vbs (Malware.Trace) -> Delete on reboot. [c578e05dee8eb77f8df064607e859e62]
c:\windows\syswow64\myie.vbs (Malware.Trace) -> Delete on reboot. [b9847ac3bbc1c076f8854b7947bc718f]
c:\windows\system32\newvirusremoval.vbs (Trojan.XPCInfoSystems) -> Delete on reboot. [f449cf6eb2ca5bdb6239bf05c340c33d]
c:\windows\syswow64\newvirusremoval.vbs (Trojan.XPCInfoSystems) -> Delete on reboot. [d36a75c84438c0767b200db7d132dd23]
c:\windows\system32\service.vbs (Trojan.Agent) -> Delete on reboot. [2e0f8db013697fb7be5c369024dff50b]
c:\windows\syswow64\service.vbs (Trojan.Agent) -> Delete on reboot. [2716e05d126a6dc90713c7ff7a898a76]
c:\users\wjmcc\appdata\local\temp\209421.vbs (Malware.Trace) -> Delete on reboot. [fa43d06d7705cc6a30868f3b8281e719]
c:\windows\serviceprofiles\localservice\appdata\local\temp\209421.vbs (Malware.Trace) -> Delete on reboot. [f14c2e0f205c87af6e48f7d37d869d63]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\209421.vbs (Malware.Trace) -> Delete on reboot. [29147dc0255738fe42743397649fc040]
c:\windows\temp\209421.vbs (Malware.Trace) -> Delete on reboot. [0c311825a7d52e08ebcb329807fc7987]
c:\users\wjmcc\appdata\local\temp\360safe.vbs (Trojan.Emogen) -> Delete on reboot. [68d575c82b51da5c9a2f4e7c54afa65a]
c:\windows\serviceprofiles\localservice\appdata\local\temp\360safe.vbs (Trojan.Emogen) -> Delete on reboot. [132a5ae3e29a52e48049408a43c0ab55]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\360safe.vbs (Trojan.Emogen) -> Delete on reboot. [6bd28cb194e86cca19b013b7f50e7d83]
c:\windows\temp\360safe.vbs (Trojan.Emogen) -> Delete on reboot. [b984d964225ab4823c8df9d114ef02fe]
c:\users\wjmcc\appdata\local\temp\cleaner.exe.vbs (Worm.VBS) -> Delete on reboot. [55e8211c314b2d09b8053794976c1ce4]
c:\windows\serviceprofiles\localservice\appdata\local\temp\cleaner.exe.vbs (Worm.VBS) -> Delete on reboot. [ba83013c502c0333536a6d5e4cb749b7]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\cleaner.exe.vbs (Worm.VBS) -> Delete on reboot. [e15c241993e9270f0fae88435ea58080]
c:\windows\temp\cleaner.exe.vbs (Worm.VBS) -> Delete on reboot. [f04d73caec908babf6c7e6e50cf77987]
c:\users\wjmcc\appdata\local\temp\bleep-smile.vbs (Malware.Trace) -> Delete on reboot. [15283d005a22dd59089d7953dc27b44c]
c:\windows\serviceprofiles\localservice\appdata\local\temp\bleep-smile.vbs (Malware.Trace) -> Delete on reboot. [7fbe41fc5a22cc6ae2c3c80424dff10f]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\bleep-smile.vbs (Malware.Trace) -> Delete on reboot. [de5fba830c70d066693c1fad32d14eb2]
c:\windows\temp\bleep-smile.vbs (Malware.Trace) -> Delete on reboot. [b28b9ca153295bdb2f760ac24db629d7]
c:\users\wjmcc\appdata\local\temp\informaquina.vbs (Malware.Trace) -> Delete on reboot. [d46968d5f38973c330a6f2da49bab64a]
c:\windows\serviceprofiles\localservice\appdata\local\temp\informaquina.vbs (Malware.Trace) -> Delete on reboot. [201de855384459dd657129a3be45c63a]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\informaquina.vbs (Malware.Trace) -> Delete on reboot. [fd40db626a12bf77ebeb64681ce76f91]
c:\windows\temp\informaquina.vbs (Malware.Trace) -> Delete on reboot. [6cd1b48958246bcb0fc7e8e49c67ef11]
c:\users\wjmcc\cookies\polorid.vbs (Malware.Trace) -> Delete on reboot. [fd40053834480a2c5d71cf0016edfd03]
c:\users\wjmcc\appdata\local\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot. [f14c89b4d1abb77f1236c50c2cd70cf4]
c:\windows\serviceprofiles\localservice\appdata\local\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot. [8ab3ef4e027a2e087bcd02cfef14ae52]
c:\windows\serviceprofiles\networkservice\appdata\local\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot. [bd8049f4ff7dca6c311751803fc412ee]
c:\windows\system32\config\systemprofile\appdata\local\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot. [45f852eba0dcc76fdf69379aca3939c7]
c:\users\wjmcc\templates\ksp.jpeg.dll.vbs (Worm.VBS) -> Delete on reboot. [6fce66d7116b3204377107cbbf4430d0]
c:\windows\122.vbs (Trojan.Agent) -> Delete on reboot. [bf7eee4fcab2a09694b526add52e7e82]
c:\windows\colixe.vbs (Fake.Dropped.Malware) -> Delete on reboot. [ed5080bdc1bbc3732e987d576c9708f8]
c:\windows\cursors\boom.vbs (Worm.AutoRun) -> Delete on reboot. [f8456dd05f1d79bdaf7b3c9941c2c53b]
c:\windows\fs6519.dll.vbs (Worm.Solow) -> Delete on reboot. [9aa3320b235973c359cde9ed877c728e]
c:\windows\gameeeeee.vbs (Trojan.Agent) -> Delete on reboot. [1d20f04d126aa78fcb7022b4669d1ce4]
c:\windows\gspi412.vbs (Worm.AutoRun) -> Delete on reboot. [1e1f7bc20676c670223124b25da628d8]
c:\windows\help\rllfddsdfds7fds.vbs (Malware.Trace) -> Delete on reboot. [d568b687daa23df9dfa4726422e117e9]
c:\windows\janka.vbs (Worm.AutoRun) -> Delete on reboot. [67d6a4993d3fe94de8442aad6d96ec14]
c:\windows\ms32dll.dll.vbs (VBS.Godzilla) -> Delete on reboot. [f14c2914c4b88da9807531a63dc605fb]
c:\windows\mssvrdll.vbs (Worm.AutoRun) -> Delete on reboot. [95a83b0243392e0886acbb1d1ae948b8]
c:\windows\nar.vbs (Worm.AutoRun) -> Delete on reboot. [281593aa16660e2806452dab976cb64a]
c:\windows\solution.vbs (Worm.AutoRun) -> Delete on reboot. [fd403607b2ca62d4cdbeba1fa65d3ac6]
c:\windows\sysres.vbs (Worm.AutoRun) -> Delete on reboot. [85b881bc017b72c409f5796050b3b44c]
c:\windows\tasks\hackshen.vbs (Trojan.VBS) -> Delete on reboot. [221bde5ff28a6bcbf535a53658abec14]
c:\windows\tasks\pig.vbs (Worm.AutoRun) -> Delete on reboot. [6ad38eafe498ee489a9c6a711fe4a45c]
c:\windows\ujbright_antivirus.vbs (Worm.UjBright) -> Delete on reboot. [f14cc17c3547979f55359546df240ef2]
c:\windows\uninstall_nmon.vbs (Malware.Trace) -> Delete on reboot. [91acd06d0c70181e4f41617a57aceb15]
c:\windows\xxicecubexx.dll.vbs (Worm.AutoRun) -> Delete on reboot. [f34aec514a325cdafb8aeeee4bb8e51b]
c:\programdata\microsoft\windows\start menu\programs\startup\fu.vbs (Trojan.Agent) -> Delete on reboot. [f746aa9345372a0c514f3ecff70da35d]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\fu.vbs (Trojan.Agent) -> Delete on reboot. [fb42172682fa44f2e9b70a03a262e917]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\fu.vbs (Trojan.Agent) -> Delete on reboot. [2b1273ca5626f343019f1cf1ce360af6]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\fu.vbs (Trojan.Agent) -> Delete on reboot. [1e1ff9444933a294366a9e6f798b8977]
c:\programdata\microsoft\windows\start menu\programs\startup\wx.vbs (Trojan.Agent) -> Delete on reboot. [0a333effff7dc2748c156ca161a3956b]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\wx.vbs (Trojan.Agent) -> Delete on reboot. [4fee41fc3f3d6ec82c75d538e123966a]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\wx.vbs (Trojan.Agent) -> Delete on reboot. [003d82bbb0cce056b9e827e68381a45c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\wx.vbs (Trojan.Agent) -> Delete on reboot. [fe3fbe7f027a3402ccd50904ce3631cf]
c:\windows\xldblfxmk.vbs (Trojan.Agent) -> Delete on reboot. [d46998a5ec909e98a7fb3dd0af5518e8]
c:\users\wjmcc\appdata\local\temp\teste.vbs (Trojan.VBS) -> Delete on reboot. [72cb1c21c7b5c5712d8a4fc0fa0af907]
c:\windows\serviceprofiles\localservice\appdata\local\temp\teste.vbs (Trojan.VBS) -> Delete on reboot. [0a331f1e671582b49a1db35cd52fb14f]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\teste.vbs (Trojan.VBS) -> Delete on reboot. [99a4e558d9a36ec80aada36c7f85c23e]
c:\windows\temp\teste.vbs (Trojan.VBS) -> Delete on reboot. [f24b97a6116b68ce16a1719e31d3c63a]
c:\programdata\microsoft\windows\start menu\programs\startup\einnls.vbs (Trojan.VBS) -> Delete on reboot. [98a5c9744a32ee483cacfd121fe503fd]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\einnls.vbs (Trojan.VBS) -> Delete on reboot. [b88545f85d1fe74f8464967936ce45bb]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\einnls.vbs (Trojan.VBS) -> Delete on reboot. [380590ade498a4923dabf31c857fc23e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\einnls.vbs (Trojan.VBS) -> Delete on reboot. [49f454e983f92412e107f31c9173c739]
c:\programdata\microsoft\windows\start menu\programs\startup\gxsstn.vbs (Trojan.VBS) -> Delete on reboot. [77c6e25b225aca6cd813ba55be464fb1]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\gxsstn.vbs (Trojan.VBS) -> Delete on reboot. [e95482bb502c7cbaedfef11efa0aa759]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\gxsstn.vbs (Trojan.VBS) -> Delete on reboot. [cf6e013ced8f1125db10030ca36146ba]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\gxsstn.vbs (Trojan.VBS) -> Delete on reboot. [172655e8f78547ef2fbc917e1aeaed13]
c:\programdata\microsoft\windows\start menu\programs\startup\ogyynl.vbs (Trojan.VBS) -> Delete on reboot. [1c21ce6f53294fe701ebf71825dfd12f]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\ogyynl.vbs (Trojan.VBS) -> Delete on reboot. [49f41c21e09c2a0c06e6d93655af04fc]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ogyynl.vbs (Trojan.VBS) -> Delete on reboot. [3a033eff0e6e83b3c725f61983817d83]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\ogyynl.vbs (Trojan.VBS) -> Delete on reboot. [7ac3271699e30c2ab438050ac53f07f9]
c:\windows\system32\ds.vbs (Malware.Trace) -> Delete on reboot. [ce6fb786ec90b28437b765ab63a1c23e]
c:\windows\syswow64\ds.vbs (Malware.Trace) -> Delete on reboot. [f944d46905774ee83bb3fc14fe06db25]
c:\users\wjmcc\appdata\local\temp\arvindo.vbs (Malware.Trace) -> Delete on reboot. [97a68faeb7c5cb6b4ccb8c852cd850b0]
c:\windows\serviceprofiles\localservice\appdata\local\temp\arvindo.vbs (Malware.Trace) -> Delete on reboot. [9e9fc37a1468fc3ae532fc15f113b24e]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\arvindo.vbs (Malware.Trace) -> Delete on reboot. [fe3fe25b215b93a355c261b0e02454ac]
c:\windows\temp\arvindo.vbs (Malware.Trace) -> Delete on reboot. [3c01fe3f7a02a98d11068c85ca3a0df3]
c:\users\wjmcc\appdata\local\temp\wiser.vbs (Malware.Trace) -> Delete on reboot. [a19c4eef59232412404a44d2fb093cc4]
c:\windows\serviceprofiles\localservice\appdata\local\temp\wiser.vbs (Malware.Trace) -> Delete on reboot. [1f1e9da0e5972d090e7ce630dc2843bd]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\wiser.vbs (Malware.Trace) -> Delete on reboot. [a19c1627a5d76bcb1e6cc65082822fd1]
c:\windows\temp\wiser.vbs (Malware.Trace) -> Delete on reboot. [152894a94933ea4c6d1de82e15efa65a]
c:\program files (x86)\common files\system\ado\myie.vbs (Malware.Trace) -> Delete on reboot. [e05df14ccbb188aec4a56cab966edf21]
c:\program files\common files\system\ado\myie.vbs (Malware.Trace) -> Delete on reboot. [201d09345923ad89fc6d13041de7c23e]
c:\users\wjmcc\appdata\local\temp\muru.vbs (Malware.Trace) -> Delete on reboot. [81bc36070973d16559cbbb5e48bc38c8]
c:\windows\serviceprofiles\localservice\appdata\local\temp\muru.vbs (Malware.Trace) -> Delete on reboot. [3904211cceae68ce43e1cc4d0301fb05]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\muru.vbs (Malware.Trace) -> Delete on reboot. [4bf270cd1e5e1a1c58ccb56448bc936d]
c:\windows\temp\muru.vbs (Malware.Trace) -> Delete on reboot. [44f90e2fef8db680ec388e8b29dbea16]
c:\360safe.vbs (Malware.Trace) -> Delete on reboot. [53eaef4e1f5dd2641a5821f9ed1736ca]
c:\windows\system32\mbrnoname.vbs (Malware.Trace) -> Delete on reboot. [50ed4df067151a1c254e0d0d2bd960a0]
c:\windows\syswow64\mbrnoname.vbs (Malware.Trace) -> Delete on reboot. [14291d2094e8b680f47f35e53aca718f]
c:\program files\winzip\internet.vbs (Malware.Trace) -> Delete on reboot. [43fa09347b01fc3a74d4d745bf45b64a]
c:\program files\winzip\user.vbs (Malware.Trace) -> Delete on reboot. [44f9c677a5d795a12525988453b1f010]
c:\users\public\application datasc4.vbs (Malware.Trace) -> Delete on reboot. [3d00dc611d5f91a5e5fcfc27699b19e7]
c:\users\wjmcc\application datasc4.vbs (Malware.Trace) -> Delete on reboot. [64d985b8017b3cfafae7091a15effd03]
c:\windows\serviceprofiles\localservice\application datasc4.vbs (Malware.Trace) -> Delete on reboot. [c47982bbdaa21f17ca17a083758f2fd1]
c:\windows\serviceprofiles\networkservice\application datasc4.vbs (Malware.Trace) -> Delete on reboot. [28152a135923f73f8859c360798b4cb4]
c:\windows\system32\config\systemprofile\application datasc4.vbs (Malware.Trace) -> Delete on reboot. [55e84eeff3895dd909d8e93a18ec5ea2]
c:\users\public\amsfx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [59e495a8df9d2214f1964fd87a8aae52]
c:\users\wjmcc\amsfx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a09d17264f2de650a9de38ef6e9641bf]
c:\windows\serviceprofiles\localservice\amsfx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [023b41fc047868ce94f3ad7a4eb6bf41]
c:\windows\serviceprofiles\networkservice\amsfx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b9842b12fb8132047611919615ef3cc4]
c:\windows\system32\config\systemprofile\amsfx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [73ca023baad2eb4b5a2dd057d72d54ac]
c:\programdata\microsoft\windows\start menu\programs\startup\nwwf.vbs (Malware.Trace) -> Delete on reboot. [c27be25b2953de58ee54919b2bd9d12f]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\nwwf.vbs (Malware.Trace) -> Delete on reboot. [f14c003df98315214200f735fa0adc24]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\nwwf.vbs (Malware.Trace) -> Delete on reboot. [54e95ce1750751e5d072a28ac242ff01]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\nwwf.vbs (Malware.Trace) -> Delete on reboot. [c5783607403ca98d3a08bf6de123956b]
c:\programdata\microsoft\windows\start menu\programs\startup\vkontaktemaster.vbs (Trojan.Agent) -> Delete on reboot. [b7865ae33b4157dfddde66cc14f0a759]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\vkontaktemaster.vbs (Trojan.Agent) -> Delete on reboot. [f845c5783b417cbaf7c4949e1de706fa]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\vkontaktemaster.vbs (Trojan.Agent) -> Delete on reboot. [083556e75e1e162067548aa8ad57d828]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\vkontaktemaster.vbs (Trojan.Agent) -> Delete on reboot. [300db6873844999d6e4d3101689c09f7]
c:\programdata\microsoft\windows\start menu\programs\startup\syncdata.vbs (Backdoor.Agent) -> Delete on reboot. [013cb28b1b6159dd5d6d231054b032ce]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\syncdata.vbs (Backdoor.Agent) -> Delete on reboot. [15287ac3c2ba43f3d0fa7cb7a36132ce]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\syncdata.vbs (Backdoor.Agent) -> Delete on reboot. [51ecd6676a12fc3a35952013b153ff01]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\syncdata.vbs (Backdoor.Agent) -> Delete on reboot. [4eeffe3f8cf06fc7dbef7ab94cb8ea16]
c:\program files\rbjcl.vbs (Trojan.StartPage) -> Delete on reboot. [95a8cf6e2c505fd778c444f104002ed2]
c:\program files (x86)\rbjcl.vbs (Trojan.StartPage) -> Delete on reboot. [83ba1429e09cec4a122a37fe3cc8a35d]
c:\program files\ctcom.vbs (Trojan.StartPage) -> Delete on reboot. [8db009341b6103336bdaf6447292629e]
c:\program files (x86)\ctcom.vbs (Trojan.StartPage) -> Delete on reboot. [bc81370697e5b77f271eaa90a46060a0]
c:\program files\reclz.vbs (Trojan.StartPage) -> Delete on reboot. [48f5a29b26560333cfea1723669e23dd]
c:\program files (x86)\reclz.vbs (Trojan.StartPage) -> Delete on reboot. [5be2ab92156765d1d7e2310956aeaf51]
c:\program files\dauph.vbs (Trojan.StartPage) -> Delete on reboot. [f34a5de0fc80d561e6f1102aa55fa15f]
c:\program files (x86)\dauph.vbs (Trojan.StartPage) -> Delete on reboot. [5be2d5681a62f83ea92ead8dde269c64]
c:\users\public\e.vbs (Hijack.Proxy) -> Delete on reboot. [a7962a13215b4aecb429aa90fd07e11f]
c:\users\wjmcc\e.vbs (Hijack.Proxy) -> Delete on reboot. [7cc1132a423a63d32fae50eafd0749b7]
c:\windows\serviceprofiles\localservice\e.vbs (Hijack.Proxy) -> Delete on reboot. [f04d49f4126ada5c01dc62d86d97d52b]
c:\windows\serviceprofiles\networkservice\e.vbs (Hijack.Proxy) -> Delete on reboot. [99a4e35add9f61d56b7225151de760a0]
c:\windows\system32\config\systemprofile\e.vbs (Hijack.Proxy) -> Delete on reboot. [e4590f2e3f3d21157964dc5e17ed6997]
c:\program files\mslch.vbs (Trojan.StartPage) -> Delete on reboot. [ad90ed504c3084b28f7d83b861a3f010]
c:\program files (x86)\mslch.vbs (Trojan.StartPage) -> Delete on reboot. [d766ca732d4f78be3bd186b542c2669a]
c:\program files\diwja.vbs (Trojan.StartPage) -> Delete on reboot. [cf6e41fcee8e053188a6e556f50f5ba5]
c:\program files (x86)\diwja.vbs (Trojan.StartPage) -> Delete on reboot. [e45971ccb6c6cd69fd31c477a26245bb]
c:\windows\system32\dzdvs.vbs (Malware.Trace) -> Delete on reboot. [033aff3e532981b5e79f9aa8b2521be5]
c:\windows\syswow64\dzdvs.vbs (Malware.Trace) -> Delete on reboot. [40fd2f0ef58755e154329da524e09e62]
c:\windows\henry.vbs (Trojan.Agent) -> Delete on reboot. [c27bc27b621a3ff7414088bfb153d828]
c:\windows\system32\vbscript-thumbs.vbs (Trojan.Agent) -> Delete on reboot. [87b61825c8b4c472238600479b6923dd]
c:\windows\syswow64\vbscript-thumbs.vbs (Trojan.Agent) -> Delete on reboot. [48f585b82359d46273367ec99a6aa25e]
c:\windows\system32\vbscript-start.vbs (Trojan.Agent) -> Delete on reboot. [8ab356e7512b93a336748abdd52f758b]
c:\windows\syswow64\vbscript-start.vbs (Trojan.Agent) -> Delete on reboot. [52ebb08d86f62d0983276fd8f41030d0]
c:\windows\system32\gedzac.vbs (Worm.VBS.Gedzac) -> Delete on reboot. [ce6f003d314b5adc7d963317a65e36ca]
c:\windows\syswow64\gedzac.vbs (Worm.VBS.Gedzac) -> Delete on reboot. [d66759e48cf0092d878ccb7f34d06a96]
c:\programdata\userv1.18.0 - trial version.vbs (Stolen.Data) -> Delete on reboot. [91acf44913698caa630ec390d133f40c]
c:\users\wjmcc\appdata\roaming\userv1.18.0 - trial version.vbs (Stolen.Data) -> Delete on reboot. [40fd8ab3314bb482cba667eca4608878]
c:\windows\serviceprofiles\localservice\appdata\roaming\userv1.18.0 - trial version.vbs (Stolen.Data) -> Delete on reboot. [013cf548b1cb1323caa73221e81c7987]
c:\windows\serviceprofiles\networkservice\appdata\roaming\userv1.18.0 - trial version.vbs (Stolen.Data) -> Delete on reboot. [e35a033a4e2ec27478f9371ca65e6898]
c:\windows\system32\config\systemprofile\appdata\roaming\userv1.18.0 - trial version.vbs (Stolen.Data) -> Delete on reboot. [053867d6bebe0333b3be9fb458acd32d]
c:\windows\system32\com\vsx.vbs (Trojan.Buzus) -> Delete on reboot. [a09d68d54b31bc7a72271f347d87ea16]
c:\windows\syswow64\com\vsx.vbs (Trojan.Buzus) -> Delete on reboot. [cc712518c6b6082e0b8ec192fe067e82]
c:\windows\microsoft.vbs (Trojan.Agent) -> Delete on reboot. [ef4e62db6616ba7c3b0158fd1ee67f81]
c:\programdata\msddn.vbs (Malware.Trace) -> Delete on reboot. [1c2181bc45370531cc8b65f0da2a748c]
c:\users\wjmcc\appdata\roaming\msddn.vbs (Malware.Trace) -> Delete on reboot. [94a9a598a6d650e6ed6a78dd788c8b75]
c:\windows\serviceprofiles\localservice\appdata\roaming\msddn.vbs (Malware.Trace) -> Delete on reboot. [4df07bc2bfbdd5611c3b6ce90bf907f9]
c:\windows\serviceprofiles\networkservice\appdata\roaming\msddn.vbs (Malware.Trace) -> Delete on reboot. [84b959e4e59779bd4413ed68ca3a6b95]
c:\windows\system32\config\systemprofile\appdata\roaming\msddn.vbs (Malware.Trace) -> Delete on reboot. [57e62518a1db21153720fa5bb54f847c]
c:\programdata\microsoft\windows\start menu\programs\startup\checkup-statues.vbs (Backdoor.Agent) -> Delete on reboot. [9ca1c17c1c60d066b294431721e3e11f]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\checkup-statues.vbs (Backdoor.Agent) -> Delete on reboot. [d06d65d8b4c8270f4105cf8b6f95b34d]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\checkup-statues.vbs (Backdoor.Agent) -> Delete on reboot. [93aa43fa6f0d22149bab4d0dd52fe719]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\checkup-statues.vbs (Backdoor.Agent) -> Delete on reboot. [66d78bb2c3b9b4823115bf9b20e4a65a]
c:\programdata\microsoft\windows\start menu\programs\startup\data.vbs (Trojan.Agent) -> Delete on reboot. [142958e596e6f3438b8be17a3dc7867a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\data.vbs (Trojan.Agent) -> Delete on reboot. [40fdb9848af2a78fba5c0655cf350000]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\data.vbs (Trojan.Agent) -> Delete on reboot. [72cb7ebfd2aa5fd7ec2ae57629db2bd5]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\data.vbs (Trojan.Agent) -> Delete on reboot. [f54865d845372214a37378e3b94b51af]
c:\programdata\microsoft\thinstall.vbs (Backdoor.Agent) -> Delete on reboot. [c7761c212854bf77f4622a3147bd9b65]
c:\users\wjmcc\appdata\roaming\microsoft\thinstall.vbs (Backdoor.Agent) -> Delete on reboot. [7bc23607a4d8de5843135506c0447987]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\thinstall.vbs (Backdoor.Agent) -> Delete on reboot. [f84598a5512b7db9d77f92c993710bf5]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\thinstall.vbs (Backdoor.Agent) -> Delete on reboot. [d56844f9e399a78fb3a3bc9f8b7954ac]
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\thinstall.vbs (Backdoor.Agent) -> Delete on reboot. [122b72cb87f5fb3b3323fe5d937143bd]
c:\windows\web\door.vbs (Malware.Trace) -> Delete on reboot. [46f71a23cfad7db956ee5efedf257e82]
c:\windows\web\os.vbs (Malware.Trace) -> Delete on reboot. [4feef6475329d85e3511e47814f04bb5]
c:\windows\web\user.vbs (Malware.Trace) -> Delete on reboot. [0e2f57e61c60bb7b291e9fbdbc48a759]
c:\windows\winlogon32.vbs (Trojan.Agent) -> Delete on reboot. [2b123effc1bb4cea66d1570a5aaaec14]
c:\windows\system32\knucker.c.vbs (Worm.VBS) -> Delete on reboot. [ed50c974b4c8b77fd0af3b2724e0b14f]
c:\windows\syswow64\knucker.c.vbs (Worm.VBS) -> Delete on reboot. [1627f746cbb1b482a5da1052818327d9]
c:\programdata\microsoft\windows\start menu\programs\startup\invis.vbs (Trojan.Agent) -> Delete on reboot. [dd60f34a90ecd264aef52044f60e3dc3]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\invis.vbs (Trojan.Agent) -> Delete on reboot. [3b02fe3fea923df93d660e56768e3dc3]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\invis.vbs (Trojan.Agent) -> Delete on reboot. [57e6e95425572511564de4807b897b85]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\invis.vbs (Trojan.Agent) -> Delete on reboot. [87b677c6106cf0463073fe665ea66c94]
c:\programdata\eol.vbs (Malware.Traces) -> Delete on reboot. [d766300dfc80fd39b9a6fa6e030122de]
c:\users\wjmcc\appdata\roaming\eol.vbs (Malware.Traces) -> Delete on reboot. [3ffe8ab3ed8fc76fb4abc2a65ba9e020]
c:\windows\serviceprofiles\localservice\appdata\roaming\eol.vbs (Malware.Traces) -> Delete on reboot. [8ab3ae8f403c3204f56a92d613f126da]
c:\windows\serviceprofiles\networkservice\appdata\roaming\eol.vbs (Malware.Traces) -> Delete on reboot. [211c132a7dff979f025df27654b0df21]
c:\windows\system32\config\systemprofile\appdata\roaming\eol.vbs (Malware.Traces) -> Delete on reboot. [a9943508e19b5cdaa7b8c3a555afc43c]
c:\programdata\microsoft\windows\start menu\programs\startup\netlimiter.vbs (Trojan.Agent.VBS) -> Delete on reboot. [98a53d00f78576c0025e21569470847c]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\netlimiter.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a39a5fde106cfb3b84dcee8910f42dd3]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\netlimiter.vbs (Trojan.Agent.VBS) -> Delete on reboot. [9e9f5de02b5100368ad6255242c28c74]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\netlimiter.vbs (Trojan.Agent.VBS) -> Delete on reboot. [16271e1f443855e16af68ceb53b1629e]
c:\users\wjmcc\appdata\local\temp\cc.vbs (Trojan.Agent.VBS) -> Delete on reboot. [2c11dd60b4c8fb3ba26e7802a460c040]
c:\windows\serviceprofiles\localservice\appdata\local\temp\cc.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3805310ced8fd75f4ac6afcba85c1fe1]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\cc.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c27bd5683d3f60d650c05c1e9a6a46ba]
c:\windows\temp\cc.vbs (Trojan.Agent.VBS) -> Delete on reboot. [221b3ffe4537f93d957b8eec05ff05fb]
c:\users\wjmcc\appdata\roaming\macromedia\puts.vbs (Trojan.BitcoinMiner) -> Delete on reboot. [b984033a39436acce6050c737f85d22e]
c:\programdata\microsoft\windows\start menu\programs\startup\windefender.vbs (Trojan.Agent) -> Delete on reboot. [380567d6b2ca4beb2a260f779e66f50b]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\windefender.vbs (Trojan.Agent) -> Delete on reboot. [e35a93aaaad2ba7c5bf5a4e2d034659b]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windefender.vbs (Trojan.Agent) -> Delete on reboot. [231a132af3890d2981cfcfb72ed6867a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windefender.vbs (Trojan.Agent) -> Delete on reboot. [2a134cf12458ab8b1a36f49260a4a957]
c:\programdata\microsoft\windows\start menu\programs\startup\iexplorer.vbs (Trojan.Agent.E) -> Delete on reboot. [f14cba833646b581c6afbdcb2bd941bf]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\iexplorer.vbs (Trojan.Agent.E) -> Delete on reboot. [3b02c37ac3b989ad3a3b0286ee1650b0]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\iexplorer.vbs (Trojan.Agent.E) -> Delete on reboot. [84b981bcbbc1bd79165ffc8c8381e11f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\iexplorer.vbs (Trojan.Agent.E) -> Delete on reboot. [9ba26ecf007c13231f56b2d609fbd62a]
c:\programdata\microsoft\windows\start menu\java binary.vbs (Malware.Traces) -> Delete on reboot. [3ffed4693e3ea59129200386dc288080]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\java binary.vbs (Malware.Traces) -> Delete on reboot. [ad90fa43fe7e84b20049e6a3fd07d12f]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\java binary.vbs (Malware.Traces) -> Delete on reboot. [1924291495e778be0a3fa3e654b07987]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\java binary.vbs (Malware.Traces) -> Delete on reboot. [4fee1528d6a63afc6edb454426ded828]
c:\programdata\microsoft\windows\start menu\programs\startup\java update check.vbs (Trojan.Agent) -> Delete on reboot. [ba834cf10b713df92a4cf693ea1a45bb]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\java update check.vbs (Trojan.Agent) -> Delete on reboot. [023bd36aa4d832041f57cdbc867e1ce4]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\java update check.vbs (Trojan.Agent) -> Delete on reboot. [e954f44984f868ce0e68e1a811f316ea]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\java update check.vbs (Trojan.Agent) -> Delete on reboot. [d76634092c506dc9e78f4c3d976d22de]
c:\users\wjmcc\appdata\local\temp\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [43fafc41d6a67fb71d5d0684e81cfc04]
c:\windows\serviceprofiles\localservice\appdata\local\temp\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [5ae3073614689f97c9b1c4c625dfae52]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [0835e855136989ad0d6d9ceeba4ad828]
c:\windows\temp\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [6bd2b489710bf73f76045337b351db25]
c:\programdata\microsoft\windows\start menu\programs\startup\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [66d73b0219633cfaf9824f3b29dbd62a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [7fbee8556f0df2444a31c3c7d1334ab6]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [0538e657225ab77f4a315634fb096b95]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\siamhk.vbs (Backdoor.Agent.SIMH) -> Delete on reboot. [a09d87b6f7853ef877047d0d63a1dd23]
c:\programdata\microsoft\windows\start menu\programs\startup\exile.vbs (Backdoor.Agent.XIL) -> Delete on reboot. [330ae756b8c4c4723cff701b9f6518e8]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\exile.vbs (Backdoor.Agent.XIL) -> Delete on reboot. [e05d201d314b3ff7aa91a3e84aba6d93]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\exile.vbs (Backdoor.Agent.XIL) -> Delete on reboot. [f84560dd5626d36374c71a7104009b65]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\exile.vbs (Backdoor.Agent.XIL) -> Delete on reboot. [95a8033a225a43f3a69546450103dc24]
c:\users\wjmcc\appdata\local\temp\www.vbs (Trojan.VBS) -> Delete on reboot. [122b023bb1cba78f78de5c2f9272fe02]
c:\windows\serviceprofiles\localservice\appdata\local\temp\www.vbs (Trojan.VBS) -> Delete on reboot. [16270934413be94d5501771429dbe020]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\www.vbs (Trojan.VBS) -> Delete on reboot. [47f6ea535527fa3ce67046454bb9cb35]
c:\windows\temp\www.vbs (Trojan.VBS) -> Delete on reboot. [bf7ebe7f1c60bf770254ee9d24e01ee2]
c:\programdata\microsoft\windows\start menu\programs\startup\www.vbs (Trojan.VBS) -> Delete on reboot. [122b59e490ec1c1adc7b9dee01030df3]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\www.vbs (Trojan.VBS) -> Delete on reboot. [71ccca73bbc1ea4cea6d2566b252dc24]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\www.vbs (Trojan.VBS) -> Delete on reboot. [fb42310cf6863402d681f09b887cb64a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\www.vbs (Trojan.VBS) -> Delete on reboot. [2e0f48f587f5e650b6a1abe0966eb947]
c:\programdata\microsoft\windows\start menu\programs\startup\itlsv.vbs (Trojan.Agent) -> Delete on reboot. [6dd0201d1c60d95d5a844f3c5ba9c63a]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\itlsv.vbs (Trojan.Agent) -> Delete on reboot. [77c680bdd1abd066706efa91ee16e31d]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\itlsv.vbs (Trojan.Agent) -> Delete on reboot. [79c40d305428c76faf2f52398183bd43]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\itlsv.vbs (Trojan.Agent) -> Delete on reboot. [6fce132a9be1a294ab33d1ba17ed3ec2]
c:\users\wjmcc\appdata\local\temp\micrsoft.vbs (Trojan.Agent.E) -> Delete on reboot. [2a13fa43780481b539c8187503018c74]
c:\windows\serviceprofiles\localservice\appdata\local\temp\micrsoft.vbs (Trojan.Agent.E) -> Delete on reboot. [f14c083518640b2b5ba6b0ddf311d030]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\micrsoft.vbs (Trojan.Agent.E) -> Delete on reboot. [1e1fc776b9c3201621e08ffef2120cf4]
c:\windows\temp\micrsoft.vbs (Trojan.Agent.E) -> Delete on reboot. [cc714bf2e8940a2c11f0c3ca47bd3ac6]
c:\windows\hacked.vbs (Malware.Trace) -> Delete on reboot. [ff3ee954b5c744f20b0cccc31fe5eb15]
c:\users\public\documents\my pictures\system32.vbs (Trojan.Script) -> Delete on reboot. [27164af393e92610fe512d6291734cb4]
c:\users\wjmcc\documents\my pictures\system32.vbs (Trojan.Script) -> Delete on reboot. [9aa3bf7e55273afc9fb0d7b814f06a96]
c:\windows\system32\jagi.jpg.vbs (Trojan.Agent.E) -> Delete on reboot. [96a7c8755428f83eebf5eca35ea6c53b]
c:\windows\syswow64\jagi.jpg.vbs (Trojan.Agent.E) -> Delete on reboot. [ab926dd0ceae350129b798f7fd072fd1]
c:\programdata\microsoft\windows\start menu\programs\startup\dlll.vbs (Backdoor.Agent.ZPT) -> Delete on reboot. [5edf65d8433956e0c1ca335dd92b7090]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\dlll.vbs (Backdoor.Agent.ZPT) -> Delete on reboot. [78c53c018af2df5729624050d13306fa]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\dlll.vbs (Backdoor.Agent.ZPT) -> Delete on reboot. [ee4f7fbe8eee6fc758333a56a85c8878]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\dlll.vbs (Backdoor.Agent.ZPT) -> Delete on reboot. [71ccef4e582467cf197298f81ce850b0]
c:\programdata\microsoft\windows\start menu\programs\startup\windows defender.vbs (Backdoor.Messa.E) -> Delete on reboot. [201dc67723599d99245ddbb67f85bd43]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\windows defender.vbs (Backdoor.Messa.E) -> Delete on reboot. [cc71003da9d3f541f091365b8a7a1ee2]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows defender.vbs (Backdoor.Messa.E) -> Delete on reboot. [c87575c8e4981125d4adb0e1df2520e0]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows defender.vbs (Backdoor.Messa.E) -> Delete on reboot. [ce6f44f9106cf1455d246130c83c46ba]
c:\programdata\flashwin.vbs (Trojan.Script) -> Delete on reboot. [9ca1a69716660e286f4db5dcc143fb05]
c:\users\wjmcc\appdata\roaming\flashwin.vbs (Trojan.Script) -> Delete on reboot. [0b3269d4473552e48d2f9ff2ba4adb25]
c:\windows\serviceprofiles\localservice\appdata\roaming\flashwin.vbs (Trojan.Script) -> Delete on reboot. [59e42c11e09cf93ddbe1f1a00ff5f30d]
c:\windows\serviceprofiles\networkservice\appdata\roaming\flashwin.vbs (Trojan.Script) -> Delete on reboot. [d7665de090ecbf779a22eda412f260a0]
c:\windows\system32\config\systemprofile\appdata\roaming\flashwin.vbs (Trojan.Script) -> Delete on reboot. [f9441b22fd7f49ed6b51246d0ef6fe02]
c:\programdata\apachesrvin.vbs (Malware.Trace.E) -> Delete on reboot. [9f9eb18c6a12b5816c85217010f4659b]
c:\users\wjmcc\appdata\roaming\apachesrvin.vbs (Malware.Trace.E) -> Delete on reboot. [3b0248f5bebedc5a4aa7078adb2945bb]
c:\windows\serviceprofiles\localservice\appdata\roaming\apachesrvin.vbs (Malware.Trace.E) -> Delete on reboot. [201dcf6e3e3eab8ba9485140956fee12]
c:\windows\serviceprofiles\networkservice\appdata\roaming\apachesrvin.vbs (Malware.Trace.E) -> Delete on reboot. [da63ef4e384487afb53c2d64f80c34cc]
c:\windows\system32\config\systemprofile\appdata\roaming\apachesrvin.vbs (Malware.Trace.E) -> Delete on reboot. [0b32112c7ffd95a16f82236e07fd2ed2]
c:\programdata\microsoft\windows\start menu\programs\startup\xvxx.vbs (Backdoor.Agent.E) -> Delete on reboot. [2419dd60314b063084672e64956fcd33]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\xvxx.vbs (Backdoor.Agent.E) -> Delete on reboot. [99a42518bfbdab8bfeed791901037987]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\xvxx.vbs (Backdoor.Agent.E) -> Delete on reboot. [e25bb786bbc11c1add0e0c86e321e21e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\xvxx.vbs (Backdoor.Agent.E) -> Delete on reboot. [d964b588611bfb3b55966d25b450669a]
c:\programdata\microsoft\windows\start menu\programs\startup\windows taskbar.vbs (Backdoor.Messa.E) -> Delete on reboot. [7bc2bd80e39990a64da19bf7f410d828]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\windows taskbar.vbs (Backdoor.Messa.E) -> Delete on reboot. [c578a9941b61d85e5e908c06fb091be5]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows taskbar.vbs (Backdoor.Messa.E) -> Delete on reboot. [3607a39af78578be727ce9a945bfa65a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\windows taskbar.vbs (Backdoor.Messa.E) -> Delete on reboot. [5de05fde4f2d12240ce25042f60ecd33]
c:\programdata\micsoftwinpub.vbs (Trojan.Agent.E) -> Delete on reboot. [003d8eaf17650f2779d25c3746befd03]
c:\users\wjmcc\appdata\roaming\micsoftwinpub.vbs (Trojan.Agent.E) -> Delete on reboot. [fe3f08355f1d2610ad9e3162e02446ba]
c:\windows\serviceprofiles\localservice\appdata\roaming\micsoftwinpub.vbs (Trojan.Agent.E) -> Delete on reboot. [ac91dc61126a3ff765e6662d8480748c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\micsoftwinpub.vbs (Trojan.Agent.E) -> Delete on reboot. [52eb0a33225ac47271da2e6560a4fd03]
c:\windows\system32\config\systemprofile\appdata\roaming\micsoftwinpub.vbs (Trojan.Agent.E) -> Delete on reboot. [261743fa2d4f70c696b58013778d16ea]
c:\programdata\microsoft\windows\start menu\programs\startup\svccon.vbs (Backdoor.Messa.E) -> Delete on reboot. [073659e43c40df573699a4ef0cf85fa1]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\svccon.vbs (Backdoor.Messa.E) -> Delete on reboot. [92ab221b4c3074c2745be2b1689cdd23]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\svccon.vbs (Backdoor.Messa.E) -> Delete on reboot. [ff3e2e0f86f6df577c531d7647bd18e8]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\svccon.vbs (Backdoor.Messa.E) -> Delete on reboot. [57e608353a42f343656a761db153926e]
c:\programdata\microsoft\windows\start menu\programs\startup\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [261776c7d3a98aac71d6ace8d62ec43c]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [0b32c07db9c3ad89bd8a3a5ae024ff01]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [5fde68d5106c5adcc681435129dbb54b]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [8ab3d06df18b50e6ec5b791b63a15da3]
c:\users\wjmcc\appdata\local\temp\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [66d7e558116b7fb789bf425213f12bd5]
c:\windows\serviceprofiles\localservice\appdata\local\temp\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [f74634094d2fe45262e6791b8c78847c]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [7dc07ebf83f90f27ed5bcec6ed173fc1]
c:\windows\temp\firfox.vbs (Backdoor.Agent.WSC) -> Delete on reboot. [3effc578c0bc82b442066b29df25aa56]
c:\windows\system32\s4c.vbs (Trojan.Script) -> Delete on reboot. [f944ff3e3f3d2a0cb98463320ff5936d]
c:\windows\syswow64\s4c.vbs (Trojan.Script) -> Delete on reboot. [64d99e9fdca0fc3abf7ef89d22e2926e]
c:\users\wjmcc\appdata\local\temp\crypted.vbs (Trojan.Agent.VBS) -> Delete on reboot. [f4493607522ad462d0fe2571e91bc63a]
c:\windows\serviceprofiles\localservice\appdata\local\temp\crypted.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b08d62db2e4e270f6f5f702640c4be42]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\crypted.vbs (Trojan.Agent.VBS) -> Delete on reboot. [b786ee4f7ffdb77fb31bbadc31d34fb1]
c:\windows\temp\crypted.vbs (Trojan.Agent.VBS) -> Delete on reboot. [df5e73ca1f5d51e55d71ddb9000432ce]
c:\programdata\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [29140934dba177bf2620fa9efb09cc34]
c:\users\wjmcc\appdata\roaming\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [63daf24b3b4176c0c2849602b0548b75]
c:\windows\serviceprofiles\localservice\appdata\roaming\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [380582bbd1ab70c6ab9baceca361e21e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [73cadd6057258caae5614e4a61a3f709]
c:\windows\system32\config\systemprofile\appdata\roaming\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [a697f04d205c9b9b67dfeaae11f3b24e]
c:\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [7bc2122ba1dbd0662a1d2d6b917324dc]
c:\programdata\microsoft\windows\start menu\programs\startup\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [c479e855790342f4dd6b9bfdd82ccb35]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [003d65d8fa821c1a96b2415722e2649c]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [e7563ffe3b41ad89b494c5d3d2329070]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\kpcgrhynko..vbs (Worm.AutoRun.NKO) -> Delete on reboot. [b7864eef7507e3531236afe9bc48bf41]
c:\programdata\update.vbs (Backdoor.Messa.Gen) -> Delete on reboot. [2b1282bbe894a195f660aeebc440c838]
c:\users\wjmcc\appdata\roaming\update.vbs (Backdoor.Messa.Gen) -> Delete on reboot. [69d4ad9082fa60d63e18dfba17edec14]
c:\windows\serviceprofiles\localservice\appdata\roaming\update.vbs (Backdoor.Messa.Gen) -> Delete on reboot. [b58859e40676c67015414e4b51b357a9]
c:\windows\serviceprofiles\networkservice\appdata\roaming\update.vbs (Backdoor.Messa.Gen) -> Delete on reboot. [ea53f746f28adf57f95d099037cdb749]
c:\windows\system32\config\systemprofile\appdata\roaming\update.vbs (Backdoor.Messa.Gen) -> Delete on reboot. [ce6fa39a116b70c64d09a4f524e0639d]
c:\programdata\microsoft\windows\start menu\programs\startup\winconfig.vbs (Trojan.KeyLogger.Gen) -> Delete on reboot. [61dce6572a5263d35e6b4a4f1fe5817f]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\winconfig.vbs (Trojan.KeyLogger.Gen) -> Delete on reboot. [3d00ae8fd3a99c9a0dbcb0e948bcad53]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winconfig.vbs (Trojan.KeyLogger.Gen) -> Delete on reboot. [52eb0f2eb7c5b284efda8217bf45e21e]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\winconfig.vbs (Trojan.KeyLogger.Gen) -> Delete on reboot. [c17cfb42e597171fb61361384fb59c64]
c:\programdata\windows.vbs (Trojan.Agent.Gen) -> Delete on reboot. [300d4cf1205c4de984c17426927206fa]
c:\users\wjmcc\appdata\roaming\windows.vbs (Trojan.Agent.Gen) -> Delete on reboot. [60ddbc8126564de9bd885c3e6a9a2bd5]
c:\windows\serviceprofiles\localservice\appdata\roaming\windows.vbs (Trojan.Agent.Gen) -> Delete on reboot. [aa93fd40097382b456ef792156aebf41]
c:\windows\serviceprofiles\networkservice\appdata\roaming\windows.vbs (Trojan.Agent.Gen) -> Delete on reboot. [e657132a06763bfb20254258a3612ad6]
c:\windows\system32\config\systemprofile\appdata\roaming\windows.vbs (Trojan.Agent.Gen) -> Delete on reboot. [b489dc61de9e1e18c085b6e460a412ee]
c:\users\wjmcc\appdata\local\winrar.vbs (Malware.Traces) -> Delete on reboot. [4df014298fed46f027206238ce3604fc]
c:\windows\serviceprofiles\localservice\appdata\local\winrar.vbs (Malware.Traces) -> Delete on reboot. [2a134df00676be78c3846d2dd3319070]
c:\windows\serviceprofiles\networkservice\appdata\local\winrar.vbs (Malware.Traces) -> Delete on reboot. [f54873ca8eee2b0baf98f3a7f90b7789]
c:\windows\system32\config\systemprofile\appdata\local\winrar.vbs (Malware.Traces) -> Delete on reboot. [251859e4394304320c3bafeb679d08f8]
c:\programdata\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [3a03df5e0676a3930c47a2fbf113b54b]
c:\users\wjmcc\appdata\roaming\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [8eaf8bb2daa255e12d260d904fb5b14f]
c:\windows\serviceprofiles\localservice\appdata\roaming\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [2c11a39a7a02b4829db62a73c53f768a]
c:\windows\serviceprofiles\networkservice\appdata\roaming\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [6cd1eb52e29a1c1a74dfdac3af555ea2]
c:\windows\system32\config\systemprofile\appdata\roaming\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [cf6e8fae7408b482450ee1bca460847c]
c:\programdata\microsoft\windows\start menu\programs\startup\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [08352f0e413b5bdb7cd85c416d97c937]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [ea5316278defee488ec6ebb21be9718f]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [033a40fdfb811521460e8d10fa0afe02]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\facebook.vbs (Trojan.Agent.FC) -> Delete on reboot. [053855e8166672c4f0647a2337cde21e]
c:\vbs_sbmff.vbs (Malware.Trace.E) -> Delete on reboot. [9ba2bc81fb818ea8d3c1d1ccb64e36ca]
c:\programdata\microsoft\windows\start menu\programs\startup\picture.vbs (Worm.Agent.VBS) -> Delete on reboot. [d26b4df0e09c1422ec73277760a409f7]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\picture.vbs (Worm.Agent.VBS) -> Delete on reboot. [7bc22a13abd141f5d18e1d814db704fc]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\picture.vbs (Worm.Agent.VBS) -> Delete on reboot. [2d1058e5522a65d11847fba33fc52ad6]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\picture.vbs (Worm.Agent.VBS) -> Delete on reboot. [8cb105389fdd171f332c8e10ca3a02fe]
c:\programdata\ss.vbs (Malware.Traces) -> Delete on reboot. [d36acf6e56264beb87de7628b94b57a9]
c:\users\wjmcc\appdata\roaming\ss.vbs (Malware.Traces) -> Delete on reboot. [c578b489c3b95bdbd095336b8084e31d]
c:\windows\serviceprofiles\localservice\appdata\roaming\ss.vbs (Malware.Traces) -> Delete on reboot. [c37ada6338441e185c09049ad62ebe42]
c:\windows\serviceprofiles\networkservice\appdata\roaming\ss.vbs (Malware.Traces) -> Delete on reboot. [4eefe6572656ba7ca3c25b43b153e020]
c:\windows\system32\config\systemprofile\appdata\roaming\ss.vbs (Malware.Traces) -> Delete on reboot. [f14cbd807705082ec0a5a2fcc440f10f]
c:\windows\ss.vbs (Malware.Traces) -> Delete on reboot. [eb5258e52a5281b54c1a970760a40ff1]
c:\programdata\microsoft\windows\start menu\programs\startup\sexxx.vbs (Trojan.Agent) -> Delete on reboot. [093487b6621a03334e5c5846a0646e92]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\sexxx.vbs (Trojan.Agent) -> Delete on reboot. [44f904391b613ef87f2b75295ba9cf31]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\sexxx.vbs (Trojan.Agent) -> Delete on reboot. [42fbb4898af2b5813476f3ab32d2916f]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\sexxx.vbs (Trojan.Agent) -> Delete on reboot. [112c9ca1235951e5b4f6e3bb12f248b8]
c:\programdata\microsoft\windows\start menu\programs\startup\disds.vbs (Backdoor.Agent.E) -> Delete on reboot. [281597a6601cd066c66346596d9755ab]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\disds.vbs (Backdoor.Agent.E) -> Delete on reboot. [fa4386b76319e74f4ddc8f10de26e917]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\disds.vbs (Backdoor.Agent.E) -> Delete on reboot. [1f1ef34a116b2214cc5dc0df6c981ee2]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\disds.vbs (Backdoor.Agent.E) -> Delete on reboot. [82bbc17caecef83ebc6dccd34cb805fb]
c:\programdata\microsoft\windows\start menu\programs\startup\adobe updater startup utility.vbs (Backdoor.Agent.E) -> Delete on reboot. [ce6f1e1f0a7264d2f64a5f427d878e72]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe updater startup utility.vbs (Backdoor.Agent.E) -> Delete on reboot. [c974e6576b1164d2dd6310915aaa3dc3]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe updater startup utility.vbs (Backdoor.Agent.E) -> Delete on reboot. [bd8015281468ee48d16f0f9223e139c7]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe updater startup utility.vbs (Backdoor.Agent.E) -> Delete on reboot. [a19c013c403ced499aa6d3ce0103aa56]
c:\programdata\microsoft\windows\start menu\programs\startup\mdebugger.vbs (Trojan.Agent.MNR) -> Delete on reboot. [2e0ff449c4b858de84192a7863a1cb35]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\mdebugger.vbs (Trojan.Agent.MNR) -> Delete on reboot. [192489b4bcc04beb3a635a4814f047b9]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\mdebugger.vbs (Trojan.Agent.MNR) -> Delete on reboot. [be7f0d3015673afcd9c48e14fd07c739]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\mdebugger.vbs (Trojan.Agent.MNR) -> Delete on reboot. [bd8083ba057771c5b9e4b2f0669ed32d]
c:\programdata\microsoft\windows\start menu\programs\startup\systemfolder.vbs (Trojan.Agent) -> Delete on reboot. [0e2f56e7443892a4cc0c3e65b351b24e]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\systemfolder.vbs (Trojan.Agent) -> Delete on reboot. [56e755e8245842f46e6ad3d0fe06857b]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\systemfolder.vbs (Trojan.Agent) -> Delete on reboot. [8faeb588b0cc88ae8850079cde26a45c]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\systemfolder.vbs (Trojan.Agent) -> Delete on reboot. [4cf10736c0bc0432f3e5327115ef748c]
c:\programdata\microsoft\windows\start menu\programs\startup\tmivvdcbb.vbs (Trojan.Downloader.Agent.VBS) -> Delete on reboot. [ff3ef54827553105de19891b798b4ab6]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\tmivvdcbb.vbs (Trojan.Downloader.Agent.VBS) -> Delete on reboot. [f746231a9fdd4fe724d31b892bd9b848]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\tmivvdcbb.vbs (Trojan.Downloader.Agent.VBS) -> Delete on reboot. [53eaa5981765fa3cbb3cf5afdf25639d]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\tmivvdcbb.vbs (Trojan.Downloader.Agent.VBS) -> Delete on reboot. [92ab70cd681432043abd6341778deb15]
c:\programdata\bleep_usg_me.vbs (Trojan.Agent) -> Delete on reboot. [281526177705f83ebf123570ee16857b]
c:\users\wjmcc\appdata\roaming\bleep_usg_me.vbs (Trojan.Agent) -> Delete on reboot. [9aa3390497e52511ce039a0b56aec937]
c:\windows\serviceprofiles\localservice\appdata\roaming\bleep_usg_me.vbs (Trojan.Agent) -> Delete on reboot. [51ec38055b21a195d8f96d38fb09b749]
c:\windows\serviceprofiles\networkservice\appdata\roaming\bleep_usg_me.vbs (Trojan.Agent) -> Delete on reboot. [d667172603791e18ddf41e87689cf808]
c:\windows\system32\config\systemprofile\appdata\roaming\bleep_usg_me.vbs (Trojan.Agent) -> Delete on reboot. [69d4cd70621ae353daf72085a85c60a0]
c:\obfuscated.vbs (Trojan.Agent.VBS) -> Delete on reboot. [350875c8c9b3fc3ae90cf6afbd476f91]
c:\programdata\xnxx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7dc06cd15824eb4b0488b1f81aea926e]
c:\users\wjmcc\appdata\roaming\xnxx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [cf6e9ca1d7a592a4abe101a8ef1524dc]
c:\windows\serviceprofiles\localservice\appdata\roaming\xnxx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0e2ff34a6517d95dd1bbaffa828246ba]
c:\windows\serviceprofiles\networkservice\appdata\roaming\xnxx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0736e459cdafaa8c2963e3c69b69c43c]
c:\windows\system32\config\systemprofile\appdata\roaming\xnxx.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0538023ba0dc4aec503c367316eefb05]
c:\users\wjmcc\appdata\local\temp\asn.vbs (Trojan.Agent.vbs) -> Delete on reboot. [ca73db629fdddf577e1417925fa5b24e]
c:\windows\serviceprofiles\localservice\appdata\local\temp\asn.vbs (Trojan.Agent.vbs) -> Delete on reboot. [bd80d469f18b62d40290e7c26c9810f0]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\asn.vbs (Trojan.Agent.vbs) -> Delete on reboot. [fd40330a5428f93d147e0a9f36ce2dd3]
c:\windows\temp\asn.vbs (Trojan.Agent.vbs) -> Delete on reboot. [62db8eaff18b6accd4be822742c21de3]
c:\programdata\microsoft\windows\start menu\programs\startup\keygen.vbs (Trojan.Agent.VBS) -> Delete on reboot. [ac9166d7007c0f27e5bc54550004e51b]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\keygen.vbs (Trojan.Agent.VBS) -> Delete on reboot. [95a83ffe4834f145871a7a2f35cffb05]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\keygen.vbs (Trojan.Agent.VBS) -> Delete on reboot. [7dc08ab3d0ac31052a777732cc38cf31]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\keygen.vbs (Trojan.Agent.VBS) -> Delete on reboot. [d16c6cd15329ed49aaf73970bc48ee12]
c:\users\wjmcc\appdata\roaming\microsoft\protect\update.vbs (Trojan.Agent) -> Delete on reboot. [97a6122b304cb77f347ab2f9d33107f9]
c:\users\wjmcc\appdata\local\temp\maria_photo_sexy.vbs (Backdoor.Bot) -> Delete on reboot. [74c90934c7b575c13e63cede818319e7]
c:\windows\serviceprofiles\localservice\appdata\local\temp\maria_photo_sexy.vbs (Backdoor.Bot) -> Delete on reboot. [ae8f1e1fb8c48ea81889baf2db29af51]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\maria_photo_sexy.vbs (Backdoor.Bot) -> Delete on reboot. [a598300d79033402a7fa5359e61e8977]
c:\windows\temp\maria_photo_sexy.vbs (Backdoor.Bot) -> Delete on reboot. [be7f7fbe7804d165b9e89616917353ad]
c:\programdata\winregistration.vbs (Trojan.VBAgent) -> Delete on reboot. [8fae2a13d8a45dd98aeee0cd966ea15f]
c:\users\wjmcc\appdata\roaming\winregistration.vbs (Trojan.VBAgent) -> Delete on reboot. [a09d42fb5824be785622149961a352ae]
c:\windows\serviceprofiles\localservice\appdata\roaming\winregistration.vbs (Trojan.VBAgent) -> Delete on reboot. [f04d70cddba18caa88f0fdb0f014ca36]
c:\windows\serviceprofiles\networkservice\appdata\roaming\winregistration.vbs (Trojan.VBAgent) -> Delete on reboot. [d964e05d611b0d298fe9317c1ee67f81]
c:\windows\system32\config\systemprofile\appdata\roaming\winregistration.vbs (Trojan.VBAgent) -> Delete on reboot. [231a89b46f0d989e4a2e149915efbe42]
c:\programdata\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [05383508a1dbb383d7f19f0ed232e51b]
c:\users\wjmcc\appdata\roaming\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [cd701825e597ac8ab513c1ec7f858a76]
c:\windows\serviceprofiles\localservice\appdata\roaming\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [3a031a235d1ff93d527617969c6848b8]
c:\windows\serviceprofiles\networkservice\appdata\roaming\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [330a54e9235979bdc50314997b895da3]
c:\windows\system32\config\systemprofile\appdata\roaming\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [0736013c2854c27427a1862760a418e8]
c:\programdata\microsoft\windows\start menu\programs\startup\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [c37a28157a0255e1339605a8ee16b34d]
c:\users\wjmcc\appdata\roaming\microsoft\windows\start menu\programs\startup\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [90adb18c304ce452339667469c688779]
c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\startup\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [af8eb786a8d494a2389159545aaa936d]
c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\startup\encrypted_by_mr-tiger.vbs (Trojan.Agent.VBS) -> Delete on reboot. [310cf04dc1bb41f56366307dcb3929d7]
c:\users\public\systemfile.vbs (Malware.Trace) -> Delete on reboot. [0c31e756f08c3bfb41be8c21867eb14f]
c:\users\wjmcc\systemfile.vbs (Malware.Trace) -> Delete on reboot. [ad9074c929531e18758a1b9283818d73]
c:\windows\serviceprofiles\localservice\systemfile.vbs (Malware.Trace) -> Delete on reboot. [380574c96b1143f3dc23525b8c7821df]
c:\windows\serviceprofiles\networkservice\systemfile.vbs (Malware.Trace) -> Delete on reboot. [3a034eef8cf0e0569b6426872dd70bf5]
c:\windows\system32\config\systemprofile\systemfile.vbs (Malware.Trace) -> Delete on reboot. [a895122bdd9f3ff704fbf2bb37cdcc34]
c:\users\wjmcc\appdata\local\safypd.vbs (Malware.Trace.E) -> Delete on reboot. [94a98db0700c3204909c6f3f40c4d22e]
c:\windows\serviceprofiles\localservice\appdata\local\safypd.vbs (Malware.Trace.E) -> Delete on reboot. [2e0f96a77dfffa3cbe6ee1cd3ec6728e]
c:\windows\serviceprofiles\networkservice\appdata\local\safypd.vbs (Malware.Trace.E) -> Delete on reboot. [7cc152eb98e434027bb16f3f81836e92]
c:\windows\system32\config\systemprofile\appdata\local\safypd.vbs (Malware.Trace.E) -> Delete on reboot. [a994201d314be94db17b337b60a49769]
c:\users\wjmcc\appdata\local\temp\explorerr.vbs (Trojan.Agent.VBX) -> Delete on reboot. [74c9fd40dd9f280ec51ec7eacb3945bb]
c:\windows\serviceprofiles\localservice\appdata\local\temp\explorerr.vbs (Trojan.Agent.VBX) -> Delete on reboot. [1429c8758def63d3b231436ea65e639d]
c:\windows\serviceprofiles\networkservice\appdata\local\temp\explorerr.vbs (Trojan.Agent.VBX) -> Delete on reboot. [46f7112c98e42b0bcf14931eff05cd33]
c:\windows\temp\explorerr.vbs (Trojan.Agent.VBX) -> Delete on reboot. [f74652ebef8df73fdc07af02a55f9f61]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
and one after deletion,:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.540.15063.0
wjmcc :: DESKTOP-UCKJ985 [administrator]
 
9/4/2017 7:44:23 PM
mbar-log-2017-09-04 (19-44-23).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 0
Time elapsed: 19 second(s) [aborted]
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 05 September 2017 - 08:48 PM

Ah I see. Delete your current MBAR folder, and follow the instructions (and download the one attached) in this thread.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 05 September 2017 - 09:21 PM

I am not able to run the program.

 

After initialization I get an error message "The system volume seems inaccessible or encrypted.  Scan can't continue."

 

Seems like a nasty bug.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 05 September 2017 - 09:25 PM

I was expecting this. Alright then.

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 06 September 2017 - 07:04 PM

Sorry for the delay.
 
I do have a 16gb usb drive.
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by wjmcc (06-09-2017 20:01:11) Run:1
Running from C:\Users\wjmcc\Desktop
Loaded Profiles: wjmcc (Available Profiles: defaultuser0 & wjmcc & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= dir C:\Windows\ =========
 
 Volume in drive C is Windows
 Volume Serial Number is 1808-580A
 
 Directory of C:\Windows
 
09/05/2017  08:26 PM    <DIR>          .
09/05/2017  08:26 PM    <DIR>          ..
09/04/2017  10:07 AM    <DIR>          4FC9DA9DF608454E8191D7EFFDCC5726.TMP
03/18/2017  05:03 PM    <DIR>          addins
06/18/2017  06:21 AM    <DIR>          appcompat
08/09/2017  08:49 AM    <DIR>          AppPatch
09/06/2017  10:12 AM    <DIR>          AppReadiness
09/05/2017  09:24 PM    <DIR>          assembly
10/25/2016  12:37 PM                 0 authtest.txt
03/18/2017  05:03 PM    <DIR>          bcastdvr
06/17/2017  03:22 PM            64,512 bfsvc.exe
03/18/2017  05:03 PM    <DIR>          Boot
03/18/2017  05:03 PM    <DIR>          Branding
09/04/2017  02:15 PM    <DIR>          CbsTemp
02/18/2017  01:40 AM    <DIR>          CryptoGuard
10/25/2016  12:36 PM    <DIR>          CSC
03/18/2017  05:03 PM    <DIR>          Cursors
08/19/2017  12:13 PM    <DIR>          debug
06/17/2017  11:44 AM            11,433 diagerr.xml
03/18/2017  05:03 PM    <DIR>          diagnostics
06/17/2017  11:44 AM            11,433 diagwrn.xml
03/18/2017  10:28 PM    <DIR>          DigitalLocker
03/18/2017  10:28 PM    <DIR>          en-US
06/20/2017  02:04 AM         4,847,424 explorer.exe
09/04/2017  12:17 PM    <DIR>          GameBarPresenceWriter
03/18/2017  05:03 PM    <DIR>          Globalization
03/18/2017  10:28 PM    <DIR>          Help
06/17/2017  03:22 PM           975,360 HelpPane.exe
03/18/2017  04:57 PM            18,432 hh.exe
06/17/2017  11:40 AM    <DIR>          HoloShell
09/04/2017  02:15 PM            54,383 iis.log
03/18/2017  10:28 PM    <DIR>          IME
08/09/2017  08:49 AM    <DIR>          ImmersiveControlPanel
09/04/2017  05:46 PM    <DIR>          INF
03/18/2017  05:03 PM    <DIR>          InfusedApps
03/18/2017  05:03 PM    <DIR>          InputMethod
03/18/2017  05:03 PM    <DIR>          L2Schemas
08/02/2017  12:03 PM    <DIR>          LiveKernelReports
06/20/2017  08:23 PM    <DIR>          Logs
09/04/2017  05:51 PM       647,491,783 MEMORY.DMP
03/18/2017  04:57 PM            43,131 mib.bin
09/05/2017  09:24 PM    <DIR>          Microsoft.NET
03/18/2017  05:03 PM    <DIR>          Migration
09/04/2017  05:52 PM    <DIR>          Minidump
03/18/2017  10:28 PM    <DIR>          MiracastView
03/18/2017  05:03 PM    <DIR>          ModemLogs
03/18/2017  04:58 PM           246,784 notepad.exe
09/05/2017  10:18 PM         1,278,078 ntbtlog.txt
03/18/2017  10:30 PM    <DIR>          OCR
03/18/2017  05:03 PM    <DIR>          Offline Web Pages
09/02/2017  10:57 AM    <DIR>          Panther
03/18/2017  05:03 PM    <DIR>          Performance
09/04/2017  05:51 PM           202,402 PFRO.log
03/18/2017  05:03 PM    <DIR>          PLA
06/17/2017  03:23 PM    <DIR>          PolicyDefinitions
09/06/2017  08:01 PM    <DIR>          Prefetch
03/18/2017  10:28 PM    <DIR>          PrintDialog
03/18/2017  04:59 PM            34,774 Professional.xml
06/17/2017  03:23 PM    <DIR>          Provisioning
03/18/2017  04:57 PM           321,024 regedit.exe
09/03/2017  06:42 PM    <DIR>          registration
03/18/2017  10:31 PM    <DIR>          RemotePackages
08/09/2017  09:16 AM    <DIR>          rescache
09/02/2017  08:40 PM    <DIR>          Resources
03/18/2017  05:03 PM    <DIR>          SchCache
03/18/2017  10:31 PM    <DIR>          schemas
09/03/2017  07:01 PM             1,580 SecuniaPackage.log
03/18/2017  10:31 PM    <DIR>          security
06/17/2017  11:28 AM    <DIR>          ServiceProfiles
03/18/2017  10:28 PM    <DIR>          servicing
06/17/2017  03:23 PM    <DIR>          Setup
09/03/2017  12:42 PM             2,382 setupact.log
09/02/2017  06:12 PM                 0 setuperr.log
08/09/2017  08:49 AM    <DIR>          ShellExperiences
03/18/2017  10:29 PM    <DIR>          SKB
10/25/2016  12:38 PM                51 smsts.ini
06/17/2017  11:44 AM    <DIR>          SoftwareDistribution
03/18/2017  05:03 PM    <DIR>          Speech
03/18/2017  05:03 PM    <DIR>          Speech_OneCore
03/18/2017  04:58 PM           130,560 splwow64.exe
03/18/2017  05:03 PM    <DIR>          System
07/16/2016  07:45 AM               219 system.ini
09/05/2017  10:26 PM    <DIR>          System32
03/18/2017  10:31 PM    <DIR>          SystemApps
03/18/2017  10:31 PM    <DIR>          SystemResources
09/04/2017  02:14 PM    <DIR>          SysWOW64
03/18/2017  05:03 PM    <DIR>          TAPI
09/05/2017  10:17 PM    <DIR>          Tasks
09/06/2017  07:56 PM    <DIR>          Temp
03/18/2017  05:03 PM    <DIR>          tracing
03/18/2017  05:03 PM    <DIR>          twain_32
03/18/2017  04:58 PM            65,536 twain_32.dll
08/31/2017  03:29 PM            37,159 uninstaller.dat
03/18/2017  05:03 PM    <DIR>          Vss
03/18/2017  05:03 PM    <DIR>          Web
07/16/2016  07:45 AM                92 win.ini
09/05/2017  10:22 PM               275 WindowsUpdate.log
03/18/2017  04:58 PM            10,240 winhlp32.exe
09/04/2017  02:15 PM    <DIR>          WinSxS
03/18/2017  04:56 PM           316,640 WMSysPr9.prx
03/18/2017  04:58 PM            11,264 write.exe
              28 File(s)    656,176,951 bytes
              73 Dir(s)  1,801,828,257,792 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is Windows
 Volume Serial Number is 1808-580A
 
 Directory of C:\Windows\system32\drivers
 
09/05/2017  10:08 PM    <DIR>          .
09/05/2017  10:08 PM    <DIR>          ..
09/02/2017  11:52 AM           253,856 000B4EC5.sys
09/03/2017  01:28 PM           253,856 02AD6613.sys
09/02/2017  12:23 PM           253,856 09D96693.sys
09/03/2017  07:15 PM           253,856 0DE9701E.sys
09/02/2017  11:44 AM           253,856 108A48DD.sys
09/03/2017  01:35 PM           253,856 10CF6B68.sys
03/18/2017  04:56 PM           238,080 1394ohci.sys
09/04/2017  10:09 AM           253,856 16EC1C5F.sys
09/03/2017  10:45 AM           253,856 177D69C0.sys
09/02/2017  12:20 PM           253,856 18CC63E5.sys
09/02/2017  12:48 PM           253,856 190B797A.sys
09/05/2017  10:08 PM           194,776 1B30102E.sys
09/04/2017  12:20 PM           253,856 1D100033.sys
09/02/2017  11:25 AM           253,856 1EAB3A35.sys
09/02/2017  11:21 AM           253,856 203936FB.sys
09/02/2017  11:51 AM           253,856 22C24E1F.sys
09/04/2017  12:20 PM           253,856 32A10098.sys
09/02/2017  11:29 AM           253,856 33953D04.sys
09/02/2017  12:10 PM           253,856 354D5C2A.sys
09/04/2017  10:17 AM           253,856 3A9F2219.sys
09/02/2017  12:07 PM           253,856 3D3A5A6B.sys
03/18/2017  04:56 PM           107,424 3ware.sys
09/02/2017  11:44 AM           253,856 42B248B9.sys
09/03/2017  07:15 PM           253,856 46316FDC.sys
09/05/2017  10:04 PM           194,776 47DE0DBE.sys
09/04/2017  11:30 AM           253,856 4B6059C1.sys
09/03/2017  09:23 PM           253,856 4E21520F.sys
09/03/2017  07:21 PM           253,856 51237474.sys
09/02/2017  12:23 PM           253,856 57B166B7.sys
09/04/2017  11:19 AM           253,856 5E915166.sys
09/04/2017  11:18 AM           253,856 68C75135.sys
09/03/2017  07:21 PM           253,856 6AC974C6.sys
09/04/2017  09:51 AM           253,856 6ED00DEE.sys
09/04/2017  11:28 AM           192,216 6EFD5849.sys
09/02/2017  12:07 PM           253,856 6F615A47.sys
09/02/2017  11:52 AM           253,856 709A4E43.sys
09/04/2017  10:05 AM           253,856 7292190E.sys
09/02/2017  11:54 AM           253,856 72E44FD1.sys
07/28/2017  01:23 AM           723,360 acpi.sys
03/18/2017  04:56 PM            20,480 AcpiDev.sys
03/18/2017  04:56 PM           127,392 acpiex.sys
03/18/2017  04:56 PM            12,800 acpipagr.sys
03/18/2017  04:56 PM            14,848 acpipmi.sys
03/18/2017  04:56 PM            14,336 acpitime.sys
03/18/2017  04:56 PM         1,135,512 adp80xx.sys
03/18/2017  04:57 PM           610,712 afd.sys
03/18/2017  04:58 PM           108,544 agilevpn.sys
03/18/2017  04:57 PM           239,616 ahcache.sys
03/18/2017  04:56 PM           176,640 amdk8.sys
03/18/2017  04:56 PM           172,544 amdppm.sys
03/18/2017  04:56 PM            83,352 amdsata.sys
03/18/2017  04:56 PM           259,488 amdsbs.sys
03/18/2017  04:56 PM            27,040 amdxata.sys
03/18/2017  04:58 PM           184,736 appid.sys
03/18/2017  04:58 PM            17,920 applockerfltr.sys
03/18/2017  10:30 PM           127,904 AppVStrm.sys
03/18/2017  10:30 PM           161,696 AppvVemgr.sys
03/18/2017  10:30 PM           143,776 AppvVfs.sys
03/18/2017  04:56 PM           132,000 arcsas.sys
03/18/2017  04:57 PM            28,672 asyncmac.sys
03/18/2017  04:56 PM            29,088 atapi.sys
03/18/2017  04:56 PM           194,464 ataport.sys
08/31/2017  03:29 PM            78,744 b78ea611549e5e536844b2d8a6096253.sys
03/18/2017  04:56 PM            57,344 BasicDisplay.sys
06/17/2017  03:22 PM            35,840 BasicRender.sys
03/18/2017  04:56 PM            36,256 battc.sys
03/18/2017  04:56 PM             9,728 bcmfn2.sys
03/18/2017  04:57 PM            10,240 beep.sys
03/18/2017  04:56 PM           101,888 bowser.sys
07/28/2017  12:25 AM           115,712 bridge.sys
03/18/2017  04:56 PM            23,552 BtaMPM.sys
03/18/2017  04:56 PM            43,520 BthAvrcpTg.sys
07/28/2017  12:08 AM            97,792 bthhfenum.sys
03/18/2017  04:56 PM            32,256 BthhfHid.sys
03/18/2017  04:56 PM            66,560 bthmodem.sys
03/18/2017  04:56 PM            39,424 buttonconverter.sys
03/18/2017  04:56 PM           533,920 bxvbda.sys
03/18/2017  04:56 PM            53,664 CAD.sys
03/18/2017  04:56 PM           122,880 capimg.sys
03/18/2017  04:57 PM            93,184 cdfs.sys
03/18/2017  04:56 PM           160,256 cdrom.sys
03/18/2017  04:57 PM            77,216 CEA.sys
03/18/2017  04:56 PM           102,816 cht4dx64.sys
03/18/2017  04:56 PM           347,032 cht4sx64.sys
03/18/2017  04:56 PM         2,104,224 cht4vx64.sys
03/18/2017  04:56 PM            49,152 circlass.sys
03/18/2017  04:57 PM           391,584 Classpnp.sys
03/18/2017  04:58 PM            12,288 cldflt.sys
07/31/2017  10:38 PM           382,368 clfs.sys
03/18/2017  04:58 PM           877,472 ClipSp.sys
03/18/2017  04:56 PM            30,208 CmBatt.sys
03/18/2017  04:56 PM            28,064 cmimcext.sys
03/18/2017  04:58 PM           642,688 cng.sys
03/18/2017  04:57 PM            39,840 cnghwassist.sys
03/18/2017  04:57 PM            56,224 condrv.sys
03/18/2017  04:57 PM            86,432 crashdmp.sys
03/18/2017  10:30 PM           559,104 csc.sys
06/17/2017  03:22 PM           112,544 dam.sys
03/18/2017  04:56 PM            45,568 devauthe.sys
03/18/2017  04:57 PM           150,528 dfsc.sys
03/18/2017  04:56 PM           102,816 disk.sys
03/18/2017  04:58 PM            38,816 Diskdump.sys
03/18/2017  04:57 PM            15,360 Dmpusbstor.sys
03/18/2017  04:56 PM            47,104 dmvsc.sys
03/18/2017  04:56 PM            97,280 drmk.sys
03/18/2017  04:56 PM            16,232 drmkaud.sys
03/18/2017  04:57 PM            35,744 Dumpata.sys
03/18/2017  04:59 PM            91,152 dumpfve.sys
06/17/2017  03:22 PM           188,824 dumpsd.sys
03/18/2017  04:58 PM            32,256 dumpsdport.sys
03/18/2017  04:57 PM            25,600 Dumpstorport.sys
07/31/2017  10:32 PM         2,444,704 dxgkrnl.sys
06/17/2017  03:22 PM           409,504 dxgmms1.sys
07/31/2017  10:32 PM           712,600 dxgmms2.sys
12/05/2012  11:02 PM           452,432 e1c63x64.sys
03/18/2017  04:57 PM            88,992 EhStorClass.sys
03/18/2017  04:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  10:31 PM    <DIR>          en-US
03/18/2017  04:56 PM            13,824 errdev.sys
06/17/2017  11:39 AM    <DIR>          etc
03/18/2017  04:56 PM         3,419,040 evbda.sys
03/18/2017  04:57 PM           347,136 exfat.sys
06/17/2017  03:22 PM           363,424 fastfat.sys
03/18/2017  04:56 PM            32,768 fdc.sys
03/18/2017  04:56 PM            54,272 filecrypt.sys
03/18/2017  04:57 PM            86,432 fileinfo.sys
03/18/2017  04:57 PM            36,864 filetrace.sys
03/18/2017  04:56 PM            26,624 flpydisk.sys
03/18/2017  04:57 PM           386,464 fltMgr.sys
03/18/2017  04:56 PM            63,904 fsdepends.sys
03/18/2017  04:57 PM            33,688 fs_rec.sys
07/28/2017  01:15 AM           715,168 fvevol.sys
03/18/2017  04:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  04:56 PM            21,504 genericusbfn.sys
03/18/2017  04:57 PM         3,440,660 gm.dls
03/18/2017  04:57 PM               646 gmreadme.txt
03/18/2017  04:58 PM             8,192 gpuenergydrv.sys
06/20/2017  01:12 AM            86,528 hdaudbus.sys
03/18/2017  04:56 PM           416,256 HdAudio.sys
03/18/2017  04:56 PM            38,296 hidbatt.sys
03/18/2017  04:56 PM           106,496 hidbth.sys
03/18/2017  04:56 PM           180,736 hidclass.sys
03/18/2017  04:56 PM            52,224 hidi2c.sys
03/18/2017  04:56 PM            51,104 hidinterrupt.sys
03/18/2017  04:56 PM            46,592 hidir.sys
03/18/2017  04:56 PM            40,960 hidparse.sys
03/18/2017  04:56 PM            40,960 hidusb.sys
03/18/2017  04:56 PM            64,416 HpSAMD.sys
07/07/2017  03:07 AM         1,106,848 http.sys
03/18/2017  04:57 PM            74,648 hvservice.sys
03/18/2017  04:56 PM           118,688 hvsocket.sys
03/18/2017  04:57 PM            29,600 hwpolicy.sys
03/18/2017  04:56 PM            16,896 hyperkbd.sys
03/18/2017  04:56 PM           115,200 i8042prt.sys
03/18/2017  04:56 PM            33,280 iagpio.sys
03/18/2017  04:56 PM            81,408 iai2c.sys
03/18/2017  04:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  04:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  04:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  04:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  04:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  04:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  04:56 PM           673,184 iaStorAV.sys
03/18/2017  04:56 PM           412,064 iaStorV.sys
03/18/2017  04:56 PM           526,240 ibbus.sys
03/09/2017  02:16 AM         5,382,856 igdkmd64.sys
09/04/2017  12:17 PM            79,064 imofugc.sys
03/18/2017  04:58 PM            36,864 IndirectKmd.sys
09/17/2015  05:42 AM           463,112 IntcDAud.sys
03/18/2017  04:56 PM            19,360 intelide.sys
03/18/2017  04:56 PM            74,840 intelpep.sys
03/18/2017  04:56 PM           193,536 intelppm.sys
03/18/2017  04:57 PM            49,568 iorate.sys
03/18/2017  04:57 PM            87,040 ipfltdrv.sys
03/18/2017  04:56 PM            92,064 IPMIDrv.sys
03/18/2017  04:58 PM           214,528 ipnat.sys
03/18/2017  04:57 PM           120,320 irda.sys
03/18/2017  04:57 PM            19,968 irenum.sys
03/18/2017  04:56 PM            22,944 isapnp.sys
03/18/2017  04:56 PM            64,416 kbdclass.sys
03/18/2017  04:56 PM            40,448 kbdhid.sys
03/18/2017  04:56 PM            23,040 kdnic.sys
03/18/2017  04:58 PM           390,144 ks.sys
03/18/2017  04:57 PM           136,088 ksecdd.sys
03/18/2017  04:58 PM           170,912 ksecpkg.sys
06/17/2017  03:22 PM            27,136 ksthunk.sys
03/18/2017  04:58 PM            66,560 lltdio.sys
03/18/2017  04:56 PM           108,960 lsi_sas.sys
03/18/2017  04:56 PM           123,808 lsi_sas2i.sys
03/18/2017  04:56 PM           103,328 lsi_sas3i.sys
03/18/2017  04:56 PM            82,848 lsi_sss.sys
03/18/2017  04:57 PM           124,928 luafv.sys
03/18/2017  04:56 PM           405,408 mausbhost.sys
03/18/2017  04:56 PM            51,104 mausbip.sys
09/02/2017  11:39 AM            77,376 mbae64.sys
09/05/2017  10:18 PM           109,272 mbamchameleon.sys
09/05/2017  10:18 PM           194,776 MBAMSwissArmy.sys
03/18/2017  04:57 PM            23,552 mcd.sys
03/18/2017  04:56 PM            59,808 megasas.sys
03/18/2017  04:56 PM            64,416 MegaSas2i.sys
03/18/2017  04:56 PM           575,904 megasr.sys
03/18/2017  04:56 PM           842,656 mlx4_bus.sys
03/18/2017  04:57 PM            50,688 mmcss.sys
03/18/2017  04:57 PM            42,496 modem.sys
03/18/2017  04:56 PM            39,424 monitor.sys
03/18/2017  04:56 PM            60,320 mouclass.sys
03/18/2017  04:56 PM            33,280 mouhid.sys
09/05/2017  10:05 PM           113,488 moujnqtx.sys
03/18/2017  04:57 PM           105,880 mountmgr.sys
03/18/2017  04:58 PM            76,800 mpsdrv.sys
03/18/2017  04:57 PM           144,384 mrxdav.sys
03/18/2017  04:57 PM           467,352 mrxsmb.sys
07/07/2017  02:08 AM           285,696 mrxsmb10.sys
07/07/2017  03:12 AM           228,256 mrxsmb20.sys
03/18/2017  04:57 PM            31,744 msfs.sys
07/16/2016  07:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  04:57 PM           169,888 msgpioclx.sys
03/18/2017  04:56 PM            49,056 msgpiowin32.sys
03/18/2017  04:57 PM             8,704 mshidkmdf.sys
03/18/2017  04:57 PM            12,288 mshidumdf.sys
09/05/2017  10:22 PM            81,696 msidntfs.sys
03/18/2017  04:56 PM            19,352 msisadrv.sys
07/28/2017  01:20 AM           279,968 msiscsi.sys
06/20/2017  01:14 AM            32,768 mskssrv.sys
03/18/2017  04:57 PM            83,456 mslldp.sys
03/18/2017  04:58 PM            10,752 mspclock.sys
03/18/2017  04:58 PM            10,752 mspqm.sys
03/18/2017  04:57 PM           367,000 msrpc.sys
03/18/2017  10:31 PM           230,816 mssecflt.sys
03/18/2017  04:56 PM            44,960 mssmbios.sys
03/18/2017  04:58 PM            12,800 mstee.sys
03/18/2017  04:56 PM            16,896 MTConfig.sys
03/18/2017  04:57 PM           123,808 mup.sys
03/18/2017  04:56 PM            63,904 mvumis.sys
03/18/2017  04:56 PM           108,960 ndfltr.sys
06/20/2017  02:08 AM         1,242,528 ndis.sys
03/18/2017  04:57 PM            50,688 ndiscap.sys
03/18/2017  04:57 PM           128,512 NdisImPlatform.sys
03/18/2017  04:58 PM            27,136 ndistapi.sys
03/18/2017  04:58 PM            65,536 ndisuio.sys
03/18/2017  04:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  04:58 PM           192,000 ndiswan.sys
03/18/2017  04:58 PM            62,464 ndproxy.sys
03/18/2017  04:58 PM           127,488 Ndu.sys
03/18/2017  04:57 PM           122,368 NetAdapterCx.sys
03/18/2017  04:57 PM            57,760 netbios.sys
03/18/2017  04:57 PM           305,152 netbt.sys
07/07/2017  03:20 AM           519,584 netio.sys
06/17/2017  03:22 PM           118,784 netvsc.sys
03/18/2017  04:57 PM            69,120 npfs.sys
03/18/2017  04:56 PM            27,136 npsvctrig.sys
03/18/2017  04:57 PM            41,984 nsiproxy.sys
07/28/2017  01:24 AM         2,327,456 ntfs.sys
03/18/2017  04:57 PM            20,376 ntosext.sys
03/18/2017  04:57 PM             7,680 null.sys
03/18/2017  04:56 PM            80,896 nvdimmn.sys
03/18/2017  04:56 PM           150,432 nvraid.sys
03/18/2017  04:56 PM           166,304 nvstor.sys
03/18/2017  04:58 PM           549,888 nwifi.sys
03/18/2017  04:57 PM           152,992 pacer.sys
03/18/2017  04:56 PM            97,792 parport.sys
03/18/2017  04:57 PM           159,648 partmgr.sys
03/18/2017  04:56 PM           353,696 pci.sys
03/18/2017  04:56 PM            16,800 pciide.sys
03/18/2017  04:56 PM            53,656 pciidex.sys
03/18/2017  04:56 PM           120,224 pcmcia.sys
03/18/2017  04:57 PM            52,640 pcw.sys
07/07/2017  03:24 AM           117,664 pdc.sys
03/18/2017  04:58 PM           741,376 PEAuth.sys
03/18/2017  04:56 PM            58,784 percsas2i.sys
03/18/2017  04:56 PM            61,848 percsas3i.sys
03/18/2017  04:56 PM           101,376 pmem.sys
03/18/2017  04:56 PM           373,248 portcls.sys
03/18/2017  04:56 PM           172,032 processr.sys
02/02/2016  08:45 AM            18,456 psi_mf_amd64.sys
03/18/2017  04:57 PM            49,664 qwavedrv.sys
03/18/2017  04:57 PM            17,920 rasacd.sys
03/18/2017  04:58 PM           107,008 rasl2tp.sys
03/18/2017  04:57 PM            81,920 raspppoe.sys
03/18/2017  04:58 PM            97,792 raspptp.sys
03/18/2017  04:58 PM            79,872 rassstp.sys
03/18/2017  04:57 PM           434,080 rdbss.sys
03/18/2017  10:31 PM            27,136 rdpbus.sys
03/18/2017  10:30 PM           183,296 rdpdr.sys
03/18/2017  10:30 PM            30,624 rdpvideominiport.sys
03/18/2017  04:57 PM           282,528 rdyboost.sys
03/18/2017  04:57 PM         1,735,584 refs.sys
03/18/2017  04:57 PM           936,864 refsv1.sys
03/18/2017  04:57 PM            14,336 registry.sys
03/18/2017  04:56 PM            40,960 RfxVmt.sys
03/18/2017  04:57 PM           150,016 rmcast.sys
03/18/2017  04:57 PM            34,816 RNDISMP.sys
06/17/2017  03:22 PM            13,312 rootmdm.sys
03/18/2017  04:58 PM            82,432 rspndr.sys
03/18/2017  04:56 PM           110,496 sbp2port.sys
03/18/2017  04:57 PM            43,520 scfilter.sys
03/18/2017  04:56 PM            91,040 scmbus.sys
03/18/2017  04:57 PM           175,520 scsiport.sys
06/17/2017  03:22 PM           287,648 sdbus.sys
03/18/2017  04:56 PM            31,128 SDFRd.sys
03/18/2017  04:56 PM            98,208 sdport.sys
03/18/2017  04:56 PM            94,624 sdstor.sys
03/18/2017  04:57 PM            75,680 SerCx.sys
03/18/2017  04:57 PM           154,016 SerCx2.sys
03/18/2017  04:56 PM            26,112 serenum.sys
03/18/2017  04:56 PM            84,480 serial.sys
03/18/2017  04:56 PM            28,672 sermouse.sys
03/18/2017  04:56 PM            18,432 sfloppy.sys
03/18/2017  04:56 PM            44,960 sisraid2.sys
03/18/2017  04:56 PM            81,824 sisraid4.sys
03/18/2017  04:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  04:57 PM            21,504 smclib.sys
03/18/2017  04:56 PM           167,328 spacedump.sys
03/18/2017  04:56 PM           587,168 spaceport.sys
03/18/2017  10:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  04:57 PM            80,288 SpbCx.sys
06/17/2017  03:22 PM           414,208 srv.sys
06/17/2017  03:22 PM           722,944 srv2.sys
03/18/2017  04:57 PM           255,488 srvnet.sys
03/18/2017  04:56 PM            31,136 stexstor.sys
06/17/2017  03:22 PM           144,288 storahci.sys
03/18/2017  04:56 PM            95,648 stornvme.sys
06/17/2017  03:22 PM           546,208 storport.sys
03/18/2017  04:58 PM            79,872 storqosflt.sys
03/18/2017  04:56 PM            36,760 storufs.sys
03/18/2017  04:56 PM            36,768 storvsc.sys
03/18/2017  04:57 PM            75,776 stream.sys
03/18/2017  04:56 PM            18,336 swenum.sys
03/18/2017  04:56 PM            64,512 Synth3dVsc.sys
03/18/2017  04:57 PM            31,232 tape.sys
03/18/2017  04:57 PM            28,064 tbs.sys
07/28/2017  01:10 AM         2,679,200 tcpip.sys
03/18/2017  04:57 PM            51,712 tcpipreg.sys
03/18/2017  04:57 PM            40,352 tdi.sys
07/31/2017  10:36 PM           119,712 tdx.sys
10/08/2015  03:16 PM           185,600 TeeDriverW8x64.sys
03/18/2017  10:31 PM            37,280 terminpt.sys
06/17/2017  03:22 PM           130,464 tm.sys
06/17/2017  03:22 PM           219,040 tpm.sys
03/18/2017  04:56 PM            61,440 TsUsbFlt.sys
03/18/2017  04:56 PM            35,328 TsUsbGD.sys
03/18/2017  10:30 PM           125,952 tsusbhub.sys
03/18/2017  04:58 PM           162,304 tunnel.sys
03/18/2017  04:56 PM            78,752 uaspstor.sys
03/18/2017  04:58 PM           104,448 UcmCx.sys
03/18/2017  04:58 PM           179,200 UcmTcpciCx.sys
07/28/2017  12:27 AM            51,712 UcmUcsi.sys
03/18/2017  04:56 PM           213,920 Ucx01000.sys
03/18/2017  04:56 PM            45,568 Udecx.sys
03/18/2017  04:57 PM           324,096 udfs.sys
03/18/2017  04:56 PM            29,600 uefi.sys
03/18/2017  10:31 PM            40,344 UevAgentDriver.sys
03/18/2017  04:58 PM           263,584 ufx01000.sys
03/18/2017  04:56 PM            98,712 UfxChipidea.sys
03/18/2017  04:56 PM           138,656 ufxsynopsys.sys
03/18/2017  04:56 PM            57,856 umbus.sys
09/02/2017  10:44 PM    <DIR>          UMDF
03/18/2017  04:56 PM            14,336 umpass.sys
03/18/2017  04:56 PM            29,600 urschipidea.sys
03/18/2017  04:58 PM            59,288 urscx01000.sys
03/18/2017  04:56 PM            28,064 urssynopsys.sys
03/18/2017  04:57 PM            23,040 usb8023.sys
03/18/2017  04:57 PM            37,888 USBCAMD2.sys
03/18/2017  04:56 PM           173,984 usbccgp.sys
03/18/2017  04:56 PM           103,424 usbcir.sys
03/18/2017  04:56 PM            32,160 usbd.sys
03/18/2017  04:56 PM            98,200 usbehci.sys
03/18/2017  04:56 PM           511,904 usbhub.sys
07/28/2017  01:15 AM           554,400 USBHUB3.SYS
03/18/2017  04:56 PM            30,720 usbohci.sys
03/18/2017  04:56 PM           466,336 usbport.sys
03/18/2017  04:56 PM            27,136 usbprint.sys
03/18/2017  04:56 PM            32,768 usbrpm.sys
03/18/2017  04:56 PM            71,680 usbser.sys
03/18/2017  04:56 PM           131,488 USBSTOR.SYS
03/18/2017  04:56 PM            35,328 usbuhci.sys
06/17/2017  03:22 PM           388,000 USBXHCI.SYS
03/18/2017  04:56 PM            54,176 vdrvroot.sys
03/18/2017  04:57 PM           215,456 VerifierExt.sys
06/17/2017  03:22 PM           730,016 vhdmp.sys
03/18/2017  04:56 PM            35,328 vhf.sys
03/18/2017  04:57 PM            49,664 videoprt.sys
07/31/2017  10:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:44 PM            83,968 vmbkmclr.sys
03/18/2017  04:56 PM           107,424 vmbus.sys
03/18/2017  04:56 PM            25,088 VMBusHID.sys
03/18/2017  04:56 PM            13,824 vmgencounter.sys
03/18/2017  04:56 PM            10,240 vmgid.sys
03/18/2017  04:56 PM             9,216 vms3cap.sys
03/18/2017  04:56 PM            47,520 vmstorfl.sys
03/18/2017  04:56 PM            83,360 volmgr.sys
03/18/2017  04:57 PM           373,664 volmgrx.sys
03/18/2017  04:57 PM           397,216 volsnap.sys
03/18/2017  04:56 PM            16,288 volume.sys
03/18/2017  04:56 PM            74,656 vpci.sys
03/18/2017  04:56 PM           166,816 vsmraid.sys
03/18/2017  04:56 PM           305,568 VSTXRAID.SYS
03/18/2017  04:58 PM            27,136 vwifibus.sys
03/18/2017  04:58 PM            77,312 vwififlt.sys
03/18/2017  04:58 PM            41,472 vwifimp.sys
03/18/2017  04:56 PM            30,720 wacompen.sys
03/18/2017  04:58 PM            81,408 wanarp.sys
03/18/2017  04:57 PM            55,808 watchdog.sys
06/20/2017  02:00 AM           142,752 wcifs.sys
03/18/2017  04:57 PM            72,192 wcnfs.sys
03/18/2017  04:56 PM            44,632 WdBoot.sys
03/18/2017  04:57 PM           902,376 Wdf01000.sys
03/18/2017  04:56 PM           294,816 WdFilter.sys
03/18/2017  04:57 PM            61,672 WdfLdr.sys
06/20/2017  01:07 AM           757,248 WdiWiFi.sys
03/18/2017  04:56 PM           121,248 WdNisDrv.sys
03/18/2017  04:57 PM            46,488 werkernel.sys
03/18/2017  04:57 PM           164,768 wfplwfs.sys
03/18/2017  04:57 PM            35,744 wimmount.sys
03/18/2017  04:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  04:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  04:56 PM            31,648 winhv.sys
03/18/2017  04:57 PM            55,296 winhvr.sys
03/18/2017  04:56 PM            32,160 winmad.sys
03/18/2017  04:58 PM           217,088 winnat.sys
03/18/2017  04:56 PM            90,112 winusb.sys
03/18/2017  04:56 PM            64,920 winverbs.sys
03/18/2017  04:56 PM            18,432 wmiacpi.sys
03/18/2017  04:57 PM            20,384 wmilib.sys
03/18/2017  04:57 PM           208,288 wof.sys
03/18/2017  04:59 PM            30,624 WpdUpFltr.sys
03/18/2017  04:57 PM            33,184 WppRecorder.sys
03/18/2017  04:57 PM            23,552 ws2ifsl.sys
03/18/2017  04:57 PM           100,864 WUDFPf.sys
03/18/2017  04:57 PM           220,672 WUDFRd.sys
06/17/2017  03:22 PM           277,504 xboxgip.sys
03/18/2017  04:56 PM            46,592 xinputhid.sys
             429 File(s)     89,548,829 bytes
               5 Dir(s)  1,801,828,237,312 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 20:01:11 ====


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 06 September 2017 - 07:12 PM

And now for the fun part.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 06 September 2017 - 08:10 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by wjmcc (06-09-2017 21:03:40) Run:2
Running from F:\
Loaded Profiles: wjmcc (Available Profiles: defaultuser0 & wjmcc)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.1733Keygen_20170826
C:\Users\wjmcc\Desktop\AVGInternetSecurity16.131.7924x86x64LicenseKeys_20170623
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.173
C:\Users\wjmcc\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
C:\Users\wjmcc\AppData\Local\imexfrj
C:\Users\wjmcc\AppData\Local\regtool
C:\Users\wjmcc\AppData\Local\winqtqf
C:\Users\wjmcc\AppData\Roaming\et
C:\Users\wjmcc\AppData\Roaming\1RTPmvNX
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\imebqun
C:\WINDOWS\system32\winslvd
C:\WINDOWS\system32\unialim
C:\WINDOWS\system32\lsawern
C:\WINDOWS\system32\uniydcf
C:\WINDOWS\system32\Drivers\msidntfs.sys
C:\Windows\System32\drivers\moujnqtx.sys
C:\WINDOWS\system32\Drivers\b78ea611549e5e536844b2d8a6096253.sys
C:\WINDOWS\SysWOW64\uniydcf
*****************
 
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.1733Keygen_20170826 => moved successfully
C:\Users\wjmcc\Desktop\AVGInternetSecurity16.131.7924x86x64LicenseKeys_20170623 => moved successfully
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.173 => moved successfully
C:\Users\wjmcc\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} => moved successfully
 
"C:\Users\wjmcc\AppData\Local\imexfrj" folder move:
 
Could not move "C:\Users\wjmcc\AppData\Local\imexfrj" => Scheduled to move on reboot.
 
 
"C:\Users\wjmcc\AppData\Local\regtool" folder move:
 
Could not move "C:\Users\wjmcc\AppData\Local\regtool" => Scheduled to move on reboot.
 
 
"C:\Users\wjmcc\AppData\Local\winqtqf" folder move:
 
Could not move "C:\Users\wjmcc\AppData\Local\winqtqf" => Scheduled to move on reboot.
 
C:\Users\wjmcc\AppData\Roaming\et => moved successfully
C:\Users\wjmcc\AppData\Roaming\1RTPmvNX => moved successfully
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\system32\imebqun => moved successfully
C:\WINDOWS\system32\winslvd => moved successfully
C:\WINDOWS\system32\unialim => moved successfully
C:\WINDOWS\system32\lsawern => moved successfully
 
"C:\WINDOWS\system32\uniydcf" folder move:
 
Could not move "C:\WINDOWS\system32\uniydcf" => Scheduled to move on reboot.
 
"C:\WINDOWS\system32\Drivers\msidntfs.sys" => not found.
Could not move "C:\Windows\System32\drivers\moujnqtx.sys" => Scheduled to move on reboot.
C:\WINDOWS\system32\Drivers\b78ea611549e5e536844b2d8a6096253.sys => moved successfully
C:\WINDOWS\SysWOW64\uniydcf => moved successfully


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 06 September 2017 - 08:12 PM

This won't do.
Boot Mode: Safe Mode (minimal)
You really need to be in the Recovery Environment for this fix to go through.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 06 September 2017 - 09:11 PM

Sorry, I had trouble getting to the recovery environment.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by SYSTEM (06-09-2017 21:51:25) Run:3
Running from F:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.1733Keygen_20170826
C:\Users\wjmcc\Desktop\AVGInternetSecurity16.131.7924x86x64LicenseKeys_20170623
C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.173
C:\Users\wjmcc\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
C:\Users\wjmcc\AppData\Local\imexfrj
C:\Users\wjmcc\AppData\Local\regtool
C:\Users\wjmcc\AppData\Local\winqtqf
C:\Users\wjmcc\AppData\Roaming\et
C:\Users\wjmcc\AppData\Roaming\1RTPmvNX
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\imebqun
C:\WINDOWS\system32\winslvd
C:\WINDOWS\system32\unialim
C:\WINDOWS\system32\lsawern
C:\WINDOWS\system32\uniydcf
C:\WINDOWS\system32\Drivers\msidntfs.sys
C:\Windows\System32\drivers\moujnqtx.sys
C:\WINDOWS\system32\Drivers\b78ea611549e5e536844b2d8a6096253.sys
C:\WINDOWS\SysWOW64\uniydcf
*****************
 
"C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.1733Keygen_20170826" => not found.
"C:\Users\wjmcc\Desktop\AVGInternetSecurity16.131.7924x86x64LicenseKeys_20170623" => not found.
"C:\Users\wjmcc\Desktop\MalwarebytesPremium3.1.2.173" => not found.
"C:\Users\wjmcc\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}" => not found.
C:\Users\wjmcc\AppData\Local\imexfrj => moved successfully
C:\Users\wjmcc\AppData\Local\regtool => moved successfully
C:\Users\wjmcc\AppData\Local\winqtqf => moved successfully
"C:\Users\wjmcc\AppData\Roaming\et" => not found.
"C:\Users\wjmcc\AppData\Roaming\1RTPmvNX" => not found.
"C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP" => not found.
"C:\WINDOWS\uninstaller.dat" => not found.
"C:\WINDOWS\system32\imebqun" => not found.
"C:\WINDOWS\system32\winslvd" => not found.
"C:\WINDOWS\system32\unialim" => not found.
"C:\WINDOWS\system32\lsawern" => not found.
C:\WINDOWS\system32\uniydcf => moved successfully
C:\WINDOWS\system32\Drivers\msidntfs.sys => moved successfully
C:\Windows\System32\drivers\moujnqtx.sys => moved successfully
"C:\WINDOWS\system32\Drivers\b78ea611549e5e536844b2d8a6096253.sys" => not found.
"C:\WINDOWS\SysWOW64\uniydcf" => not found.
 
==== End of Fixlog 21:51:44 ====


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 06 September 2017 - 09:14 PM

All good, no worries :) Now, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
And since I'm going to bed, I'll also give you two other set of instructions so when I wake up tomorrow, I'll have all the logs already :)

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted Malwarebytes clean log
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 09 September 2017 - 09:48 AM

Hi wjmccrthy,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 09 September 2017 - 10:10 AM

Thanks for all your help, Everything runs great now.

 

There seems to be only one problem.  Whenever I start the clean up in adwcleaner, it terminates unexpectedly and locks up.



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 09 September 2017 - 01:20 PM

Which version of AdwCleaner are you using?

Also, can you provide me the Malwarebytes and RogueKiller logs so I can review them?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users