Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Macro Malware infected possibility


  • This topic is locked This topic is locked
14 replies to this topic

#1 peabo

peabo

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 27 October 2017 - 05:16 PM

Hello,

Accidentally left clicked suspect email instead of delete.  When composing email to warn (source/family-member) their email contacts were getting infection..... I noticed copy/paste would replicate the infected link and sender in body of email.  I done Malwarebytes scan [negative] Avast-Free scan [negative] and Eset-online scan [negative]......have not looked for any-other issues yet.

 

Thanks,    

 

================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2017
Ran by Nobilis (administrator) on NOBILIS-PC (27-10-2017 17:11:57)
Running from C:\Users\Nobilis\Downloads
Loaded Profiles: Nobilis (Available Profiles: Nobilis)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Failed to access process -> autorun.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-06] (AVAST Software)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7685808 2017-09-23] (Piriform Ltd)
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-09] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-08-26]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35CD6652-B52E-4E0F-AE6A-5197A1D73BB2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{556EA99B-D230-45B7-8A4D-3BAD8D6A9243}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> {172E4B2F-E3FE-4E29-B03D-34736E598788} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
 
FireFox:
========
FF DefaultProfile: w6vnop6i.default-1502563983762
FF ProfilePath: C:\Users\Nobilis\AppData\Roaming\TomTom\HOME\Profiles\v823a77a.default [2015-10-07]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762 [2017-09-19]
FF Extension: (Avast SafePrice) - C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762\Extensions\sp@avast.com.xpi [2017-09-01]
FF Extension: (Avast Online Security) - C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762\Extensions\wrc@avast.com.xpi [2017-09-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.fatwallet.com/forums/hot-deals/
CHR StartupUrls: Default -> "hxxp://www.fatwallet.com/forums/hot-deals/","hxxp://www.fatwallet.com/forums/hot-deals/","hxxp://www.fatwallet.com/forums/hot-deals/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default [2017-10-27]
CHR Extension: (Docs) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (AutoCaptcha for VITacademics) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijomdbdgdgahocoefdnhdkphonpieec [2016-07-05]
CHR Extension: (Google Calendar) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Facebook Disconnect) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Disconnect Search) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2016-09-06]
CHR Extension: (Disconnect) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-06] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Disconnect Desktop Updater; C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-06-23] (Disconnect)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe [103824 2015-07-09] (Wondershare)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34792 2015-08-10] (Google Inc)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255624 2017-10-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-10-06] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-10-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-10-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-10-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-10-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99560 2017-10-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-10-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [783648 2017-10-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [499560 2017-10-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [149824 2017-10-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [297840 2017-10-06] (AVAST Software)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-05-06] (Phoenix Technologies) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-27] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [76800 2007-07-31] (Prolific Technology Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [41432 2015-10-07] (USBPcap)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2013-07-11] (Windows ® Win 7 DDK provider)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-27 17:11 - 2017-10-27 17:13 - 000018600 _____ C:\Users\Nobilis\Downloads\FRST.txt
2017-10-27 17:11 - 2017-10-27 17:11 - 000000000 ____D C:\FRST
2017-10-27 17:10 - 2017-10-27 17:11 - 001799680 _____ (Farbar) C:\Users\Nobilis\Downloads\FRST.exe
2017-10-27 14:59 - 2017-10-27 15:00 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Nobilis\Downloads\esetonlinescanner_enu (1).exe
2017-10-27 13:47 - 2017-10-27 13:52 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-27 13:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-24 11:40 - 2017-10-24 11:40 - 000002591 _____ C:\Users\Public\Desktop\FOSCAM Client.lnk
2017-10-24 11:40 - 2017-10-24 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOSCAM
2017-10-24 11:40 - 2017-10-24 11:40 - 000000000 ____D C:\Program Files\FOSCAM
2017-10-24 10:52 - 2017-10-24 10:52 - 000000000 ____D C:\Users\Nobilis\Desktop\foscam
2017-10-24 10:51 - 2017-10-24 10:51 - 000822582 _____ C:\Users\Nobilis\Downloads\IPCameraTool version 1.0.0.1 - 20131120.zip
2017-10-22 09:08 - 2017-10-22 09:08 - 001812220 _____ C:\Users\Nobilis\Downloads\B4672A BL4690A (14).pdf
2017-10-11 09:23 - 2017-10-11 09:23 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 15:13 - 2017-09-13 11:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 15:13 - 2017-09-13 11:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 15:13 - 2017-09-13 10:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 15:13 - 2017-09-13 10:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 15:13 - 2017-09-13 10:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 15:13 - 2017-09-13 10:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 15:13 - 2017-09-13 10:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 15:13 - 2017-09-13 10:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 15:13 - 2017-09-13 10:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 15:13 - 2017-09-13 10:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 15:13 - 2017-09-08 19:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 15:13 - 2017-09-08 11:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 15:13 - 2017-09-08 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 15:13 - 2017-09-08 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 15:13 - 2017-09-08 11:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 15:13 - 2017-09-08 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 15:13 - 2017-09-08 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 15:13 - 2017-09-08 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 15:13 - 2017-09-08 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 15:13 - 2017-09-08 10:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 15:13 - 2017-09-08 10:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-10 15:13 - 2017-09-08 10:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-10 15:13 - 2017-09-08 10:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-10 15:13 - 2017-09-07 15:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 15:13 - 2017-09-07 15:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 15:13 - 2017-09-07 15:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 15:13 - 2017-09-07 15:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 15:13 - 2017-09-07 15:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 15:13 - 2017-09-07 15:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 15:13 - 2017-09-07 15:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 15:13 - 2017-09-07 15:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 15:13 - 2017-09-07 15:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 15:13 - 2017-09-07 15:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 15:13 - 2017-09-07 15:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 15:13 - 2017-09-07 14:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 15:13 - 2017-09-07 14:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 15:13 - 2017-09-07 14:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 15:13 - 2017-09-07 14:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 15:13 - 2017-09-07 14:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 15:13 - 2017-09-07 14:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 15:13 - 2017-09-07 14:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 15:13 - 2017-09-07 14:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 15:13 - 2017-09-07 14:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 15:13 - 2017-09-07 14:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 15:13 - 2017-09-07 14:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 15:13 - 2017-09-07 14:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 15:13 - 2017-09-07 14:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 15:13 - 2017-09-07 14:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 15:13 - 2017-09-07 14:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 15:13 - 2017-09-07 14:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 15:13 - 2017-09-07 14:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 15:13 - 2017-09-07 14:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 15:13 - 2017-09-07 14:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 15:13 - 2017-09-07 13:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 15:13 - 2017-09-07 13:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 15:13 - 2017-09-07 11:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 15:13 - 2017-09-07 10:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 15:13 - 2017-09-07 10:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 15:13 - 2017-09-07 10:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 15:13 - 2017-08-19 11:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 15:13 - 2017-08-19 11:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 15:13 - 2017-08-19 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 15:13 - 2017-08-19 10:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 15:13 - 2017-08-19 10:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 15:13 - 2017-08-14 13:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 15:13 - 2017-08-14 13:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 15:13 - 2017-08-13 17:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-10 10:16 - 2017-10-10 10:16 - 000129246 _____ C:\Users\Nobilis\Downloads\DataPortability (4).txt
2017-10-06 17:18 - 2017-10-06 17:18 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-03 10:30 - 2017-10-03 10:30 - 000000000 ____D C:\Users\Nobilis\Desktop\Albums
2017-10-03 09:46 - 2011-03-01 11:48 - 072483840 _____ C:\Users\Nobilis\Desktop\days.avi
2017-10-02 10:01 - 2017-10-03 10:24 - 000000000 ____D C:\Users\Nobilis\Desktop\octmuz
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-27 13:47 - 2014-05-22 07:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-27 13:47 - 2014-05-22 07:32 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-10-27 13:19 - 2009-07-14 00:34 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-27 13:19 - 2009-07-14 00:34 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-27 13:05 - 2014-05-05 15:36 - 000783648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-10-24 11:37 - 2015-10-17 19:51 - 000000000 ____D C:\Program Files\Foscam Web Components
2017-10-20 12:28 - 2014-04-04 15:04 - 000783360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-20 12:28 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2017-10-20 12:23 - 2016-11-27 11:27 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2017-10-20 12:23 - 2014-05-05 18:53 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-20 12:23 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-11 10:22 - 2009-07-14 00:33 - 000290024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-11 09:27 - 2014-05-05 16:28 - 000000000 ____D C:\Windows\system32\MRT
2017-10-11 09:27 - 2009-07-13 22:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-11 09:23 - 2014-05-05 16:28 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-06 17:18 - 2017-02-08 17:51 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000255624 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000499560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000297840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000149824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-06 17:18 - 2014-05-05 15:35 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-06 16:51 - 2014-12-06 16:05 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-03 10:19 - 2016-07-12 09:37 - 000000000 ____D C:\Users\Nobilis\Desktop\julywnku
2017-10-03 10:19 - 2016-05-24 08:09 - 000000000 ____D C:\Users\Nobilis\Desktop\wnkumay
2017-10-02 10:03 - 2014-05-17 22:21 - 000000000 ____D C:\Users\Nobilis\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2015-01-22 12:09 - 2015-01-22 14:50 - 000000151 _____ () C:\Users\Nobilis\AppData\Roaming\LCD Clock GM4JJJ Preferences
2016-12-07 11:06 - 2016-12-07 14:03 - 000000600 _____ () C:\Users\Nobilis\AppData\Roaming\winscp.rnd
2016-12-07 11:26 - 2016-12-07 14:07 - 000000600 _____ () C:\Users\Nobilis\AppData\Local\PUTTY.RND
2014-07-09 14:33 - 2014-07-09 14:35 - 000007632 _____ () C:\Users\Nobilis\AppData\Local\Resmon.ResmonCfg
2014-10-22 10:40 - 2014-10-22 10:40 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-02-28 10:24
 
==================== End of FRST.txt ============================
 
 
========================================================================================================================================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Nobilis (27-10-2017 17:14:17)
Running from C:\Users\Nobilis\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-04 19:23:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2849364299-572647716-3909375877-500 - Administrator - Disabled)
Guest (S-1-5-21-2849364299-572647716-3909375877-501 - Limited - Disabled)
Nobilis (S-1-5-21-2849364299-572647716-3909375877-1000 - Administrator - Enabled) => C:\Users\Nobilis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{859D40CF-8491-44AD-8FA8-7389CB418C64}) (Version: 1.1.0 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
CHIRP (HKLM\...\CHIRP) (Version:  - )
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Disconnect Desktop (HKLM\...\{5339EADE-2D0C-4F66-95CE-0502F8DE2BEF}) (Version: 2.0.5 - Disconnect) Hidden
Disconnect Desktop (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
EaseUS MobiSaver for Android version 4.1 (HKLM\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.1 - CHENGDU YIWO Tech Development Co., Ltd.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FOSCAM Client (HKLM\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
FreeSCAN  (HKLM\...\FreeSCAN) (Version:  - Sixspot Software)
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GRE Firmware Tool (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\{fd312160-4144-4743-9d15-3f77457edcdb}) (Version: 0.0.0.1 - LinuxSheeple)
GRECOM PSR-800 EZ Scan Digital PC Application (HKLM\...\EZ Scan Digital) (Version: 1.09 - GRE America, Inc.)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2015 (HKLM\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.6101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2016 (HKLM\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.5901 - HRB Technology, LLC.)
H&R Block Ohio 2014 (HKLM\...\{1A27E7E3-CB9E-4EB9-87E0-6AEE0B070E98}) (Version: 1.14.5601 - HRB Technology, LLC.)
H&R Block Ohio 2015 (HKLM\...\{8D65B63F-A203-4529-AF6F-D04A83FB8729}) (Version: 1.15.7801 - HRB Technology, LLC.)
H&R Block Ohio 2016 (HKLM\...\{DF0742D0-A6D2-4B9D-84EB-E1565895C7FC}) (Version: 1.16.7001 - HRB Technology, LLC.)
HD Tactical Camera Video Editor version 1.0 (HKLM\...\{8A53E27B-3537-4F20-AEA2-45F07389355B}_is1) (Version: 1.0 - Jakks Pacific, Inc.)
HDSDR 2.75 (HKLM\...\{DB200CBD-9E3E-4C72-B711-B46D6817BC51}_is1) (Version:  - DG0JBJ)
HomePatrol Sentinel (HKLM\...\{C116BAF3-DC8A-4C85-BEA1-745DFDD57FD2}) (Version: 2.03.05 - Uniden)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6497 - Mozilla)
Mozilla Thunderbird 56.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nova for Windows (HKLM\...\{6CAE95DB-5D4E-11D4-8E9C-00E0292C9FA3}) (Version: 2.1 - Northern Lights Software Associates)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57723}) (Version: 4.0.17 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version:  - )
PeaZip 5.3.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PuTTY release 0.67 (HKLM\...\PuTTY_is1) (Version: 0.67 - Simon Tatham)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Republic Anywhere (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\republicanywhere) (Version: 1.0.1 - Republic Wireless, Inc.)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unitrunker (HKLM\...\{516B58F3-E46C-4FC9-AF3E-6CC0354A976A}) (Version: 15.08.04 - Unitrunker.com)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Virtual Radar 2.4.0 (HKLM\...\Virtual Radar_is1) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Whistler EZ-Scan Digital Handheld Scanner PC Application (HKLM\...\Whistler WS1080) (Version: 2.17 - Whistler Group, Inc.)
Wi-Fi Analytics Tool (HKLM\...\{41A6B30E-330B-4B56-9054-8F3D22B857E5}) (Version: 2.1.5 - AmpedWireless)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.9.3 (HKLM\...\winscp3_is1) (Version: 5.9.3 - Martin Prikryl)
Wireshark 2.2.3 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Dr.Fone for Android(Build 5.3.3.23) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.3.3.23 - Wondershare Software Co.,Ltd.)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D3A0312-6895-4847-AA11-EC9A28C10DD3} - System32\Tasks\{85AD86FD-2D60-469B-A2D0-749F4BF41AB8} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Downloads\chirp-0.4.1-installer.exe -d C:\Users\Nobilis\Downloads
Task: {20BEB946-FFE0-453B-9380-AB966286C5F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2236928C-0DD5-4629-82D1-61C42DD583E0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {23ABE2DA-1F9B-48A7-8FF3-77D397A0A443} - System32\Tasks\SafeZone scheduled Autoupdate 1458684949 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {3611FE2E-CAF1-4561-8E7B-460B03424345} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {3D9CDC5F-211F-4CEB-936D-1C59410C0D4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {515F388D-4F18-41D4-A698-31FB317800C2} - System32\Tasks\Disconnect Desktop Updater => C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-06-23] (Disconnect)
Task: {5A574FCA-89EB-475C-9A91-29150ECC9AF4} - System32\Tasks\{6E12158D-0858-4370-AB32-28FC9433898F} => C:\Program Files\Northern Lights Software Associates\Nova for Windows\NfW32.exe [2013-08-19] (Northern Lights Software Associates)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5DAA2054-A9DC-45AC-9F56-B3C4CBC72A69} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5FD82A97-8BFA-4E0D-9401-7746FABB9572} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab056fd6faa3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {66B972E1-FB5F-47F5-B574-9998D753AF9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-21] (Adobe Systems Incorporated)
Task: {77820E45-3ECC-43D6-9919-3466847306EB} - System32\Tasks\{D6B420B6-4C95-4B64-A83A-D3601A4F335F} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Desktop\plugin\PluginsSetup.exe -d C:\Users\Nobilis\Desktop\plugin
Task: {8D583A57-EDDD-4C58-B67C-0C682A41CFF3} - System32\Tasks\Unblock-us => C:\Users\Nobilis\Downloads\unblock-us.exe [2016-01-02] ()
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9C6FED56-477C-446A-9E0A-7ABCDDE902C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-23] (Piriform Ltd)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A39CD48D-8D2F-476E-8039-7DFF2EF37408} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab05713641a7 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CDA1247F-D401-41E2-B8D8-6F32D146ABBA} - System32\Tasks\{6AF207EF-211D-4E3A-8D75-7FCCFCB94690} => C:\Program Files\Northern Lights Software Associates\Nova for Windows\NfW32.exe [2013-08-19] (Northern Lights Software Associates)
Task: {CED0B96A-E31F-444B-BA27-16731A5F93D6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-06] (AVAST Software)
Task: {D0F0A990-85F7-4284-AF14-A9C0175856D6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {DD782197-40C6-4D85-8814-D7C36E75F3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E106F1A2-58D8-4BDA-A6EC-59107382D5F3} - System32\Tasks\{E08A12E5-F7F8-47B0-8F31-2C3AECF168BB} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Downloads\chirp-daily-20150118-installer.exe -d C:\Users\Nobilis\Downloads
Task: {F152D968-1F82-40D3-9A09-F209D00913AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-06 17:18 - 2017-10-06 17:18 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-20 07:53 - 2017-10-20 07:53 - 005882040 _____ () C:\Program Files\AVAST Software\Avast\defs\17102002\algo.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-27 13:05 - 2017-10-27 13:05 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17102702\algo.dll
2015-03-09 12:30 - 2015-03-09 12:30 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 002793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2015-08-29 12:41 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2017-07-10 11:55 - 2017-07-10 11:55 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-03 10:42 - 2015-02-10 15:08 - 000069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-10-03 10:42 - 2015-02-18 14:11 - 000112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 000560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 000077664 _____ () C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2017-08-24 08:10 - 2017-08-24 08:10 - 023854576 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 14:10 - 2016-12-23 14:10 - 000323152 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-07-31 18:31 - 2017-07-31 18:31 - 072940016 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2017-09-21 20:45 - 2017-09-21 00:57 - 003011928 _____ () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-21 20:45 - 2017-09-21 00:57 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-27 13:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-27 13:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AD768A7E [120]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2015-12-15 21:21 - 000000021 __RSH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nobilis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Nobilis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DAF5BC8C-94F3-4515-961D-7E78EC6D9A1C}] => (Allow) svchost.exe
FirewallRules: [{2E0ECAA3-1AC2-44E8-9F9F-97AF3E2EF530}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1744C4AA-EB72-4E2C-83CF-C1741225683F}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{80C32DE0-279B-483E-AA17-817963CD4F02}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ADDDB7DC-3781-4358-B8C8-21CC703367AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BAD4E617-E1E2-41F6-923F-BC263DED94BB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7C0C5733-E3E1-460D-AB0A-2325C3D852E3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3172E0FA-674E-4332-8E0B-4EC80D9E0EBF}] => (Allow) C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{8BEF5830-84E5-4B65-A40F-E252B0BCB8EB}] => (Allow) C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{D0A53C53-9241-4302-9BA5-DF86E0855032}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3532E249-6AA7-47D6-B191-757DEEE3D3A0}] => (Allow) LPort=2869
FirewallRules: [{DD8A6108-1383-4002-892F-76077E000FB0}] => (Allow) LPort=1900
FirewallRules: [{828B4DE3-F1B5-40B3-89F0-52C79FB47CCE}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D65B61EC-89E9-4575-9278-0666E53D5041}C:\program files\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{85AECFD9-35DE-4AC4-B33E-904D1C65056B}C:\program files\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [{0D1D1048-C740-4B81-BDC0-935BE29E4EEF}] => (Block) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [{9AA1CB9B-B152-49AA-AA19-E5300DAAA5E4}] => (Block) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [TCP Query User{F171203C-B9B6-40E7-B312-57F3941B430A}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{8F49D871-3978-457B-898B-648B69F37745}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{2FE30C68-5D21-4039-9269-13B90EC1331E}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{3084922A-B5CD-432E-8AEC-60121B2BCDC2}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{A01CA43E-C161-47B4-837E-F6AC090EF84E}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe
FirewallRules: [UDP Query User{9D52D886-EDEB-4F0C-982E-2F63A25906E9}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe
FirewallRules: [TCP Query User{539926B5-76D8-494E-A256-CF544EBFC77A}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{DD5ED58C-44E2-4BE4-BE32-71952C09CF39}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{346A0C81-CB69-402F-87A6-232323CAA9DF}C:\program files\foscam\foscam client\foscam\hi3507exe.exe] => (Allow) C:\program files\foscam\foscam client\foscam\hi3507exe.exe
FirewallRules: [UDP Query User{7B404157-6C76-4188-BC68-8D1C1996A556}C:\program files\foscam\foscam client\foscam\hi3507exe.exe] => (Allow) C:\program files\foscam\foscam client\foscam\hi3507exe.exe
FirewallRules: [{D7089125-713B-49D3-B1E8-810501CC67A6}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{10522770-0E68-4935-B010-98EB4B9BE14B}C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe
FirewallRules: [UDP Query User{80CE86D8-0126-4F61-945A-56356F031CB9}C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe
FirewallRules: [TCP Query User{A00B8B9F-F3E1-4433-91EE-531E4C621965}C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe
FirewallRules: [UDP Query User{878022AC-C778-4D51-9858-BCEBC3A3A5D7}C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe
FirewallRules: [{CEE56B70-BCE8-450E-BCDE-22087920B756}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9D5254C1-9583-49C6-8A77-A0F63D91A8D7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{BC6526ED-EAF1-450B-B289-10E10CEA8103}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{1721B869-1E49-4D04-AC98-9F88BCE435E3}C:\users\nobilis\desktop\foscam\ipcamera.exe] => (Allow) C:\users\nobilis\desktop\foscam\ipcamera.exe
FirewallRules: [UDP Query User{B67C512C-FD33-42F8-9E27-998EA14ABFE6}C:\users\nobilis\desktop\foscam\ipcamera.exe] => (Allow) C:\users\nobilis\desktop\foscam\ipcamera.exe
FirewallRules: [TCP Query User{1CD6D07A-20EF-49AD-B613-46F54907EB6C}D:\03_ip camera search tool\for windows os\equipment search tool.exe] => (Allow) D:\03_ip camera search tool\for windows os\equipment search tool.exe
FirewallRules: [UDP Query User{D39391FE-8E06-487D-9B96-036700D90D38}D:\03_ip camera search tool\for windows os\equipment search tool.exe] => (Allow) D:\03_ip camera search tool\for windows os\equipment search tool.exe
 
==================== Restore Points =========================
 
02-06-2017 07:52:39 Windows Update
17-07-2017 16:52:34 Windows Update
27-08-2017 12:23:25 Windows Update
10-09-2017 11:28:22 paint.net 4.0.17
18-09-2017 09:52:00 Windows Update
11-10-2017 09:22:26 Windows Update
24-10-2017 11:35:43 Removed FOSCAM Client
24-10-2017 11:40:11 Installed FOSCAM Client
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2017 01:10:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/27/2017 01:05:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d1e
Exception code: 0xe0434352
Fault offset: 0x0000845d
Faulting process id: 0x17ac
Faulting application start time: 0x01d34f45b62a60bb
Faulting application path: C:\Program Files\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 012d7bc4-bb39-11e7-aac6-7071bc181ecf
 
Error: (10/27/2017 01:05:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
 
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
 
Error: (10/27/2017 01:04:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/27/2017 01:04:29 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/10/27 13:04:29.731]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (10/24/2017 08:13:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/10/24 20:13:30.368]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (10/24/2017 07:00:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/10/24 19:00:51.736]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (10/24/2017 05:18:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/10/24 17:18:26.716]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (10/24/2017 01:53:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: autorun.exe_unknown, version: 0.0.0.0, time stamp: 0x52044ca7
Faulting module name: autorun.exe, version: 0.0.0.0, time stamp: 0x52044ca7
Exception code: 0xc0000005
Fault offset: 0x000058a2
Faulting process id: 0x840
Faulting application start time: 0x01d34cdc00c4b22f
Faulting application path: D:\autorun.exe
Faulting module path: D:\autorun.exe
Report Id: 2dc6f77d-b8e4-11e7-aac6-7071bc181ecf
 
Error: (10/24/2017 01:51:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/10/24 13:51:21.634]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
 
System errors:
=============
Error: (10/20/2017 02:04:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/20/2017 12:24:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (10/20/2017 12:24:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (10/20/2017 12:23:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:21:33 PM on ‎10/‎20/‎2017 was unexpected.
 
Error: (10/19/2017 02:59:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/19/2017 02:59:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/15/2017 07:51:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/15/2017 04:24:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/11/2017 11:15:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR7.
 
Error: (10/11/2017 11:15:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR7.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-10 16:08:50.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 16:08:50.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 07:28:45.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 07:28:45.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-09 19:39:10.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-09 19:39:10.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 14:01:03.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 14:01:03.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 74%
Total physical RAM: 3004.51 MB
Available physical RAM: 759.59 MB
Total Virtual: 6007.34 MB
Available Virtual: 2657.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:759.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 32A6C25F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 01 November 2017 - 05:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/661292 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 01 November 2017 - 06:51 PM

Hello,
 
Additional info:  (1).I do not have setup disk, it's on D:/ partition (2). I have not sent any emails or rebooted computer since issue on the 27th.  (3). Haven't experienced anything unusual since first occurrence, have only browsed  (4) I did delete the suspect email.
 
Thanks    
 

 

Accidentally left clicked suspect email instead of delete.  When composing email to warn (source/family-member) their email contacts were getting infection..... I noticed copy/paste would replicate the infected link and sender in body of email.  I done Malwarebytes scan [negative] Avast-Free scan [negative] and Eset-online scan [negative]......have not looked for any-other issues yet.

 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017 (ATTENTION: ====> FRSTversion is 304 days old and could be outdated)
Ran by Nobilis (administrator) on NOBILIS-PC (01-11-2017 19:31:37)
Running from C:\Users\Nobilis\Desktop
Loaded Profiles: Nobilis (Available Profiles: Nobilis)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Failed to access process -> autorun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-06] (AVAST Software)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-09] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-08-26]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35CD6652-B52E-4E0F-AE6A-5197A1D73BB2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{556EA99B-D230-45B7-8A4D-3BAD8D6A9243}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> {172E4B2F-E3FE-4E29-B03D-34736E598788} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
 
FireFox:
========
FF DefaultProfile: w6vnop6i.default-1502563983762
FF ProfilePath: C:\Users\Nobilis\AppData\Roaming\TomTom\HOME\Profiles\v823a77a.default [2015-10-07]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762 [2017-11-01]
FF Extension: (Avast SafePrice) - C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762\Extensions\sp@avast.com.xpi [2017-09-01]
FF Extension: (Avast Online Security) - C:\Users\Nobilis\AppData\Roaming\Mozilla\Firefox\Profiles\w6vnop6i.default-1502563983762\Extensions\wrc@avast.com.xpi [2017-09-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.fatwallet.com/forums/hot-deals/
CHR StartupUrls: Default -> "hxxp://www.fatwallet.com/forums/hot-deals/","hxxp://www.fatwallet.com/forums/hot-deals/","hxxp://www.fatwallet.com/forums/hot-deals/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Docs) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (AutoCaptcha for VITacademics) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijomdbdgdgahocoefdnhdkphonpieec [2016-07-05]
CHR Extension: (Google Calendar) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Facebook Disconnect) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Disconnect Search) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2016-09-06]
CHR Extension: (Disconnect) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Nobilis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-06] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Disconnect Desktop Updater; C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-06-23] (Disconnect)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe [103824 2015-07-09] (Wondershare)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34792 2015-08-10] (Google Inc)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255624 2017-10-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-10-06] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-10-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-10-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-10-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-10-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99560 2017-10-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-10-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [783648 2017-10-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [499560 2017-10-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [149824 2017-10-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [297840 2017-10-06] (AVAST Software)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-05-06] (Phoenix Technologies) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-11-01] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [76800 2007-07-31] (Prolific Technology Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [41432 2015-10-07] (USBPcap)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2013-07-11] (Windows ® Win 7 DDK provider)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-01 19:29 - 2017-11-01 19:32 - 000018365 _____ C:\Users\Nobilis\Desktop\FRST.txt
2017-11-01 19:26 - 2017-11-01 19:26 - 000000000 ____D C:\Users\Nobilis\Desktop\FRST-OlderVersion
2017-11-01 12:29 - 2017-11-01 19:29 - 000000000 ____D C:\Users\Nobilis\Desktop\New folder (5)
2017-10-29 16:20 - 2017-10-29 16:21 - 013649318 _____ C:\Users\Nobilis\Downloads\Hesston-5500-Round-Baler-OPT.pdf
2017-10-29 11:59 - 2017-10-29 11:59 - 001812220 _____ C:\Users\Nobilis\Downloads\B4672A BL4690A (15).pdf
2017-10-29 11:33 - 2017-10-29 11:34 - 004108712 _____ C:\Users\Nobilis\Downloads\L4400DT.pdf
2017-10-28 08:34 - 2017-10-28 08:34 - 000000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-10-28 08:34 - 2017-10-28 08:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-10-28 08:34 - 2017-10-28 08:34 - 000000000 ____D C:\Program Files\CCleaner
2017-10-28 08:33 - 2017-10-28 08:34 - 010427120 _____ (Piriform Ltd) C:\Users\Nobilis\Downloads\ccsetup536.exe
2017-10-27 23:14 - 2017-10-27 23:14 - 000050916 _____ C:\Users\Nobilis\Desktop\Your order has been shipped..eml
2017-10-27 23:09 - 2017-10-27 23:09 - 000050916 _____ C:\Users\Nobilis\Desktop\2-Your order has been shipped..eml
2017-10-27 23:08 - 2017-10-27 23:08 - 000059227 _____ C:\Users\Nobilis\Desktop\Thank you! Your order's been placed..eml
2017-10-27 22:08 - 2017-10-27 22:08 - 000000000 ____D C:\Users\Nobilis\AppData\Local\FSDART
2017-10-27 22:07 - 2017-10-27 22:16 - 000000000 ____D C:\ProgramData\F-Secure
2017-10-27 22:07 - 2017-10-27 22:07 - 000524248 _____ (F-Secure Corporation) C:\Users\Nobilis\Downloads\F-SecureOnlineScanner.exe
2017-10-27 22:07 - 2017-10-27 22:07 - 000000000 ____D C:\Users\Nobilis\AppData\Local\F-Secure
2017-10-27 18:31 - 2017-10-27 18:31 - 000000000 ____D C:\Users\Nobilis\Desktop\New folder (4)
2017-10-27 17:44 - 2017-11-01 19:29 - 000040150 _____ C:\Users\Nobilis\Desktop\Addition.txt
2017-10-27 17:14 - 2017-10-27 17:14 - 000042043 _____ C:\Users\Nobilis\Downloads\Addition.txt
2017-10-27 17:11 - 2017-11-01 19:31 - 000000000 ____D C:\FRST
2017-10-27 17:11 - 2017-10-27 17:14 - 000039250 _____ C:\Users\Nobilis\Downloads\FRST.txt
2017-10-27 17:10 - 2017-11-01 19:26 - 001799680 _____ (Farbar) C:\Users\Nobilis\Desktop\FRST.exe
2017-10-27 14:59 - 2017-10-27 15:00 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Nobilis\Downloads\esetonlinescanner_enu (1).exe
2017-10-27 13:47 - 2017-11-01 18:11 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-27 13:47 - 2017-10-27 13:47 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-27 13:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-24 11:40 - 2017-10-24 11:40 - 000002591 _____ C:\Users\Public\Desktop\FOSCAM Client.lnk
2017-10-24 11:40 - 2017-10-24 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOSCAM
2017-10-24 11:40 - 2017-10-24 11:40 - 000000000 ____D C:\Program Files\FOSCAM
2017-10-24 10:52 - 2017-10-24 10:52 - 000000000 ____D C:\Users\Nobilis\Desktop\foscam
2017-10-24 10:51 - 2017-10-24 10:51 - 000822582 _____ C:\Users\Nobilis\Downloads\IPCameraTool version 1.0.0.1 - 20131120.zip
2017-10-22 09:08 - 2017-10-22 09:08 - 001812220 _____ C:\Users\Nobilis\Downloads\B4672A BL4690A (14).pdf
2017-10-11 09:23 - 2017-10-11 09:23 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 15:13 - 2017-09-13 11:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 15:13 - 2017-09-13 11:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 15:13 - 2017-09-13 11:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 15:13 - 2017-09-13 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 15:13 - 2017-09-13 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 15:13 - 2017-09-13 10:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 15:13 - 2017-09-13 10:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 15:13 - 2017-09-13 10:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 15:13 - 2017-09-13 10:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 15:13 - 2017-09-13 10:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 15:13 - 2017-09-13 10:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 15:13 - 2017-09-13 10:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 15:13 - 2017-09-13 10:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 15:13 - 2017-09-13 10:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 15:13 - 2017-09-13 10:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 15:13 - 2017-09-08 19:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 15:13 - 2017-09-08 11:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 15:13 - 2017-09-08 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 15:13 - 2017-09-08 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 15:13 - 2017-09-08 11:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 15:13 - 2017-09-08 11:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 15:13 - 2017-09-08 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 15:13 - 2017-09-08 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 15:13 - 2017-09-08 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 15:13 - 2017-09-08 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 15:13 - 2017-09-08 10:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 15:13 - 2017-09-08 10:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-10 15:13 - 2017-09-08 10:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-10 15:13 - 2017-09-08 10:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-10 15:13 - 2017-09-07 15:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 15:13 - 2017-09-07 15:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 15:13 - 2017-09-07 15:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 15:13 - 2017-09-07 15:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 15:13 - 2017-09-07 15:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 15:13 - 2017-09-07 15:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 15:13 - 2017-09-07 15:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 15:13 - 2017-09-07 15:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 15:13 - 2017-09-07 15:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 15:13 - 2017-09-07 15:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 15:13 - 2017-09-07 15:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 15:13 - 2017-09-07 14:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 15:13 - 2017-09-07 14:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 15:13 - 2017-09-07 14:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 15:13 - 2017-09-07 14:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 15:13 - 2017-09-07 14:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 15:13 - 2017-09-07 14:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 15:13 - 2017-09-07 14:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 15:13 - 2017-09-07 14:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 15:13 - 2017-09-07 14:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 15:13 - 2017-09-07 14:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 15:13 - 2017-09-07 14:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 15:13 - 2017-09-07 14:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 15:13 - 2017-09-07 14:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 15:13 - 2017-09-07 14:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 15:13 - 2017-09-07 14:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 15:13 - 2017-09-07 14:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 15:13 - 2017-09-07 14:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 15:13 - 2017-09-07 14:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 15:13 - 2017-09-07 14:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 15:13 - 2017-09-07 14:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 15:13 - 2017-09-07 13:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 15:13 - 2017-09-07 13:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 15:13 - 2017-09-07 11:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 15:13 - 2017-09-07 10:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 15:13 - 2017-09-07 10:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 15:13 - 2017-09-07 10:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 15:13 - 2017-08-19 11:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 15:13 - 2017-08-19 11:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 15:13 - 2017-08-19 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 15:13 - 2017-08-19 10:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 15:13 - 2017-08-19 10:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 15:13 - 2017-08-14 13:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 15:13 - 2017-08-14 13:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 15:13 - 2017-08-13 17:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-10 10:16 - 2017-10-10 10:16 - 000129246 _____ C:\Users\Nobilis\Downloads\DataPortability (4).txt
2017-10-06 17:18 - 2017-10-06 17:18 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-03 10:30 - 2017-10-03 10:30 - 000000000 ____D C:\Users\Nobilis\Desktop\Albums
2017-10-03 09:46 - 2011-03-01 11:48 - 072483840 _____ C:\Users\Nobilis\Desktop\days.avi
2017-10-02 10:01 - 2017-10-03 10:24 - 000000000 ____D C:\Users\Nobilis\Desktop\octmuz
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-01 07:21 - 2009-07-14 00:34 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-01 07:21 - 2009-07-14 00:34 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-30 22:48 - 2014-05-05 15:30 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-30 22:48 - 2014-05-05 15:30 - 000002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-30 14:59 - 2014-04-04 15:04 - 000783360 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-30 14:59 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2017-10-27 13:47 - 2014-05-22 07:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-27 13:47 - 2014-05-22 07:32 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-10-27 13:05 - 2014-05-05 15:36 - 000783648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-10-24 11:37 - 2015-10-17 19:51 - 000000000 ____D C:\Program Files\Foscam Web Components
2017-10-20 12:23 - 2016-11-27 11:27 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2017-10-20 12:23 - 2014-05-05 18:53 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-20 12:23 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-11 10:22 - 2009-07-14 00:33 - 000290024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-11 09:27 - 2014-05-05 16:28 - 000000000 ____D C:\Windows\system32\MRT
2017-10-11 09:27 - 2009-07-13 22:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-11 09:23 - 2014-05-05 16:28 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-06 17:18 - 2017-02-08 17:51 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000255624 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-10-06 17:18 - 2017-02-08 17:51 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000499560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000297840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000149824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-06 17:18 - 2014-05-05 15:36 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-06 17:18 - 2014-05-05 15:35 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-06 16:51 - 2014-12-06 16:05 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-03 10:19 - 2016-07-12 09:37 - 000000000 ____D C:\Users\Nobilis\Desktop\julywnku
2017-10-03 10:19 - 2016-05-24 08:09 - 000000000 ____D C:\Users\Nobilis\Desktop\wnkumay
2017-10-02 10:03 - 2014-05-17 22:21 - 000000000 ____D C:\Users\Nobilis\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2015-01-22 12:09 - 2015-01-22 14:50 - 000000151 _____ () C:\Users\Nobilis\AppData\Roaming\LCD Clock GM4JJJ Preferences
2016-12-07 11:06 - 2016-12-07 14:03 - 000000600 _____ () C:\Users\Nobilis\AppData\Roaming\winscp.rnd
2016-12-07 11:26 - 2016-12-07 14:07 - 000000600 _____ () C:\Users\Nobilis\AppData\Local\PUTTY.RND
2014-07-09 14:33 - 2014-07-09 14:35 - 000007632 _____ () C:\Users\Nobilis\AppData\Local\Resmon.ResmonCfg
2014-10-22 10:40 - 2014-10-22 10:40 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-02-28 10:24
 
==================== End of FRST.txt ============================
 

 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Nobilis (01-11-2017 19:32:25)
Running from C:\Users\Nobilis\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-04 19:23:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2849364299-572647716-3909375877-500 - Administrator - Disabled)
Guest (S-1-5-21-2849364299-572647716-3909375877-501 - Limited - Disabled)
Nobilis (S-1-5-21-2849364299-572647716-3909375877-1000 - Administrator - Enabled) => C:\Users\Nobilis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{859D40CF-8491-44AD-8FA8-7389CB418C64}) (Version: 1.1.0 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (HKLM\...\{E64F69D8-38FE-48B8-95AB-CC676FA636F1}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CHIRP (HKLM\...\CHIRP) (Version:  - )
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Disconnect Desktop (HKLM\...\{5339EADE-2D0C-4F66-95CE-0502F8DE2BEF}) (Version: 2.0.5 - Disconnect) Hidden
Disconnect Desktop (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
EaseUS MobiSaver for Android version 4.1 (HKLM\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.1 - CHENGDU YIWO Tech Development Co., Ltd.)
Elevated Installer (HKLM\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FOSCAM Client (HKLM\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
FreeSCAN  (HKLM\...\FreeSCAN) (Version:  - Sixspot Software)
Garmin Express (HKLM\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.75 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GRE Firmware Tool (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\{fd312160-4144-4743-9d15-3f77457edcdb}) (Version: 0.0.0.1 - LinuxSheeple)
GRECOM PSR-800 EZ Scan Digital PC Application (HKLM\...\EZ Scan Digital) (Version: 1.09 - GRE America, Inc.)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2015 (HKLM\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.6101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2016 (HKLM\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.5901 - HRB Technology, LLC.)
H&R Block Ohio 2014 (HKLM\...\{1A27E7E3-CB9E-4EB9-87E0-6AEE0B070E98}) (Version: 1.14.5601 - HRB Technology, LLC.)
H&R Block Ohio 2015 (HKLM\...\{8D65B63F-A203-4529-AF6F-D04A83FB8729}) (Version: 1.15.7801 - HRB Technology, LLC.)
H&R Block Ohio 2016 (HKLM\...\{DF0742D0-A6D2-4B9D-84EB-E1565895C7FC}) (Version: 1.16.7001 - HRB Technology, LLC.)
HD Tactical Camera Video Editor version 1.0 (HKLM\...\{8A53E27B-3537-4F20-AEA2-45F07389355B}_is1) (Version: 1.0 - Jakks Pacific, Inc.)
HDSDR 2.75 (HKLM\...\{DB200CBD-9E3E-4C72-B711-B46D6817BC51}_is1) (Version:  - DG0JBJ)
HomePatrol Sentinel (HKLM\...\{C116BAF3-DC8A-4C85-BEA1-745DFDD57FD2}) (Version: 2.03.05 - Uniden)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6497 - Mozilla)
Mozilla Thunderbird 56.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nova for Windows (HKLM\...\{6CAE95DB-5D4E-11D4-8E9C-00E0292C9FA3}) (Version: 2.1 - Northern Lights Software Associates)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57723}) (Version: 4.0.17 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version:  - )
PeaZip 5.3.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PuTTY release 0.67 (HKLM\...\PuTTY_is1) (Version: 0.67 - Simon Tatham)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Republic Anywhere (HKU\S-1-5-21-2849364299-572647716-3909375877-1000\...\republicanywhere) (Version: 1.0.1 - Republic Wireless, Inc.)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unitrunker (HKLM\...\{516B58F3-E46C-4FC9-AF3E-6CC0354A976A}) (Version: 15.08.04 - Unitrunker.com)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Virtual Radar 2.4.0 (HKLM\...\Virtual Radar_is1) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Whistler EZ-Scan Digital Handheld Scanner PC Application (HKLM\...\Whistler WS1080) (Version: 2.17 - Whistler Group, Inc.)
Wi-Fi Analytics Tool (HKLM\...\{41A6B30E-330B-4B56-9054-8F3D22B857E5}) (Version: 2.1.5 - AmpedWireless)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.9.3 (HKLM\...\winscp3_is1) (Version: 5.9.3 - Martin Prikryl)
Wireshark 2.2.3 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Dr.Fone for Android(Build 5.3.3.23) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.3.3.23 - Wondershare Software Co.,Ltd.)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2849364299-572647716-3909375877-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nobilis\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-06] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D3A0312-6895-4847-AA11-EC9A28C10DD3} - System32\Tasks\{85AD86FD-2D60-469B-A2D0-749F4BF41AB8} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Downloads\chirp-0.4.1-installer.exe -d C:\Users\Nobilis\Downloads
Task: {20BEB946-FFE0-453B-9380-AB966286C5F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2236928C-0DD5-4629-82D1-61C42DD583E0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {23ABE2DA-1F9B-48A7-8FF3-77D397A0A443} - System32\Tasks\SafeZone scheduled Autoupdate 1458684949 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {3611FE2E-CAF1-4561-8E7B-460B03424345} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {3D9CDC5F-211F-4CEB-936D-1C59410C0D4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {508C484B-D6C3-4D78-ABDC-CB8442CF9DE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {515F388D-4F18-41D4-A698-31FB317800C2} - System32\Tasks\Disconnect Desktop Updater => C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-06-23] (Disconnect)
Task: {5A574FCA-89EB-475C-9A91-29150ECC9AF4} - System32\Tasks\{6E12158D-0858-4370-AB32-28FC9433898F} => C:\Program Files\Northern Lights Software Associates\Nova for Windows\NfW32.exe [2013-08-19] (Northern Lights Software Associates)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5DAA2054-A9DC-45AC-9F56-B3C4CBC72A69} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5FD82A97-8BFA-4E0D-9401-7746FABB9572} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab056fd6faa3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {66B972E1-FB5F-47F5-B574-9998D753AF9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-21] (Adobe Systems Incorporated)
Task: {77820E45-3ECC-43D6-9919-3466847306EB} - System32\Tasks\{D6B420B6-4C95-4B64-A83A-D3601A4F335F} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Desktop\plugin\PluginsSetup.exe -d C:\Users\Nobilis\Desktop\plugin
Task: {8D583A57-EDDD-4C58-B67C-0C682A41CFF3} - System32\Tasks\Unblock-us => C:\Users\Nobilis\Downloads\unblock-us.exe [2016-01-02] ()
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A39CD48D-8D2F-476E-8039-7DFF2EF37408} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab05713641a7 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CDA1247F-D401-41E2-B8D8-6F32D146ABBA} - System32\Tasks\{6AF207EF-211D-4E3A-8D75-7FCCFCB94690} => C:\Program Files\Northern Lights Software Associates\Nova for Windows\NfW32.exe [2013-08-19] (Northern Lights Software Associates)
Task: {CED0B96A-E31F-444B-BA27-16731A5F93D6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-06] (AVAST Software)
Task: {D0F0A990-85F7-4284-AF14-A9C0175856D6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {DD782197-40C6-4D85-8814-D7C36E75F3B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E106F1A2-58D8-4BDA-A6EC-59107382D5F3} - System32\Tasks\{E08A12E5-F7F8-47B0-8F31-2C3AECF168BB} => C:\Windows\system32\pcalua.exe -a C:\Users\Nobilis\Downloads\chirp-daily-20150118-installer.exe -d C:\Users\Nobilis\Downloads
Task: {E17346FE-5719-4742-8CAA-6FB888F47070} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {F152D968-1F82-40D3-9A09-F209D00913AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-06 17:18 - 2017-10-06 17:18 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-20 07:53 - 2017-10-20 07:53 - 005882040 _____ () C:\Program Files\AVAST Software\Avast\defs\17102002\algo.dll
2017-10-06 17:18 - 2017-10-06 17:18 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-01 15:03 - 2017-11-01 15:03 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110104\algo.dll
2015-03-09 12:30 - 2015-03-09 12:30 - 000036864 _____ () C:\Windows\System32\pdf995mon.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 002793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2015-08-29 12:41 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2017-07-10 11:55 - 2017-07-10 11:55 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-03 10:42 - 2015-02-10 15:08 - 000069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-10-03 10:42 - 2015-02-18 14:11 - 000112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 000560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 000077664 _____ () C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2017-10-27 13:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-27 13:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-21 20:45 - 2017-09-21 00:57 - 003011928 _____ () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-21 20:45 - 2017-09-21 00:57 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\61.0.3163.100\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AD768A7E [120]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2015-12-15 21:21 - 000000021 __RSH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nobilis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Nobilis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DAF5BC8C-94F3-4515-961D-7E78EC6D9A1C}] => (Allow) svchost.exe
FirewallRules: [{2E0ECAA3-1AC2-44E8-9F9F-97AF3E2EF530}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1744C4AA-EB72-4E2C-83CF-C1741225683F}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{80C32DE0-279B-483E-AA17-817963CD4F02}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ADDDB7DC-3781-4358-B8C8-21CC703367AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BAD4E617-E1E2-41F6-923F-BC263DED94BB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7C0C5733-E3E1-460D-AB0A-2325C3D852E3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3172E0FA-674E-4332-8E0B-4EC80D9E0EBF}] => (Allow) C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{8BEF5830-84E5-4B65-A40F-E252B0BCB8EB}] => (Allow) C:\Users\Nobilis\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{D0A53C53-9241-4302-9BA5-DF86E0855032}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3532E249-6AA7-47D6-B191-757DEEE3D3A0}] => (Allow) LPort=2869
FirewallRules: [{DD8A6108-1383-4002-892F-76077E000FB0}] => (Allow) LPort=1900
FirewallRules: [{828B4DE3-F1B5-40B3-89F0-52C79FB47CCE}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{D65B61EC-89E9-4575-9278-0666E53D5041}C:\program files\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{85AECFD9-35DE-4AC4-B33E-904D1C65056B}C:\program files\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [{0D1D1048-C740-4B81-BDC0-935BE29E4EEF}] => (Block) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [{9AA1CB9B-B152-49AA-AA19-E5300DAAA5E4}] => (Block) C:\program files\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [TCP Query User{F171203C-B9B6-40E7-B312-57F3941B430A}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{8F49D871-3978-457B-898B-648B69F37745}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{2FE30C68-5D21-4039-9269-13B90EC1331E}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{3084922A-B5CD-432E-8AEC-60121B2BCDC2}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{A01CA43E-C161-47B4-837E-F6AC090EF84E}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe
FirewallRules: [UDP Query User{9D52D886-EDEB-4F0C-982E-2F63A25906E9}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe
FirewallRules: [TCP Query User{539926B5-76D8-494E-A256-CF544EBFC77A}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{DD5ED58C-44E2-4BE4-BE32-71952C09CF39}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{346A0C81-CB69-402F-87A6-232323CAA9DF}C:\program files\foscam\foscam client\foscam\hi3507exe.exe] => (Allow) C:\program files\foscam\foscam client\foscam\hi3507exe.exe
FirewallRules: [UDP Query User{7B404157-6C76-4188-BC68-8D1C1996A556}C:\program files\foscam\foscam client\foscam\hi3507exe.exe] => (Allow) C:\program files\foscam\foscam client\foscam\hi3507exe.exe
FirewallRules: [{D7089125-713B-49D3-B1E8-810501CC67A6}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{10522770-0E68-4935-B010-98EB4B9BE14B}C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe
FirewallRules: [UDP Query User{80CE86D8-0126-4F61-945A-56356F031CB9}C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\rtl1090.exe
FirewallRules: [TCP Query User{A00B8B9F-F3E1-4433-91EE-531E4C621965}C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe
FirewallRules: [UDP Query User{878022AC-C778-4D51-9858-BCEBC3A3A5D7}C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe] => (Block) C:\users\nobilis\desktop\scanner dongle\rtl1090\dump1090.exe
FirewallRules: [{9D5254C1-9583-49C6-8A77-A0F63D91A8D7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{BC6526ED-EAF1-450B-B289-10E10CEA8103}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{1721B869-1E49-4D04-AC98-9F88BCE435E3}C:\users\nobilis\desktop\foscam\ipcamera.exe] => (Allow) C:\users\nobilis\desktop\foscam\ipcamera.exe
FirewallRules: [UDP Query User{B67C512C-FD33-42F8-9E27-998EA14ABFE6}C:\users\nobilis\desktop\foscam\ipcamera.exe] => (Allow) C:\users\nobilis\desktop\foscam\ipcamera.exe
FirewallRules: [TCP Query User{1CD6D07A-20EF-49AD-B613-46F54907EB6C}D:\03_ip camera search tool\for windows os\equipment search tool.exe] => (Allow) D:\03_ip camera search tool\for windows os\equipment search tool.exe
FirewallRules: [UDP Query User{D39391FE-8E06-487D-9B96-036700D90D38}D:\03_ip camera search tool\for windows os\equipment search tool.exe] => (Allow) D:\03_ip camera search tool\for windows os\equipment search tool.exe
FirewallRules: [{BEFEA836-15CD-4720-8F5F-A384F76DF5B6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-06-2017 07:52:39 Windows Update
17-07-2017 16:52:34 Windows Update
27-08-2017 12:23:25 Windows Update
10-09-2017 11:28:22 paint.net 4.0.17
18-09-2017 09:52:00 Windows Update
11-10-2017 09:22:26 Windows Update
24-10-2017 11:35:43 Removed FOSCAM Client
24-10-2017 11:40:11 Installed FOSCAM Client
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/01/2017 07:05:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 19:05:49.875]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 07:05:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 19:05:48.875]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 07:05:47 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 19:05:47.818]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 06:48:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 18:48:37.946]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:34 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:34.618]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:33 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:33.618]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:32.618]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:31 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:31.618]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:30.618]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
Error: (11/01/2017 05:06:29 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2017/11/01 17:06:29.572]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
 
 
System errors:
=============
Error: (10/31/2017 07:31:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (10/31/2017 03:01:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
 
Error: (10/31/2017 01:16:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (10/28/2017 07:27:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (10/28/2017 08:34:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (10/28/2017 08:34:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/27/2017 10:05:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (10/20/2017 02:04:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/20/2017 12:24:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (10/20/2017 12:24:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-10 16:08:50.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 16:08:50.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 07:28:45.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 07:28:45.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-09 19:39:10.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-09 19:39:10.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 14:01:03.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 14:01:03.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 59%
Total physical RAM: 3004.51 MB
Available physical RAM: 1204.08 MB
Total Virtual: 6007.34 MB
Available Virtual: 2428.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:758.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 32A6C25F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 


#4 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 02 November 2017 - 09:55 AM

Just noticed new issue with "FRST"....my original 10/27/2017 post show FRST ver. 26/10/2017 in both FRST.txt and Addition.txt.  When running new FRST request yesterday, it showed new update available- I updated.  Now i'm seeing outdated FRST [01/01.2017] in the .txt logs.  Fresh FRST download produces same outdated logs...01/01/2017



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 03 November 2017 - 08:22 AM

Greetings peabo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There was a glitch in FRST that has since been fixed.

Do you recognize these folders on your Desktop?

C:\Users\Nobilis\Desktop\octmuz
C:\Users\Nobilis\Desktop\julywnku
C:\Users\Nobilis\Desktop\wnkuma


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
Toolbar: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" 
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
AlternateDataStreams: C:\ProgramData\TEMP:AD768A7E [120]
cmd: gpresult /v
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
SearchAll: autorun.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize folders?
  • Fixlog
  • Search log
  • AdwCleaner log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 03 November 2017 - 11:10 AM

Thanks for response,
 
*****The three folders you asked about contain .mp3's ....yes i know them.
 
 
 
*****Didn't produce "Search .txt" document
 
 
 
 
  • Copy/paste the following in the Search: box
SearchAll: autorun.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
 
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
 
 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Nobilis (03-11-2017 11:43:54) Run:1
Running from C:\Users\Nobilis\Desktop
Loaded Profiles: Nobilis (Available Profiles: Nobilis)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Toolbar: HKU\S-1-5-21-2849364299-572647716-3909375877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" 
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
AlternateDataStreams: C:\ProgramData\TEMP:AD768A7E [120]
cmd: gpresult /v
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2849364299-572647716-3909375877-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully.
HKLM\Software\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully.
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\rpcapd => key removed successfully.
rpcapd => service removed successfully.
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected
C:\ProgramData\TEMP => ":AD768A7E" ADS removed successfully..
 
========= gpresult /v =========
 
 
Microsoft ® Windows ® Operating System Group Policy Result tool v2.0
Copyright © Microsoft Corp. 1981-2001
 
Created On 11/3/2017 at 11:45:30 AM
 
 
 
RSOP data for Nobilis-PC\Nobilis on NOBILIS-PC : Logging Mode
--------------------------------------------------------------
 
OS Configuration:            Standalone Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\Nobilis
Connected over a slow link?: No
 
 
COMPUTER SETTINGS
------------------
    
    Last time Group Policy was applied: 11/3/2017 at 11:10:32 AM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        NOBILIS-PC
    Domain Type:                        <Local Computer>
 
    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
 
    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users
        System Mandatory Level
        
    Resultant Set Of Policies for Computer
    ---------------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Startup Scripts
        ---------------
            N/A
 
        Shutdown Scripts
        ----------------
            N/A
 
        Account Policies
        ----------------
            N/A
 
        Audit Policy
        ------------
            N/A
 
        User Rights
        -----------
            N/A
 
        Security Options
        ----------------
            N/A
 
            N/A
 
        Event Log Settings
        ------------------
            N/A
 
        Restricted Groups
        -----------------
            N/A
 
        System Services
        ---------------
            N/A
 
        Registry Settings
        -----------------
            N/A
 
        File System Settings
        --------------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                KeyName:     Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore
                Value:       1, 0, 0, 0
                State:       Enabled
 
 
USER SETTINGS
--------------
    
    Last time Group Policy was applied: 11/3/2017 at 11:10:32 AM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        Nobilis-PC
    Domain Type:                        <Local Computer>
    
    Applied Group Policy Objects
    -----------------------------
        N/A
 
    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)
 
    The user is a part of the following security groups
    ---------------------------------------------------
        None
        Everyone
        Local account and member of Administrators group
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        Local account
        LOCAL
        NTLM Authentication
        High Mandatory Level
        
    The user has the following security privileges
    ----------------------------------------------
 
        Bypass traverse checking
        Manage auditing and security log
        Back up files and directories
        Restore files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Debug programs
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Increase a process working set
 
    Resultant Set Of Policies for User
    -----------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Logon Scripts
        -------------
            N/A
 
        Logoff Scripts
        --------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            N/A
 
        Folder Redirection
        ------------------
            N/A
 
        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A
 
        Internet Explorer Connection
        ----------------------------
            N/A
 
        Internet Explorer URLs
        ----------------------
            N/A
 
        Internet Explorer Security
        --------------------------
            N/A
 
        Internet Explorer Programs
        --------------------------
            N/A
 
========= End of CMD: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-11-2017 11:49:04)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected
 
==== End of Fixlog 11:49:04 ====


#7 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 03 November 2017 - 11:12 AM

Sorry Gary,  forgot to include name... Pat



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 03 November 2017 - 11:52 AM

Hi Pat.

Thank you for the information. When you ran the last FRST scan did you happen to have an external drive/USB attached to your computer?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
Virustotal: D:\autorun.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Drive attached?
  • Fixlog
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 03 November 2017 - 05:29 PM

No external drive was connected,  however I have one that I do backups at times.
 
=================================================================================================  
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Nobilis (03-11-2017 13:42:29) Run:2
Running from C:\Users\Nobilis\Desktop
Loaded Profiles: Nobilis (Available Profiles: Nobilis)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Virustotal: D:\autorun.exe
 
*****************
 
VirusTotal: D:\autorun.exe => not found
 
 
 
 
=================================================================================================
Eset results
 
 
C:\Users\Nobilis\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup527.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup528.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup530 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup530.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup531.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup532.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup534.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\ccsetup536.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Nobilis\Downloads\Unconfirmed 291878.crdownload Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
==============================================================================================================================================================
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 27th October, 2017
Running from:C:\Users\Nobilis\Desktop (18:16:59 - 11/03/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X86 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.130) ==> is out of Date
CCleaner (5.36)
Google Chrome (62.0.3202.75)
Java (8.0.1440.1)
Malwarebytes (3.2.2.2029)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (55.0.3) ==> is out of Date
Mozilla Thunderbird (56.0)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported
 
***----------------Analysis Complete-------------------------***
 
======================================================================================================================================================
 
Computer seems ok, I haven't accessed any sites that require a password or sent any emails...was holding off till I was comfortable knowing nothing was hiding out.
 
 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 03 November 2017 - 08:17 PM

Thank you.

You can use your computer normally to test the performance. While you do that, please complete these updates.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click on the FlashPlayer icon on your Desktop and allow the installer to run
  • When completed click Finish
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Updates successful?
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 03 November 2017 - 10:10 PM

Hi Gary

 

Done the two updates and did notice a improvement in which programs are opening a little quicker.  I sent a couple emails with no adverse effects [GREAT]........feeling a lot better now.   Also learned, i need to be a little more attentive with the updates and scans.  Been several years that i've had any issues but remembered "BleepingComputers" save me a couple times before.  I anymore logs are needed let me know.  Thank you for you time and help and definitely will put BleepingComputers at the top of my bookmarks for reference :bananas:

 

Thank you, Pat



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 04 November 2017 - 07:30 AM

Thanks Pat, glad things are working well. We are always here to help.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 04 November 2017 - 11:24 AM

Gary,

 

Again, Thank you very much.............one last question, Chrome or Firefox?  I need to lose one :bounce:

 

Pat



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 04 November 2017 - 02:43 PM

That is a personal decision. I know a lot of people who use Chrome (like my wife) but personally I am more familiar with Firefox so I stick with that. The only time I use Chrome is when I need to test it for a topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 05 November 2017 - 08:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users