Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan on external drive ?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Moody123

Moody123

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 20 November 2017 - 07:39 PM

I'll start off by saying I am not an advanced PC user and appreciate any help given.

 

About one week ago I was trying to download/install "JDownloader" onto my external hard drive from this site http://jdownloader.org/ and after downloading I scanned the folder for any malware and my AV said it looked okay. I proceeded to open and try to install the program but before it fully installed I got a popup from my AV saying I had been infected by "Trojan.Win32.Generic!BT" My AV supposedly quarantined it and I deleted it off my laptop. Since I cancelled the installation of "JDownloader" before it "fully" installed I thought I might be okay and I was until I restarted my laptop. I went to unlock and open my external HD and saw that about 97% of my files were gone and simply opening my external slowed/froze File Explorer. I thought the files were deleted but my computer said I had the same amount of space used and space available on my external as before. I downloaded "Wondershare Data Recovery" and it also showed that my files were still there. It also showed JDownloader.exe inside. I searched for "jdownloader" in "This PC" and I got a result. I opened the folder (not smart, I know) and tried to right click to try and delete all the files inside but I got a popup from my computer saying "opening these files could be harmful to your computer" so I highlighted all the files and hit delete on my keyboard then went into the recycle bin and deleted them there. Files were still hidden on my external. So now I'm lost as to what to do as I've scanned my computer and external HD with multiple AV programs including Avast, ESET Online Scanner, and Malwarebytes (Malwarebytes did find one threat and I quarantined and deleted but problem still there) and they're unable to detect anything wrong. I've looked online for answers and tried different solutions but nothing seems to work and as of now File Explorer still freezes and lags when I open my external and my files are still hidden.

 

Sorry for the block of text and thank you in advance.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 25 November 2017 - 07:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663385 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 November 2017 - 09:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by TheGreaterThanClub (administrator) on TGTCPC (25-11-2017 19:08:35)
Running from C:\Users\TheGreaterThanClub\Desktop
Loaded Profiles: TheGreaterThanClub (Available Profiles: TheGreaterThanClub & EPC & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\TheGreaterThanClub\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Discord Inc.) C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\Discord.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\WebProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Discord Inc.) C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-09] (AVAST Software)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3000288 2015-07-30] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [Spotify Web Helper] => C:\Users\TheGreaterThanClub\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-11] (Spotify Ltd)
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [Discord] => C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\MountPoints2: {eec0e2dd-481d-11e7-9d44-3085a9014350} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-18]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-06-09]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{496ef140-78c6-45a7-b466-4b384792bcd6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{7c42d20c-07c1-4bd3-95a1-0c85586e4373}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8d2540e8-2dbb-4fc3-81fe-db29b27f98f9}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{a6593a6c-fc96-4e95-a17e-35499585cb18}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> DefaultScope {F282EE08-110F-4CD8-A1C8-EE56E9907C7C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US885D20121225&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> {F282EE08-110F-4CD8-A1C8-EE56E9907C7C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US885D20121225&p={searchTerms}
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2015-07-30] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2015-07-30] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2015-07-30] ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2015-07-30] ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2015-07-30] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2015-07-30] ()

FireFox:
========
FF ProfilePath: C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699 [2017-11-25]
FF Homepage: Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699 -> about:newtab
FF Extension: (Disconnect) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\2.0@disconnect.me.xpi [2017-04-03]
FF Extension: (Adguard AdBlocker) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\adguardadblocker@adguard.com.xpi [2017-10-17]
FF Extension: (Ant Video downloader) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\anttoolbar@ant.com.xpi [2017-11-23]
FF Extension: (BetterTTV) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\firefox@betterttv.net.xpi [2017-07-07]
FF Extension: (Ghostery) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\firefox@ghostery.com.xpi [2017-10-31]
FF Extension: (MEGA) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\firefox@mega.co.nz.xpi [2017-11-23]
FF Extension: (Open Image In New Tab) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\imagetab@next.gen.nz.xpi [2016-05-16] [Lagacy]
FF Extension: (Dark YouTube Theme) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-08-26]
FF Extension: (Location Guard) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2017-11-15]
FF Extension: (FrankerFaceZ) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2016-05-16] [Lagacy]
FF Extension: (Speed Tweaks (SpeedyFox)) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\jid1-wZqm19rJzRkZUA@jetpack.xpi [2017-08-15] [Lagacy]
FF Extension: (DuckDuckGo Plus) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-11-22]
FF Extension: (uBlock Origin) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (uMatrix) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\uMatrix@raymondhill.net.xpi [2017-11-23]
FF Extension: (FlashGot) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02] [Lagacy]
FF Extension: (Stylish - Custom themes for any website) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-11-11]
FF Extension: (EPUBReader) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-02]
FF Extension: (NoScript) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-23]
FF Extension: (FT DeepDark) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-14] [Lagacy]
FF Extension: (Google Reverse Image Search) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2017-11-18]
FF Extension: (RightToClick) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-05-16] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Disable Anti-Adblock) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2016-06-10] [Lagacy]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\features\{9889506c-6a07-4735-ae81-64e690f15a2a}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-23] [Lagacy]
FF SearchPlugin: C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla\Firefox\Profiles\nsg4iqg5.default-1463457199699\searchplugins\yahoo-avast.xml [2017-07-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3814981608-96153672-1869020453-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TheGreaterThanClub\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Extension: (BetterTTV) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-23]
CHR Extension: (Destiny Item Manager Shortcut) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2017-11-23]
CHR Extension: (YouTube) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Slinky Elegant) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-04-15]
CHR Extension: (Chrome IG Story) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-10-12]
CHR Extension: (uBlock Origin) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-23]
CHR Extension: (Google Search) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28]
CHR Extension: (Twitch 5) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\knankefoajngclnjgnelanfohgihifpc [2017-11-23]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-07-26]
CHR Extension: (Ant.com addon) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [2017-11-23]
CHR Extension: (Incognito Tab Switch) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofeampmlffjabmpdebckhpmcjkcjkahi [2014-06-17]
CHR Extension: (Gmail) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\TheGreaterThanClub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-09] (AVAST Software)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [4298032 2015-07-30] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [212448 2015-07-30] (ThreatTrack Security Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R3 WebProxy; C:\Program Files (x86)\VIPRE\WebProxy.exe [6339552 2015-07-30] (ThreatTrack Security Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-02] (Windscribe Limited)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-09] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-09] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-09] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-09] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-09] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-09] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-15] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-09] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-09] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-10-14] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-16] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-18] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-18] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-21] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [90464 2015-07-30] (ThreatTrack Security Inc.)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [63696 2015-07-30] (ThreatTrack Security)
R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [345392 2015-07-30] (ThreatTrack Security)
R3 sbwtis; C:\WINDOWS\system32\DRIVERS\sbwtis.sys [95608 2015-07-30] (ThreatTrack Security)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-10-14] (Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [44680 2015-07-30] (ThreatTrack Security Inc.)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-25 19:08 - 2017-11-25 19:10 - 000031748 _____ C:\Users\TheGreaterThanClub\Desktop\FRST.txt
2017-11-25 19:06 - 2017-11-25 19:08 - 000000000 ____D C:\FRST
2017-11-25 19:04 - 2017-11-25 19:04 - 002393088 _____ (Farbar) C:\Users\TheGreaterThanClub\Desktop\FRST64.exe
2017-11-23 19:05 - 2017-11-23 19:06 - 000287228 _____ C:\WINDOWS\Minidump\112317-25859-01.dmp
2017-11-23 19:05 - 2017-11-23 19:05 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-22 05:10 - 2017-11-22 05:10 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-20 17:22 - 2017-11-20 17:22 - 000001323 _____ C:\Users\TheGreaterThanClub\Documents\malwarebytes123.txt
2017-11-20 02:50 - 2017-11-20 02:50 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\ESET
2017-11-16 15:34 - 2017-11-21 01:24 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-16 15:34 - 2017-11-18 18:19 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-16 15:34 - 2017-11-18 18:19 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-16 15:34 - 2017-11-18 18:19 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-16 15:34 - 2017-11-16 15:34 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-16 15:34 - 2017-11-16 15:34 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-16 15:34 - 2017-11-16 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-16 15:34 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-16 15:33 - 2017-11-16 15:33 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-16 15:33 - 2017-11-16 15:33 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-16 03:00 - 2017-11-16 03:00 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\Wondershare
2017-11-16 02:59 - 2017-11-16 02:59 - 000001299 _____ C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2017-11-16 02:59 - 2017-11-16 02:59 - 000000000 ____D C:\ProgramData\Wondershare
2017-11-16 02:59 - 2017-11-16 02:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-11-16 02:59 - 2017-11-16 02:59 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-11-16 02:58 - 2017-11-16 03:00 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2017-11-15 05:32 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 05:32 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 05:32 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 05:32 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 05:32 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 05:32 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 05:31 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 05:31 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 05:31 - 2017-11-01 21:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 05:31 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 05:31 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 05:31 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 05:31 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 05:31 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 05:31 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 05:31 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 05:31 - 2017-11-01 21:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 05:31 - 2017-11-01 21:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 05:31 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 05:31 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 05:31 - 2017-11-01 21:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 05:31 - 2017-11-01 21:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 05:31 - 2017-11-01 21:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 05:31 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 05:31 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 05:31 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 05:31 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 05:31 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 05:31 - 2017-11-01 21:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 05:31 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 05:31 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 05:31 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 05:31 - 2017-11-01 21:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 05:31 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 05:31 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 05:31 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 05:31 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 05:31 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 05:31 - 2017-11-01 21:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 05:31 - 2017-11-01 21:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 05:31 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 05:31 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 05:31 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 05:31 - 2017-11-01 21:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 05:31 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 05:31 - 2017-11-01 21:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 05:31 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 05:31 - 2017-10-15 08:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 05:31 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 05:31 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 05:31 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 05:31 - 2017-10-15 07:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 05:31 - 2017-10-15 07:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 05:31 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 05:31 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 05:31 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 05:31 - 2017-10-15 07:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 05:31 - 2017-10-15 07:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 05:30 - 2017-11-01 22:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 05:30 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 05:30 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 05:30 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 05:30 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 05:30 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 05:23 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 05:23 - 2017-11-01 22:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 05:23 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 05:23 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 05:23 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 05:23 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 05:23 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 05:23 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 05:23 - 2017-10-15 07:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 05:22 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 05:22 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 05:22 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 05:22 - 2017-11-01 21:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 05:22 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 05:22 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 05:22 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 05:22 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 05:22 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 05:22 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 05:22 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 05:22 - 2017-11-01 21:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 05:22 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 05:22 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 05:22 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 05:22 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 05:22 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 05:22 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 05:22 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 05:22 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 05:22 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 05:22 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 05:22 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 05:22 - 2017-11-01 21:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 05:22 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 05:22 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 05:22 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 05:22 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 05:22 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 05:22 - 2017-10-15 07:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 05:22 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 05:21 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 05:21 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 05:21 - 2017-11-01 22:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 05:21 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 05:21 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 05:21 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 05:21 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 05:21 - 2017-11-01 21:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 05:21 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 05:21 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 05:21 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 05:21 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 05:21 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 05:21 - 2017-11-01 21:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 05:21 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 05:21 - 2017-11-01 21:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 05:21 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 05:21 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 05:21 - 2017-11-01 21:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 05:21 - 2017-11-01 21:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 05:21 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 05:21 - 2017-10-15 07:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 05:21 - 2017-10-15 07:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 05:21 - 2017-10-15 07:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 05:21 - 2017-10-15 07:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 05:20 - 2017-11-01 22:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 05:20 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 05:20 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 05:20 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 05:20 - 2017-11-01 22:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 05:20 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 05:20 - 2017-11-01 22:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 05:20 - 2017-11-01 21:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 05:20 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 05:20 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 05:20 - 2017-11-01 21:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 05:20 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 05:20 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 05:20 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 05:20 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 05:20 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 05:20 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 05:20 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 05:20 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 05:20 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 05:19 - 2017-11-01 22:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 05:19 - 2017-11-01 22:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 05:19 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 05:19 - 2017-11-01 22:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 05:19 - 2017-11-01 22:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 05:19 - 2017-11-01 22:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 05:19 - 2017-11-01 22:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 05:19 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 05:19 - 2017-11-01 22:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 05:19 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 05:19 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 05:19 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 05:19 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 05:19 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 05:19 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 05:19 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 05:19 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 05:19 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 05:19 - 2017-11-01 21:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 05:19 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 05:19 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 05:19 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 05:19 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 05:19 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 05:19 - 2017-11-01 21:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 05:19 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 05:19 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 05:19 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 05:19 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 05:19 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 05:19 - 2017-11-01 21:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 05:19 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 05:19 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 05:19 - 2017-11-01 21:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 05:19 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 05:19 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 05:19 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 05:19 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 05:19 - 2017-11-01 21:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 05:19 - 2017-11-01 21:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 05:19 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 05:19 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 05:19 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 05:19 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 05:19 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 05:19 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 05:19 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 05:19 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 01:17 - 2017-11-15 01:17 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-12 04:34 - 2017-11-12 04:34 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-11-12 04:34 - 2017-11-12 04:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-11 23:50 - 2017-11-11 23:50 - 000003242 _____ C:\Users\TheGreaterThanClub\Documents\temp liveme44.txt
2017-11-11 16:36 - 2017-11-11 16:36 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\Windscribe
2017-11-09 23:29 - 2017-11-09 23:29 - 000002998 _____ C:\Users\TheGreaterThanClub\Documents\temp liveme3.txt
2017-11-09 23:18 - 2017-11-09 23:17 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-09 23:18 - 2017-11-09 23:17 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-08 18:38 - 2017-11-12 04:59 - 000000000 ____D C:\Program Files (x86)\Windscribe
2017-11-08 18:38 - 2017-11-08 18:38 - 000001142 _____ C:\Users\Public\Desktop\Windscribe.lnk
2017-11-08 18:38 - 2017-11-08 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2017-11-08 18:38 - 2017-09-13 21:43 - 000054896 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapwindscribe0901.sys
2017-11-01 13:58 - 2017-11-01 13:58 - 000000522 _____ C:\Users\TheGreaterThanClub\Desktop\Thumbnail me 3.0.lnk
2017-11-01 13:58 - 2017-11-01 13:58 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\Thumbnail me
2017-11-01 13:58 - 2017-11-01 13:58 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thumbnail me 3.0
2017-11-01 13:58 - 2017-11-01 13:58 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\Thumbnail me
2017-11-01 00:46 - 2017-11-23 19:09 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\discord
2017-11-01 00:46 - 2017-11-01 00:46 - 000002338 _____ C:\Users\TheGreaterThanClub\Desktop\Discord.lnk
2017-11-01 00:46 - 2017-11-01 00:46 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-11-01 00:45 - 2017-11-01 00:46 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\SquirrelTemp
2017-11-01 00:45 - 2017-11-01 00:46 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Local\Discord

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-25 19:08 - 2017-05-25 23:39 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\vlc
2017-11-24 17:29 - 2017-07-13 13:28 - 000000000 ____D C:\Users\TheGreaterThanClub
2017-11-23 20:15 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-23 19:19 - 2016-11-29 15:03 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\LocalLow\Mozilla
2017-11-23 19:10 - 2017-07-05 00:29 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-23 19:09 - 2017-07-13 13:27 - 000006880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-23 19:09 - 2015-07-31 16:59 - 000003320 _____ C:\WINDOWS\SysWOW64\WebProxyOff.ini
2017-11-23 19:09 - 2015-07-31 16:59 - 000003320 _____ C:\WINDOWS\system32\WebProxyOff.ini
2017-11-23 19:08 - 2012-12-25 21:22 - 000000000 ___HD C:\ASUS.DAT
2017-11-23 19:06 - 2012-12-25 21:25 - 000000387 _____ C:\Users\TheGreaterThanClub\AppData\Roaming\sp_data.sys
2017-11-23 19:05 - 2017-07-13 13:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-23 18:32 - 2017-07-13 13:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-23 12:27 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 12:27 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-22 05:08 - 2017-03-18 04:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-21 23:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-20 01:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-18 16:17 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-17 03:54 - 2013-07-17 02:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-17 03:40 - 2017-10-10 22:29 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-17 03:40 - 2013-01-02 12:17 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-16 15:33 - 2015-07-16 17:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-16 15:04 - 2017-07-13 13:24 - 000404688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 21:01 - 2017-07-13 13:54 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 21:01 - 2015-07-23 15:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 20:18 - 2016-11-20 11:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 20:15 - 2016-12-14 16:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-15 20:15 - 2015-03-15 13:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-15 20:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 20:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 20:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 20:12 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 20:12 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 11:19 - 2017-07-26 03:37 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-15 05:57 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 04:59 - 2015-03-15 13:48 - 000001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-15 04:59 - 2013-01-11 17:36 - 000000000 ____D C:\Users\TheGreaterThanClub\AppData\Roaming\Mozilla
2017-11-15 01:17 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 01:17 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 04:48 - 2017-07-13 13:54 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 04:48 - 2017-07-13 13:54 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 05:07 - 2015-07-15 16:46 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-12 04:59 - 2016-09-10 00:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-12 04:34 - 2016-09-10 00:57 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-09 23:51 - 2012-06-09 02:21 - 000002256 _____ C:\WINDOWS\system32\ServiceFilter.ini
2017-11-09 23:19 - 2017-07-26 03:38 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-09 23:18 - 2017-07-26 03:37 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-09 23:17 - 2017-07-26 03:37 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-09 23:17 - 2017-07-26 03:37 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-04 18:40 - 2017-03-18 14:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 18:40 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 19:31 - 2012-06-09 02:21 - 000002664 _____ C:\WINDOWS\system32\AutoRunFilter.ini
2017-11-02 18:24 - 2017-07-24 18:15 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3814981608-96153672-1869020453-1000
2017-11-02 18:24 - 2015-07-31 16:47 - 000002442 _____ C:\Users\TheGreaterThanClub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 18:24 - 2015-07-31 16:47 - 000000000 ___RD C:\Users\TheGreaterThanClub\OneDrive
2017-11-01 21:51 - 2009-07-28 23:03 - 000395314 __RSH C:\bootmgr

==================== Files in the root of some directories =======

2015-07-31 17:13 - 2015-07-31 17:13 - 000000000 _____ () C:\Program Files (x86)\Battlelog Web Plugins
2015-07-31 17:13 - 2015-07-31 17:13 - 000000000 _____ () C:\Program Files (x86)\Yontoo
2015-07-31 17:13 - 2015-07-31 17:13 - 000000000 _____ () C:\Program Files (x86)\Common Files\DivX Shared
2017-11-20 15:16 - 2017-11-20 15:59 - 000210541 _____ () C:\Users\TheGreaterThanClub\AppData\Roaming\ICARE.LOG
2012-12-25 21:25 - 2017-11-23 19:06 - 000000387 _____ () C:\Users\TheGreaterThanClub\AppData\Roaming\sp_data.sys
2015-07-24 14:50 - 2015-07-24 14:50 - 000003584 _____ () C:\Users\TheGreaterThanClub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 14:17 - 2014-06-06 14:17 - 000000000 _____ () C:\Users\TheGreaterThanClub\AppData\Local\{0F68E354-B817-4EBF-98D0-5D92DA64F81F}
2016-12-27 22:14 - 2016-12-27 22:14 - 000000000 _____ () C:\Users\TheGreaterThanClub\AppData\Local\{83A60197-2EC4-44F3-93F6-3FD0D0F20F14}
2016-11-30 23:18 - 2016-11-30 23:18 - 000000000 _____ () C:\Users\TheGreaterThanClub\AppData\Local\{FA74FC72-8D3B-426F-87C4-68F04007D7CA}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-20 15:32

==================== End of FRST.txt ============================



#4 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 November 2017 - 09:42 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by TheGreaterThanClub (25-11-2017 19:13:02)
Running from C:\Users\TheGreaterThanClub\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-07-13 21:08:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3814981608-96153672-1869020453-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3814981608-96153672-1869020453-503 - Limited - Disabled)
EPC (S-1-5-21-3814981608-96153672-1869020453-1003 - Limited - Enabled) => C:\Users\EPC
Guest (S-1-5-21-3814981608-96153672-1869020453-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3814981608-96153672-1869020453-1002 - Limited - Enabled)
TheGreaterThanClub (S-1-5-21-3814981608-96153672-1869020453-1000 - Administrator - Enabled) => C:\Users\TheGreaterThanClub

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {BC4CE0B2-D6B5-59A2-9E54-9AA2C7DBE398}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {072D0156-F08F-562C-A4E4-A1D0BC5CA925}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ThreatTrack Security VIPRE (Disabled) {84776197-9CDA-58FA-B50B-33973908A4E3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 6.50 - Philipp Winterberg)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Graboid Video 4.1 (HKLM-x32\...\Graboid Video) (Version: 4.1 - Graboid Inc.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
ImageGlass (HKLM-x32\...\{3371FB38-C654-4C85-B402-927D1AFEF4EF}_is1) (Version: 2.0.1.5 - Duong Dieu Phap)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.2 - OBS Project)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Screen Recorder Launcher (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )
Screencast-O-Matic v2.0 (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Thumbnail me 3.0 (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Thumbnail me 3.0) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIPRE Internet Security (HKLM-x32\...\{437A0722-D281-434A-8523-9F8BAC22198B}) (Version: 8.4.0.17 - ThreatTrack Security, Inc.) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 8.4.0.17 - ThreatTrack Security Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 31 - Windscribe Limited)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Wondershare Data Recovery(Build 6.6.0.21) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.6.0.21 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2015-07-30] (ThreatTrack Security Inc.)
ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2015-07-30] (ThreatTrack Security Inc.)
ContextMenuHandlers2: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2015-07-30] (ThreatTrack Security Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\System32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2015-07-30] (ThreatTrack Security Inc.)
ContextMenuHandlers4: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2015-07-30] (ThreatTrack Security Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {06E0A18D-D287-4ECD-AED5-B4247BD4143D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {11D9458C-FB82-462F-93D6-3DA2242A616B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {162AD602-A303-4B0A-9819-D26D0764CC91} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1C9731CA-712B-4F3A-B8EC-FF1BDA987E7A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {1F657A4F-3665-4FB1-B427-34057612784B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {21AB68DD-F4CF-4577-8BD2-90571598E5CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4128A7E6-3158-4AD9-916E-18DA90FD843B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {43D8F54E-DE10-41CB-B5E5-BDD1E49332E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {52504AA0-0DBE-45CF-9AEE-3644DC104B3E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {537014B9-A886-4615-94F4-4D4E106BE566} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {54F72862-E9A2-4F2F-A363-A9097B462BF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {58116905-4EC9-4269-AAA4-1A9EEDDB5BCC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {597216E7-EABE-4985-9A61-81A79040063A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {637F8C2F-39DC-444D-8115-9347BDBD419D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81A8049E-F5D7-4EEA-B770-0D5CCCEBB6E1} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {9E932509-6994-4C04-83B0-E04817380650} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AAB838CC-D521-4888-94F3-F001FBE5BA85} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {B59B5007-68E5-468A-BECC-5F83C10093EE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-09] (AVAST Software)
Task: {BD46A0C6-DA7A-4570-AA8A-BAE6918B7F20} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BD88F5EE-3312-4003-9EC3-16D75A7A7B36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C5269B15-BB0C-49FA-A100-BB55CE284B70} - System32\Tasks\{363750F9-7BD0-400D-8576-DC76CAE5AE27} => C:\Windows\system32\pcalua.exe -a "F:\Setup VIPRE Internet Security.exe" -d F:\
Task: {C590E7BA-772F-4AE0-8835-C0CE8DDCF536} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D14EB798-C5BE-42ED-9DE3-85E71E946651} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DA2E7886-01BC-403E-8772-BDE1DF1A8F69} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EBB75301-CD4F-4DE6-BF8C-772216449564} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F17B0E23-7F74-4FAD-967A-76B13A1DB3D5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F53CEA92-716F-4A63-B694-429EC2A27DE6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB5AAF35-45E5-4ED1-9420-2DEAC87EFAE6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFE3D9AC-FB85-4F68-9A6D-D9C8FF11C66C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-11-11 13:26 - 2017-11-11 13:27 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 13:26 - 2017-11-11 13:27 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 13:26 - 2017-11-11 13:27 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 21:57 - 2017-11-06 21:58 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-04 18:24 - 2011-05-05 05:30 - 000057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-30 13:32 - 2015-07-30 13:32 - 000160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2012-02-21 14:49 - 2012-02-21 14:49 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-11-09 23:17 - 2017-11-09 23:17 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-09 23:17 - 2017-11-09 23:17 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-26 03:37 - 2017-07-26 03:37 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-09 23:17 - 2017-11-09 23:17 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-09 23:17 - 2017-11-09 23:17 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-09 23:17 - 2017-11-09 23:17 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-05 00:30 - 2017-09-09 12:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-07-05 00:30 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-07-05 00:30 - 2017-10-30 20:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-07-05 00:30 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-07-05 00:30 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-07-05 00:30 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-07-05 00:30 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-07-05 00:30 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-07-05 00:30 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-07-05 00:30 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-07-05 00:30 - 2017-10-30 20:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-07-05 00:30 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-11-01 00:46 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-11-01 00:46 - 2017-11-01 00:46 - 001577976 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2007-07-12 11:11 - 2007-07-12 11:11 - 001163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2013-09-30 19:42 - 2015-06-26 02:13 - 000184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2013-09-30 19:42 - 2015-06-26 02:13 - 000175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2017-11-01 00:46 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-11-01 00:46 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\TheGreaterThanClub\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-11-01 00:46 - 2017-11-01 00:47 - 009722360 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-11-01 00:46 - 2017-11-23 19:09 - 001494520 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-23 19:09 - 2017-11-23 19:09 - 000148992 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Local\Temp\CAED.tmp.node
2017-11-01 00:46 - 2017-11-01 00:46 - 002658296 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-11-01 00:47 - 2017-11-01 00:47 - 002673656 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-11-23 19:10 - 2017-11-23 19:10 - 001505272 _____ () \\?\C:\Users\TheGreaterThanClub\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
2017-07-05 00:32 - 2017-09-06 19:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-07-05 00:32 - 2017-08-16 15:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-05 00:30 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3814981608-96153672-1869020453-1000\Control Panel\Desktop\\Wallpaper -> c:\users\thegreaterthanclub\pictures\tumblr_meihynxjkk1qigj64o1_500.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77F56479-9673-43A0-98EF-AC21920EB613}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{59C2B855-B95D-4E8B-9E77-D9E0C394D72F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6ACF912C-B215-42C4-9EC2-2D086F037C7C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9EE4EA0-DBDF-422D-BDE1-A2B3063B4C0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{ADCA5104-5B29-4A63-9550-546B3F99FFC6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2798BF24-BCB3-49CF-A03D-88E986847089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1E9C016A-434F-4DD5-8EFE-7B6C64D8AE1E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{33F0EDCF-DF7E-4E88-97A0-151F8A7D4406}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{F8D20810-C409-4219-9F1B-B582EB1C7A5A}C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{50472230-7A8C-464F-B7A0-E6E3237CB738}C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CC624607-F06E-447E-BA17-93B700E054A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59D3FE69-5444-4028-ABBA-6B4F18B8E368}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAF18F2D-482F-4C9E-AAD4-5FA92290FFD1}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{A6EF5267-2FED-4DD1-9E22-192191064F12}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{398D2ED5-8B53-4D78-AB17-819981047633}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{BBC2E183-686E-4DDF-877C-863E5F9F1A3F}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{A7CDF5B9-44E6-4302-80E2-E4D8B8180A05}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{A7EA0BA4-04D5-45D7-AA1B-2B31FFAF5277}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [TCP Query User{BE890A0F-8F72-4270-B13B-30F93DD0E55D}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{2C749E28-F5CE-4ED7-B002-EFB520CD0368}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{54C45F96-0584-47AE-B17D-F8146D145B4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2017 07:14:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (1060) An attempt to open the file "C:\Users\TheGreaterThanClub\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2017 07:04:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/24/2017 04:57:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/23/2017 07:08:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/23/2017 07:07:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname TGTCPC.local already in use; will try TGTCPC-2.local instead

Error: (11/23/2017 07:07:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 TGTCPC.local. Addr 10.0.0.25

Error: (11/23/2017 07:07:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.25:5353   16 TGTCPC.local. AAAA 2601:0280:C100:1151:0000:0000:0000:C073

Error: (11/23/2017 03:37:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/23/2017 04:59:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/22/2017 05:10:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TGTCPC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/24/2017 04:59:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (11/24/2017 04:59:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (11/24/2017 04:45:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/23/2017 07:09:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (11/23/2017 07:06:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 07:06:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 07:06:03 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000006001, 0xffffffffc000009c, 0x0000000010f5a000, 0xffff93859738a990). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 9d6b5f82-2355-4d23-909b-4efc94d89b8f.

Error: (11/23/2017 07:05:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/23/2017 07:05:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (11/23/2017 07:05:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:29:07 PM on ‎11/‎23/‎2017 was unexpected.


CodeIntegrity:
===================================
  Date: 2017-11-16 18:27:54.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:54.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:50.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:49.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:49.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:49.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:46.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:27:42.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:12:08.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-16 18:12:08.724
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B970 @ 2.30GHz
Percentage of memory in use: 74%
Total physical RAM: 4000.12 MB
Available physical RAM: 1027.84 MB
Total Virtual: 8096.12 MB
Available Virtual: 3087.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.79 GB) (Free:9.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=118.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 MB) - (Type=27)
Partition 4: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 25 November 2017 - 09:45 PM

I did not have my external connected to my computer at the time of the scan. Please let me know if I should re-scan with it connected.



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:53 AM

Posted 30 November 2017 - 09:25 PM

Hi, Moody123! I'm going to try to help you out. :)
 
Before we get started, here are some things I need you to remember:
  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!
Now then, let's get started!
 
CHKDSK
 
First, it looks like your logs are indicating that your external drive is somewhat corrupt, which is probably why Windows Explorer is having trouble mounting it. There was no problem with running a FRST scan without it attached, but I will need you to reattach it in order to run a disk check and repair on it.
  • Insert your external drive into your PC, then go to Start > All Programs > Accessories, right click Command Prompt, and select Run as administrator.
  • In the Command Prompt that opens, type chkdsk x: /r (where "x" is the letter of your external drive; for example, f:) and hit enter.
  • Allow CHKDSK to run. Once it's finished, select all the text in the Command Prompt (hold Ctrl and hit A), then copy (hold Ctrl and hit C) and paste it into your reply.
Farbar Recovery Scan Tool
 
Next, I'm gonna have you to run a fix with FRST. Most of this is pretty benign, like orphans from since-uninstalled software or simply junk files, but it's good to clean this stuff up anyway.
  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-3814981608-96153672-1869020453-1000\...\MountPoints2: {eec0e2dd-481d-11e7-9d44-3085a9014350} - "F:\WD Drive Unlock.exe" autoplay=true
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-06-09]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> DefaultScope {F282EE08-110F-4CD8-A1C8-EE56E9907C7C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US885D20121225&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3814981608-96153672-1869020453-1000 -> {F282EE08-110F-4CD8-A1C8-EE56E9907C7C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US885D20121225&p={searchTerms}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath
C:\Users\TheGreaterThanClub\AppData\Roaming\sp_data.sys
C:\Users\TheGreaterThanClub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\TheGreaterThanClub\AppData\Local\{0F68E354-B817-4EBF-98D0-5D92DA64F81F}
C:\Users\TheGreaterThanClub\AppData\Local\{83A60197-2EC4-44F3-93F6-3FD0D0F20F14}
C:\Users\TheGreaterThanClub\AppData\Local\{FA74FC72-8D3B-426F-87C4-68F04007D7CA}
C:\Program Files (x86)\Yontoo
C:\Users\TheGreaterThanClub\AppData\Roaming\ICARE.LOG
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIPRE Internet Security (HKLM-x32\...\{437A0722-D281-434A-8523-9F8BAC22198B}) (Version: 8.4.0.17 - ThreatTrack Security, Inc.) Hidden
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {162AD602-A303-4B0A-9819-D26D0764CC91} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1F657A4F-3665-4FB1-B427-34057612784B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4128A7E6-3158-4AD9-916E-18DA90FD843B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {43D8F54E-DE10-41CB-B5E5-BDD1E49332E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {52504AA0-0DBE-45CF-9AEE-3644DC104B3E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {597216E7-EABE-4985-9A61-81A79040063A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD46A0C6-DA7A-4570-AA8A-BAE6918B7F20} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BD88F5EE-3312-4003-9EC3-16D75A7A7B36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C5269B15-BB0C-49FA-A100-BB55CE284B70} - System32\Tasks\{363750F9-7BD0-400D-8576-DC76CAE5AE27} => C:\Windows\system32\pcalua.exe -a "F:\Setup VIPRE Internet Security.exe" -d F:\
Task: {C590E7BA-772F-4AE0-8835-C0CE8DDCF536} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D14EB798-C5BE-42ED-9DE3-85E71E946651} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EBB75301-CD4F-4DE6-BF8C-772216449564} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F17B0E23-7F74-4FAD-967A-76B13A1DB3D5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F53CEA92-716F-4A63-B694-429EC2A27DE6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
FirewallRules: [UDP Query User{ADCA5104-5B29-4A63-9550-546B3F99FFC6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2798BF24-BCB3-49CF-A03D-88E986847089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1E9C016A-434F-4DD5-8EFE-7B6C64D8AE1E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{33F0EDCF-DF7E-4E88-97A0-151F8A7D4406}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{F8D20810-C409-4219-9F1B-B582EB1C7A5A}C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{50472230-7A8C-464F-B7A0-E6E3237CB738}C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\thegreaterthanclub\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BE890A0F-8F72-4270-B13B-30F93DD0E55D}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{2C749E28-F5CE-4ED7-B002-EFB520CD0368}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
C:\WINDOWS\wininit.ini
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
C:\WINDOWS\System32\Tasks\Safer-Networking
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.
System Restore
 
Yours logs tell me that System Restore is disabled. I'm not sure if you did this yourself or not, but either way, it's not wise to not enable it, so I highly recommend you do so.
  • Open File Explorer, right click on This PC, and select Properties. In the new window that opens, click System protection.
  • In the smaller window that opens, click Configure... and ensure Turn on system protection is ticked. You may adjust the max usage dial (which indicates how much data is used on System Restore at any time) to your liking, although I recommend allowing it to use at least 20%. When done, click OK.
Uninstall Programs
 
Now then, I need you to uninstall some programs using either Apps and Features or Revo Uninstaller.
 
First of all, you're using more than one antivirus program (Avast and Vipre). This actually does more harm than good, even when one is disabled. Antivirus programs are quite hefty and hard on system resources, and having more than one causes problems such as performance issues and false malware detections. To make it easier for both of us, I highly recommend removing one. As a side note, it isn't a problem to run an AV with MBAM or Windows Defender, as the former is designed to "cooperate" with antivirus programs, and the latter is integrated into the operating system, although it's also designed to disable much more cleanly than third-party AV software.
 
Second, do you need Adobe Reader and/or Java? I ask because these are rather vulnerable programs that malware frequently exploits in order to infect your computer. Most modern browsers allow you to read PDF files by default, so Reader's often completely unnecessary. As for Java, if you do use it, please uninstall it anyway, since I am going to have you update it later (though make sure to let me know you want to keep it if so).
 
The rest of the stuff I'm having you uninstall is either unnecessary or suspicious.
 
If you want to use Apps and Features:
  • Go to Start > Settings > Apps. Once it loads all the programs, uninstall the following, if present, one at a time:
  • Avast Free Antivirus or VIPRE Internet Security
  • Adobe Acrobat Reader DC
  • Java 8 Update 73
  • Shared C Run-time for x64
  • UpdateAssistant
  • Windows 10 Upgrade Assistant
by clicking Uninstall, and following the prompts in the uninstaller.
 
If you have any problems uninstalling a program using Apps and Features, proceed to the below method.
 
If you want to use Revo Uninstaller (which does a better job at cleaning up):
  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
  • Avast Free Antivirus or VIPRE Internet Security
    Adobe Acrobat Reader DC
    Java 8 Update 73
    Shared C Run-time for x64
    UpdateAssistant
    Windows 10 Upgrade Assistant
  • Double click the program, and follow the prompts in the built-in uninstaller (except prompts to reboot; only do so when you are finished uninstalling every program). Once the built-in uninstaller is finished, ensure the Moderate option is selected in Revo, and click Scan.
  • If any registry remnants are found, check only the bold items. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.
 

Final Notes

 

I noticed you disabled numerous items in MSConfig/task manager:

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"

 

This is a pretty messy way to do so, though, because it doesn't actually delete the start-up entries and the registry still has to process the data. If you'd like, I can help you completely delete the entries (as well as any other redundant boot programs); if you would, please let me know, but first you will need to re-enable everything you previously disabled.

 

After you have done all of this, I would like you to rerun a FRST scan. Please ensure the 90 Days Files and Addition.txt options are checked before running the scan, and when it's done, please copy and paste the contents of the logs into your reply.

 

Last, but certainly not least, are you now able to explore your external drive normally? Are you having any other issues?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 04 December 2017 - 03:23 AM

Thank you for your help. Chkdsk seemed to work and it doesn't look like i'm missing any files but the file counter when opening my drive is lower than before. This is what the log showed:

 

 

 

Microsoft Windows [Version 10.0.15063]
© 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32> chkdsk g: /r
The type of the file system is NTFS.
Volume label is My Passport.

Stage 1: Examining basic file system structure ...
  22016 file records processed.
File verification completed.
  2450 large file records processed.
  0 bad file records processed.

Stage 2: Examining file name linkage ...
A disk read error occurredc00000b5
Correcting error in index $I30 for file 5.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 5.
Sorting index $I30 in file 5.
  22558 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file AHD-15.mp3 (10A8) into directory file 5.
Recovering orphaned file AHD~1.MP3 (10A8) into directory file 5.
Recovering orphaned file AHD71.mp3 (1731) into directory file 5.
Recovering orphaned file AHD24.mp3 (1731) into directory file 5.
Recovering orphaned file AHD78.mp3 (1733) into directory file 5.
Recovering orphaned file AHD~2.MP3 (1733) into directory file 5.
Recovering orphaned file AHD~3.MP3 (1756) into directory file 5.
Recovering orphaned file AHD46.mp3 (1756) into directory file 5.
Recovering orphaned file AHD~4.MP3 (1758) into directory file 5.
Recovering orphaned file AHD22.mp3 (1758) into directory file 5.
Skipping further messages about recovering orphans.
  12 unindexed files scanned.
  12 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
  272 data files processed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  22000 files processed.
File data verification completed.

Stage 5: Looking for bad, free clusters ...
  576928909 free clusters processed.
Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

   2861553 MB total disk space.
 622328428 KB in 19142 files.
      8884 KB in 273 indexes.
         4 KB in bad sectors.
    178343 KB in use by the system.
     65536 KB occupied by the log file.
   2253628 MB available on disk.

      4096 bytes in each allocation unit.
 732557823 total allocation units on disk.
 576928909 allocation units available on disk.



#8 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 04 December 2017 - 03:57 AM

As for the FRST fix, can you help me understand what it's fixing or cleaning up? I'm reading some of those program names such as WD Drive Unlock and I still use them. I trust you I'm just curious as to what it will be doing.

 

I'd prefer to keep Java but don't care for Adobe Reader. I also don't recall disabling anything in MSConfig/task manager. None of those items are necessary for anything important correct? And yes, I actually would like to delete or disable any redundant/unnecessary boot programs.

 

Thanks again.



#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:53 AM

Posted 04 December 2017 - 06:13 AM

Hi,

 

Woohoo, glad the disk check worked! I'm not entirely sure why the file counter went down - perhaps the disk was already mildly corrupted beforehand, but not to the extent of being unusable - though as long as you aren't missing anything important, I wouldn't worry about it.

 

As for an explanation, no problem at all! I actually love it when the folks I'm helping ask fun questions. :P

 

FRST handles different entries in different ways when fixing. For example:

WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden

 

Take note of the "Hidden" at the end, as well as at the ends of all other installed program entries in the script. This does not uninstall the program in question, but rather unhides it. When a program is hidden, it won't show up in most conventional lists of installed software, which can make it rather difficult to uninstall. Naturally, some malware can use this to make itself more difficult to remove, but there is completely legitimate software that also hides itself. Still, there are reasons you may wish to remove good programs, such as reinstalling or replacing them. So, in short, I'm not having FRST uninstall any of those entries; I'm just having it make them visible for you. I do this myself when I scan my own PC with FRST from time to time. :)

 

Similarly, let's look at lines like this:

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)

 

Again, listing this entry in the script will not delete the file, but only the start-up entry. This is how I will assist you with removing any redundant boot entries.

 

Conversely, putting a file path alone into the script moves (but not deletes) the file in question. For instance:

C:\Users\TheGreaterThanClub\AppData\Roaming\sp_data.sys

 

This line ensures that sp_data.sys will be moved to a safe location where it will cause no harm to your PC. If a legitimate file was moved by mistake, you can simply retrieve it later and put it back where it belongs, but in this case (where sp_data.sys is, at best, suspicious) we can completely delete it later once we're done cleaning.

 

Regarding Java, noted. As for the MSConfig entries, all of them are completely unnecessary and can be re-enabled and then deleted to no ill effect, since all of the programs they're for can be launched manually if need be. If you're not sure how to re-enable them, just open the task manager, click the Startup tab, and right click each disabled entry and enable it. I will then use the information from your new FRST log to get rid of them for good.

 

Anything else you'd like to know? If not, please proceed with the rest of my instructions. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:53 AM

Posted 07 December 2017 - 07:36 AM

Hi,
 
It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.
 
If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.
 
Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 Moody123

Moody123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 09 December 2017 - 06:15 AM

Sorry for the delay in my response. I've decided to finally build a gaming PC (with help of a friend) so I don't think I'll need to clean this computer as it'll just be cast aside soon. Feel free to close the topic and thank you again for your time, patience, and help.



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:53 AM

Posted 09 December 2017 - 09:51 PM

Understood! Not a problem; glad I could've been of assistance. :)

 

Per user request, I'm locking this topic. However, if you still want help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users