Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dtorzae.exe *32


  • This topic is locked This topic is locked
27 replies to this topic

#1 plqazokm

plqazokm

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 December 2017 - 05:44 PM

Running Windows 7 SP1 64-bit

 

 

I find 3 to 7 instances of the subject process executable running, consuming most of my memory and CPU.

Had initially posted in the "Am I infected" section; moderator suggested I start a new topic here.

When attempting to run FRST, pop-up window stated:

Error Saving File

C:\FRST\HIVES\BCD!

Continue with next file?

[RegSaveKeyEx:5 - Access is Denied]

 

Continued with next file with no further pop-ups.

Scan logs posted below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Tall Bob (administrator) on TALLBOB-PC (15-12-2017 17:29:10)
Running from C:\Users\Tall Bob\Desktop
Loaded Profiles: Tall Bob (Available Profiles: Tall Bob)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\cokzalbsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\coeuvmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tall Bob\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-495565491-129709774-4068553075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
IFEO\cliconfg.exe: [VerifierDlls] Hibiki.dll
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.250 192.168.1.9 192.168.1.1
Tcpip\..\Interfaces\{84DF7D58-0887-4AAF-9594-BC39F2010A4F}: [DhcpNameServer] 192.168.1.250 192.168.1.9 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-09] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-09] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll No File
 
FireFox:
========
FF DefaultProfile: 
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default [2017-12-15]
CHR Extension: (Docs) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-28]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-11-24]
CHR Extension: (YouTube) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2017-10-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-28]
CHR Extension: (SuperSorter) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2017-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-28]
CHR Extension: (Chrome Media Router) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S2 ss_conn_service; "C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2010-08-07] (Google Inc)
S3 androidusb; C:\Windows\SysWOW64\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
R1 cmdcss; C:\Windows\system32\drivers\cmdcss.sys [112152 2017-06-30] (COMODO)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-11-07] (Glarysoft Ltd)
R2 hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [457216 2015-07-09] (Aladdin Knowledge Systems) [File not signed]
S2 Haspnt; C:\Windows\SysWOW64\drivers\Haspnt.sys [47616 2015-07-09] (Aladdin Knowledge Systems) [File not signed]
S1 HWiNFO32; no ImagePath
S4 IUFileFilter; no ImagePath
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated)
R1 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253880 2017-12-12] (Malwarebytes)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [196040 2017-10-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206976 2017-10-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138432 2017-10-16] (Oracle Corporation)
S2 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [40960 2015-06-26] (Chingachguk & Denger2k) [File not signed]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNOBEX; system32\DRIVERS\PSMNOBEX.sys [X]
S3 PSMNVSP; system32\DRIVERS\PSMNVSP.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S1 VBoxDRV; system32\DRIVERS\VBoxDrv.sys [X]
S1 VBoxUSBMon; system32\DRIVERS\VBoxUSBMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-15 17:29 - 2017-12-15 17:29 - 000011185 _____ C:\Users\Tall Bob\Desktop\FRST.txt
2017-12-15 17:25 - 2017-12-15 17:13 - 002392064 _____ (Farbar) C:\Users\Tall Bob\Desktop\FRST64.exe
2017-12-15 17:13 - 2017-12-15 17:29 - 000000000 ____D C:\FRST
2017-12-15 17:13 - 2017-12-15 17:13 - 002392064 _____ (Farbar) C:\Users\Tall Bob\Downloads\FRST64.exe
2017-12-15 17:01 - 2017-12-15 17:01 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\LibreOffice
2017-12-15 16:58 - 2017-12-15 16:58 - 000001458 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk
2017-12-15 16:57 - 2017-12-15 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
2017-12-15 16:56 - 2017-12-15 16:56 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-12-15 16:53 - 2017-12-15 16:54 - 245379072 _____ C:\Users\Tall Bob\Downloads\LibreOffice_5.4.3_Win_x64.msi
2017-12-15 12:29 - 2017-12-15 12:29 - 000140112 ____N C:\Windows\system32\Drivers\nvbqtxad.sys
2017-12-15 12:19 - 2017-12-15 12:19 - 000001046 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-12-15 12:19 - 2017-12-15 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-12-15 12:19 - 2017-12-15 12:19 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-15 12:18 - 2017-12-15 12:18 - 007189760 _____ (VS Revo Group ) C:\Users\Tall Bob\Downloads\revosetup.exe
2017-12-15 07:08 - 2017-12-15 12:03 - 000003958 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Tall Bob
2017-12-15 07:05 - 2017-12-15 07:05 - 000006190 _____ C:\Users\Tall Bob\Desktop\Eset results.txt
2017-12-14 10:12 - 2017-12-15 17:22 - 000339248 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-14 08:53 - 2017-12-15 17:18 - 000562136 ____H C:\Windows\MEMORY.DMP
2017-12-14 08:21 - 2017-12-14 08:21 - 000000000 ____D C:\Users\Tall Bob\.android
2017-12-13 15:54 - 2017-12-13 15:54 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\ESET
2017-12-13 15:53 - 2017-12-13 15:54 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Tall Bob\Downloads\esetonlinescanner_enu.exe
2017-12-13 15:03 - 2017-12-13 15:03 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5175EFB0.sys
2017-12-13 15:02 - 2017-12-13 15:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-13 15:01 - 2017-12-13 15:30 - 000000000 ____D C:\Users\Tall Bob\Desktop\mbar
2017-12-13 15:01 - 2017-12-13 15:01 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-12-13 14:01 - 2017-12-13 14:01 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Tall Bob\Desktop\MBAR.exe
2017-12-13 04:30 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 04:30 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 04:30 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-13 04:30 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 04:30 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 04:30 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 04:30 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 04:30 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 04:30 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 04:30 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 04:30 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 04:30 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 04:30 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 04:30 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 04:30 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 04:30 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 04:30 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 04:30 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 04:30 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 04:30 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 04:30 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 04:30 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 04:30 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 04:30 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 04:30 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 04:30 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 04:30 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 04:30 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 04:30 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 04:30 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 04:30 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 04:30 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 04:30 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-13 04:30 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 04:30 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 04:30 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-13 04:30 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-13 04:30 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-13 04:30 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-13 04:30 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-13 04:30 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 04:30 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-13 04:30 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-13 04:30 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-13 04:30 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 04:30 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 04:30 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-13 04:30 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-13 04:30 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-13 04:30 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-13 04:30 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 04:30 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-13 04:30 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-13 04:30 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-13 04:30 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-13 04:30 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-13 04:30 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-13 04:30 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 04:30 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 04:30 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-13 04:30 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 04:30 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 04:30 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 04:30 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 04:30 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 04:30 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 04:30 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 04:30 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 04:30 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 04:30 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-12 17:22 - 2017-12-12 17:22 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-12 17:21 - 2017-12-12 17:22 - 000198990 _____ C:\TDSSKiller.3.1.0.15_12.12.2017_17.21.04_log.txt
2017-12-12 17:18 - 2017-12-12 17:19 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Tall Bob\Desktop\toadstoolkiller.exe
2017-12-12 17:05 - 2017-12-12 17:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-12 17:04 - 2017-12-12 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-12 17:04 - 2017-12-12 17:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-12 16:56 - 2017-12-12 16:59 - 000003428 _____ C:\Users\Tall Bob\Desktop\Rkill.txt
2017-12-12 16:46 - 2017-12-12 17:04 - 000001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-12 16:46 - 2017-12-12 16:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-12 16:46 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-12 14:22 - 2017-12-12 14:22 - 000000000 ____D C:\32788R22FWJFW
2017-12-12 12:49 - 2017-12-12 12:48 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Tall Bob\Desktop\rkill.exe
2017-12-12 12:48 - 2017-12-12 12:48 - 008172032 _____ (Malwarebytes) C:\Users\Tall Bob\Desktop\AdwCleaner.exe
2017-12-08 10:47 - 2017-12-08 10:47 - 000000702 _____ C:\Users\Tall Bob\Desktop\BOB_YARRISON.lnk
2017-12-04 00:56 - 2017-12-04 00:56 - 000000000 _____ C:\Users\Tall Bob\AppData\Local\{4DC90FE7-24A1-4965-8CFB-497A59C03A63}
2017-12-02 11:25 - 2017-12-12 13:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\AvgSetupLog
2017-12-02 10:57 - 2017-12-02 11:09 - 000000000 ____D C:\AVG_Remover
2017-12-02 09:15 - 2017-12-02 11:29 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys.151223218238802
2017-11-30 10:00 - 2017-12-14 09:20 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\igfxmtc
2017-11-20 08:44 - 2017-11-20 08:44 - 000000165 ____H C:\Users\Tall Bob\Desktop\~$CME TOOL LIST.xlsx
2017-11-17 19:15 - 2017-11-24 11:35 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\cwcpadx
2017-11-17 18:40 - 2017-11-17 18:39 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys.151096205810802
2017-11-17 18:23 - 2017-11-17 18:27 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
2017-11-17 18:23 - 2017-11-17 18:23 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Macromedia
2017-11-17 18:22 - 2017-12-15 17:28 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\coeuvmd
2017-11-17 18:22 - 2017-12-15 17:21 - 002883072 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cokzalbsvc.exe
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Windows\SysWOW64\mbcselp
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Windows\system32\mbcselp
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\et
2017-11-17 18:21 - 2017-12-13 20:42 - 000000000 ___HD C:\Program Files (x86)\prefectures
2017-11-17 18:21 - 2017-11-17 19:04 - 000000000 ____D C:\Program Files (x86)\Solitary
2017-11-17 18:21 - 2017-11-17 18:21 - 000000020 _____ C:\Windows\b82322078
2017-11-17 18:21 - 2017-11-17 18:21 - 000000000 ___HD C:\Program Files (x86)\Saw
2017-11-17 18:20 - 2017-11-17 19:01 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\AGData
2017-11-16 17:56 - 2017-11-16 17:56 - 000035752 _____ C:\Windows\uninstaller.dat
2017-11-16 10:15 - 2017-11-16 10:15 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Temp
2017-11-16 10:14 - 2017-11-16 10:14 - 000000000 ____D C:\Program Files (x86)\USBTest
2017-11-15 19:31 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 19:31 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 19:31 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 19:31 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 19:31 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 19:31 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 19:31 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 19:31 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 19:31 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 19:31 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 19:31 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 19:31 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 19:31 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 19:31 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 19:31 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 19:31 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 19:31 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 19:31 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 19:31 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 19:31 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 19:31 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 19:31 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 19:31 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 19:31 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 19:31 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 19:29 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 19:29 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 19:29 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 19:29 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 19:29 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-15 17:22 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-15 17:22 - 2009-07-13 21:34 - 020185088 _____ C:\Windows\system32\config\HARDWARE
2017-12-15 16:59 - 2009-07-13 23:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-15 16:59 - 2009-07-13 23:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-15 15:45 - 2009-07-14 00:13 - 000914058 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-15 15:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-15 13:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-12-15 13:03 - 2016-04-22 13:49 - 000003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA5F70D6-B3A2-4009-BB1C-8008AA73014E}
2017-12-15 12:25 - 2015-04-23 09:45 - 000000000 ____D C:\Program Files\Java
2017-12-15 12:23 - 2017-03-23 10:43 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Sun
2017-12-15 12:23 - 2015-04-23 09:47 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Oracle
2017-12-15 12:23 - 2015-03-15 11:01 - 000000000 ____D C:\ProgramData\Oracle
2017-12-15 12:23 - 2015-03-15 11:00 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Sun
2017-12-15 12:07 - 2015-04-16 09:58 - 000000000 ____D C:\ProgramData\Kingsoft
2017-12-15 12:07 - 2015-04-16 09:57 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Kingsoft
2017-12-15 12:05 - 2017-11-09 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-15 12:05 - 2015-04-23 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-15 12:04 - 2016-05-06 08:51 - 000000000 ____D C:\Program Files (x86)\Innovative Solutions
2017-12-15 12:03 - 2017-05-11 11:05 - 000003190 _____ C:\Windows\System32\Tasks\{5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5}
2017-12-15 12:02 - 2017-06-28 08:44 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-15 12:02 - 2016-05-06 09:29 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-12-14 08:27 - 2017-03-15 11:53 - 000000000 ____D C:\Windows\Minidump
2017-12-14 08:21 - 2015-03-15 07:23 - 000000000 ____D C:\Users\Tall Bob
2017-12-14 03:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-14 03:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 03:02 - 2017-06-28 08:46 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 03:02 - 2017-06-28 08:46 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 15:43 - 2017-09-20 11:16 - 000000000 ____D C:\AdwCleaner
2017-12-13 15:03 - 2015-04-23 17:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-13 14:16 - 2016-05-09 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Time Freeze 2016
2017-12-13 14:16 - 2015-04-23 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2017-12-13 13:26 - 2017-11-08 09:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-12-12 13:51 - 2017-10-05 15:11 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Avg
2017-12-12 13:51 - 2017-10-05 15:11 - 000000000 ____D C:\ProgramData\Avg
2017-12-12 13:22 - 2015-03-16 06:13 - 000000000 ____D C:\Program Files (x86)\IObit
2017-12-12 13:12 - 2016-03-29 12:36 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2017-12-12 13:12 - 2016-03-29 12:36 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2017-12-12 13:12 - 2015-03-16 06:13 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\IObit
2017-12-12 13:12 - 2015-03-16 06:13 - 000000000 ____D C:\ProgramData\IObit
2017-12-12 13:07 - 2015-03-16 06:13 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\IObit
2017-12-12 13:05 - 2017-05-17 10:36 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Little_Apps
2017-12-12 10:54 - 2017-10-24 16:01 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 10:54 - 2016-10-17 16:33 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 10:54 - 2016-10-17 16:33 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 10:54 - 2016-10-17 16:33 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 10:54 - 2015-10-12 16:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 10:54 - 2015-10-12 16:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 10:37 - 2017-10-24 16:14 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-12 10:37 - 2016-05-06 09:29 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-09 10:35 - 2017-05-17 11:47 - 000000000 ____D C:\mcamx
2017-12-08 15:09 - 2017-04-17 09:30 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\CrashDumps
2017-12-08 14:24 - 2015-11-05 10:58 - 000000000 ____D C:\ProgramData\ProductData
2017-11-21 16:14 - 2017-10-12 15:47 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\mgyun
2017-11-21 08:38 - 2017-11-06 14:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Syncios
2017-11-20 15:40 - 2017-10-10 06:51 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-11-20 15:40 - 2015-06-26 07:45 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Comodo
2017-11-20 11:11 - 2015-08-19 07:53 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\GlarySoft
2017-11-17 18:47 - 2015-06-18 10:41 - 000000000 ____D C:\Program Files\Unlocker
2017-11-16 03:18 - 2015-04-15 02:33 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 18:44 - 2009-07-14 00:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-15 18:42 - 2016-05-06 09:29 - 000000000 ____D C:\Program Files\CCleaner
2017-11-15 18:42 - 2015-10-09 15:52 - 000000000 ____D C:\Program Files\ZTE_Handset_USB_Driver
2017-11-15 18:41 - 2016-05-06 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-15 18:41 - 2016-03-29 17:45 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-11-15 18:41 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-15 18:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-11-15 03:08 - 2015-03-15 10:50 - 000000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2017-10-02 06:49 - 2017-10-02 06:49 - 000000000 _____ () C:\ProgramData\cis8CF3.exe
2017-10-02 06:57 - 2017-10-02 06:57 - 000000000 _____ () C:\ProgramData\cis93B7.exe
2017-10-02 06:41 - 2017-08-28 23:52 - 004784832 _____ (COMODO) C:\ProgramData\cisF45C.exe
2017-10-02 06:45 - 2017-08-28 23:52 - 004784832 _____ (COMODO) C:\ProgramData\cisF65F.exe
2017-10-02 06:41 - 2017-08-28 23:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-12-04 00:56 - 2017-12-04 00:56 - 000000000 _____ () C:\Users\Tall Bob\AppData\Local\{4DC90FE7-24A1-4965-8CFB-497A59C03A63}
 
Some files in TEMP:
====================
2017-12-13 13:35 - 2011-08-24 20:31 - 000820480 _____ (DEVGURU Co., Ltd.) C:\Users\Tall Bob\AppData\Local\Temp\tmp_uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\nvbqtxad.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-12-09 16:47
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Tall Bob (15-12-2017 17:30:06)
Running from C:\Users\Tall Bob\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-15 12:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-495565491-129709774-4068553075-500 - Administrator - Disabled)
Guest (S-1-5-21-495565491-129709774-4068553075-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-495565491-129709774-4068553075-1002 - Limited - Enabled)
Tall Bob (S-1-5-21-495565491-129709774-4068553075-1000 - Administrator - Enabled) => C:\Users\Tall Bob
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Allied Machine Insta-Code (HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\cabce8df3486f653) (Version: 10.0.0.12 - Allied Machine)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.10 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA421657}) (Version: 1.1.99.0 - COMODO) Hidden
Files Compare Tool (HKLM-x32\...\{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 151 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180151}) (Version: 8.0.1510.12 - Oracle Corporation)
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mastercam X4 (HKLM-x32\...\{B515E79E-EAE2-4515-A334-B8B8A609A43A}) (Version: 13.0.3.31 - CNC Software, Inc.) Hidden
Mastercam X4 (HKLM-x32\...\InstallShield_{B515E79E-EAE2-4515-A334-B8B8A609A43A}) (Version: 13.0.3.31 - CNC Software, Inc.)
Mastercam X4 Maintenance Update 3 (HKLM-x32\...\{04249B2E-9813-4D75-AD25-F444FE927A49}) (Version: 13.3.0.22 - CNC Software, Inc.) Hidden
Mastercam X4 Maintenance Update 3 (HKLM-x32\...\InstallShield_{04249B2E-9813-4D75-AD25-F444FE927A49}) (Version: 13.3.0.22 - CNC Software, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft USB Hub and Controller Test Tool (MUTT) v2.2 (HKLM-x32\...\{3CD9D9C8-AE23-4503-A665-FB5DF9442685}) (Version: 2.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Syncios 6.2.5 (HKLM-x32\...\Syncios) (Version: 6.2.5 - Anvsoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
ZTE 3GPhone USB Driver 5.2066.1.6 (HKLM\...\{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1) (Version: 5.2066.1.6 - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14156CAD-ED4D-41CA-A6F3-75D1994BD9C9} - \ASC10_SkipUac_Tall Bob -> No File <==== ATTENTION
Task: {4483FC5B-FB3D-439F-8F7E-542EE6494CD0} - System32\Tasks\WpsUpdateTask_Tall Bob => C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe
Task: {59E5A6B5-0EAC-498A-9F9C-F50EFB00216E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {7B3AC80A-EAB4-453D-A0FE-9224039E485A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {93D847E4-AF7A-4CA5-90AB-9F8BD6133572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {A86557FF-740D-46A7-9275-F68DD16B5DB4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {AA01F26C-2962-4CF0-90B3-B194BC4558AE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {D7F983D4-481D-4F58-8DA5-F03B39FF9FB0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {E4540CCE-5B48-431D-8AA7-33C2ADD77C5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {ED78C0BF-2CA1-4E7F-9FDA-7E7FCDA1F762} - System32\Tasks\{5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tall Bob\Downloads\AcroRdrDC1700920044_en_US.exe" -d "C:\Users\Tall Bob\Downloads"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tall Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Tall Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-12 16:46 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-14 03:02 - 2017-12-05 23:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 03:02 - 2017-12-05 23:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-11-30 16:23 - 2017-11-30 16:23 - 004608512 _____ () C:\Users\Tall Bob\AppData\Local\igfxmtc\igfxmtc.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\AdbWinUsbApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftlx0411.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftlx041e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftsrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434161.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434192.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434195.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434161.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434192.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434195.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\VMCPropertyHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmsal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VMWindow.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpchbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPCSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPCWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftlx0411.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftlx041e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftsrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IObitSmartDefragExtension.dll20160330110142.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vmsal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\b57nd60a.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\lsi_sas.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SETA034.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SETC30.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpchbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcnfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcvmm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vusbbus.sys:$CmdTcID [64]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE trusted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-se.com -> 1-se.com
 
There are 11473 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-11-18 08:11 - 000454404 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15596 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-495565491-129709774-4068553075-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.250 - 192.168.1.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: avgnt => 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: crawfish => "C:\Program Files (x86)\Solitary\kruse.exe"
MSCONFIG\startupreg: magnifiers => "C:\Program Files (x86)\prefectures\magnifiers.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E19059D3-19CA-497E-AF2D-DCED470CDFBB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{461CFD68-5732-4872-9056-3D7B3150F003}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{56DA435A-C491-410E-BB9A-41AECEEB9694}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{CF8DEF04-5E0E-45E4-B443-F8135B9342A2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{1E112425-CAF1-469E-8818-D3DE6BD38076}] => (Allow) C:\mcamx\common\editors\CIMCOEdit5\CIMCOEdit.exe
FirewallRules: [{E31F5FC3-945A-470F-9A91-3E62E2E4F9D7}] => (Allow) C:\mcamx\common\editors\CIMCOEdit5\CIMCOEdit.exe
FirewallRules: [{51368211-2254-4DBA-AF17-000CC78F936A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{A23C7D3F-33CF-40D7-BE33-A35F1D801950}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{E02CC3F7-3130-4AB3-8B74-76E4F8C8E7E7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{364C3C05-26D3-4D9C-880F-6DF080ADB254}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{89FB3CDA-02C1-4749-A655-5C17461BD9D2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{140CADFD-F32B-47D8-AE16-455ADCDA8DE1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{A55AF755-28C1-4AE5-8A59-2C343C2184BF}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{9DB29864-DA54-479A-870D-7E874630618E}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{E5E55462-A52B-4768-9E6C-1718E294CB79}] => (Allow) C:\Program Files (x86)\Solitary\kruse.exe
FirewallRules: [{6A98EDA0-442F-4F38-AEE7-DBC946C90CD0}] => (Allow) C:\Program Files (x86)\Saw\kruse.exe
FirewallRules: [{1D5E6C70-BAA5-40D8-ACFD-F0B57B1E9A6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-12-2017 16:55:14 Installed LibreOffice 5.4.3.2
 
==================== Faulty Device Manager Devices =============
 
Name: PortableVBoxDRV
Description: PortableVBoxDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PortableVBoxUSBMon
Description: PortableVBoxUSBMon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxUSBMon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/15/2017 05:25:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 04:51:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 12:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 12:21:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a177d3de-df6a-4ec5-b750-3c00065d146d}
 
Error: (12/15/2017 12:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 10:42:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 09:21:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2017 10:13:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2017 03:12:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2017 12:33:28 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/15/2017 05:24:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-15 17:24:36.333
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 17:24:36.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 16:51:11.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 16:51:11.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:33:05.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:33:05.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:12:47.285
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:12:47.130
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 10:41:45.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 10:41:45.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5345 @ 2.33GHz
Percentage of memory in use: 29%
Total physical RAM: 8189.65 MB
Available physical RAM: 5739.12 MB
Total Virtual: 16377.49 MB
Available Virtual: 13653.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:463.7 GB) (Free:395.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 463.8 GB) (Disk ID: F86FF86F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 16 December 2017 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is a bad SmartService infection.

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

If all went well please run the Farbar program and post fresh FRST and Addition.txt log for my review.

#3 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 16 December 2017 - 08:19 AM

Ran MBAR - no malicious files found - log file below.

 

Ran FRST without issue - log files below

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.16.03
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18860
Tall Bob :: TALLBOB-PC [administrator]
 
12/16/2017 8:08:30 AM
mbar-log-2017-12-16 (08-08-30).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 335
Time elapsed: 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-12-2017
Ran by Tall Bob (administrator) on TALLBOB-PC (16-12-2017 08:12:45)
Running from C:\Users\Tall Bob\Desktop
Loaded Profiles: Tall Bob (Available Profiles: Tall Bob)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\cokzalbsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\coeuvmd.exe
() C:\Users\Tall Bob\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
() C:\Users\Tall Bob\AppData\Local\coeuvmd\dtorzae.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-495565491-129709774-4068553075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
IFEO\cliconfg.exe: [VerifierDlls] Hibiki.dll
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.250 192.168.1.9 192.168.1.1
Tcpip\..\Interfaces\{84DF7D58-0887-4AAF-9594-BC39F2010A4F}: [DhcpNameServer] 192.168.1.250 192.168.1.9 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-09] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-09] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll No File
 
FireFox:
========
FF DefaultProfile: 
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default [2017-12-16]
CHR Extension: (Docs) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-28]
CHR Extension: (DuckDuckGo Search) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-11-24]
CHR Extension: (YouTube) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2017-10-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-28]
CHR Extension: (SuperSorter) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2017-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-28]
CHR Extension: (Chrome Media Router) - C:\Users\Tall Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S2 ss_conn_service; "C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2010-08-07] (Google Inc)
S3 androidusb; C:\Windows\SysWOW64\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
R1 cmdcss; C:\Windows\system32\drivers\cmdcss.sys [112152 2017-06-30] (COMODO)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-11-07] (Glarysoft Ltd)
R2 hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [457216 2015-07-09] (Aladdin Knowledge Systems) [File not signed]
S2 Haspnt; C:\Windows\SysWOW64\drivers\Haspnt.sys [47616 2015-07-09] (Aladdin Knowledge Systems) [File not signed]
S1 HWiNFO32; no ImagePath
S4 IUFileFilter; no ImagePath
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated)
R1 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253880 2017-12-12] (Malwarebytes)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [196040 2017-10-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206976 2017-10-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138432 2017-10-16] (Oracle Corporation)
S2 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [40960 2015-06-26] (Chingachguk & Denger2k) [File not signed]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 PSMNBUS; system32\DRIVERS\PSMNBUS.sys [X]
S3 PSMNMDM; system32\DRIVERS\PSMNMDM.sys [X]
S3 PSMNOBEX; system32\DRIVERS\PSMNOBEX.sys [X]
S3 PSMNVSP; system32\DRIVERS\PSMNVSP.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S1 VBoxDRV; system32\DRIVERS\VBoxDrv.sys [X]
S1 VBoxUSBMon; system32\DRIVERS\VBoxUSBMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-16 08:12 - 2017-12-16 08:13 - 000010770 _____ C:\Users\Tall Bob\Desktop\FRST.txt
2017-12-16 08:12 - 2017-12-16 08:12 - 000000000 ____D C:\Users\Tall Bob\Desktop\FRST-OlderVersion
2017-12-16 08:12 - 2017-12-16 08:11 - 000002096 _____ C:\Users\Tall Bob\Desktop\mbar-log-2017-12-16 (08-08-30).txt
2017-12-16 08:08 - 2017-12-16 08:08 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3747A46A.sys
2017-12-16 08:06 - 2017-12-16 08:06 - 014161479 _____ C:\Users\Tall Bob\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-15 17:25 - 2017-12-16 08:12 - 002392576 _____ (Farbar) C:\Users\Tall Bob\Desktop\FRST64.exe
2017-12-15 17:13 - 2017-12-16 08:12 - 000000000 ____D C:\FRST
2017-12-15 17:13 - 2017-12-15 17:13 - 002392064 _____ (Farbar) C:\Users\Tall Bob\Downloads\FRST64.exe
2017-12-15 17:01 - 2017-12-15 17:01 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\LibreOffice
2017-12-15 16:58 - 2017-12-15 16:58 - 000001458 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk
2017-12-15 16:57 - 2017-12-15 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
2017-12-15 16:56 - 2017-12-15 16:56 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-12-15 16:53 - 2017-12-15 16:54 - 245379072 _____ C:\Users\Tall Bob\Downloads\LibreOffice_5.4.3_Win_x64.msi
2017-12-15 12:29 - 2017-12-15 12:29 - 000140112 ____N C:\Windows\system32\Drivers\nvbqtxad.sys
2017-12-15 12:19 - 2017-12-15 12:19 - 000001046 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-12-15 12:19 - 2017-12-15 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-12-15 12:19 - 2017-12-15 12:19 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-15 12:18 - 2017-12-15 12:18 - 007189760 _____ (VS Revo Group ) C:\Users\Tall Bob\Downloads\revosetup.exe
2017-12-15 07:08 - 2017-12-15 12:03 - 000003958 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Tall Bob
2017-12-15 07:05 - 2017-12-15 07:05 - 000006190 _____ C:\Users\Tall Bob\Desktop\Eset results.txt
2017-12-14 10:12 - 2017-12-15 17:22 - 000339248 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-14 08:53 - 2017-12-16 00:22 - 001195186 ____H C:\Windows\MEMORY.DMP
2017-12-14 08:21 - 2017-12-14 08:21 - 000000000 ____D C:\Users\Tall Bob\.android
2017-12-13 15:54 - 2017-12-13 15:54 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\ESET
2017-12-13 15:53 - 2017-12-13 15:54 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Tall Bob\Downloads\esetonlinescanner_enu.exe
2017-12-13 15:03 - 2017-12-13 15:03 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5175EFB0.sys
2017-12-13 15:02 - 2017-12-16 08:11 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-13 15:01 - 2017-12-16 08:11 - 000000000 ____D C:\Users\Tall Bob\Desktop\mbar
2017-12-13 15:01 - 2017-12-16 08:07 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-12-13 14:01 - 2017-12-13 14:01 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Tall Bob\Desktop\MBAR.exe
2017-12-13 04:30 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 04:30 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 04:30 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-13 04:30 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 04:30 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 04:30 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 04:30 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 04:30 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 04:30 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 04:30 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 04:30 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 04:30 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 04:30 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 04:30 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 04:30 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 04:30 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 04:30 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 04:30 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 04:30 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 04:30 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 04:30 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 04:30 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 04:30 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 04:30 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 04:30 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 04:30 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 04:30 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 04:30 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 04:30 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 04:30 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 04:30 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 04:30 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 04:30 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 04:30 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 04:30 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-13 04:30 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-13 04:30 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 04:30 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 04:30 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-13 04:30 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-13 04:30 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-13 04:30 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-13 04:30 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-13 04:30 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 04:30 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-13 04:30 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-13 04:30 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-13 04:30 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 04:30 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 04:30 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-13 04:30 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-13 04:30 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-13 04:30 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-13 04:30 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 04:30 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-13 04:30 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-13 04:30 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-13 04:30 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-13 04:30 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-13 04:30 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-13 04:30 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 04:30 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 04:30 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-13 04:30 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 04:30 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 04:30 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 04:30 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 04:30 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 04:30 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 04:30 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 04:30 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 04:30 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 04:30 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 04:30 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 04:30 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-12 17:22 - 2017-12-12 17:22 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-12 17:21 - 2017-12-12 17:22 - 000198990 _____ C:\TDSSKiller.3.1.0.15_12.12.2017_17.21.04_log.txt
2017-12-12 17:18 - 2017-12-12 17:19 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Tall Bob\Desktop\toadstoolkiller.exe
2017-12-12 17:05 - 2017-12-12 17:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-12 17:04 - 2017-12-12 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-12 17:04 - 2017-12-12 17:04 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-12 16:56 - 2017-12-12 16:59 - 000003428 _____ C:\Users\Tall Bob\Desktop\Rkill.txt
2017-12-12 16:46 - 2017-12-12 17:04 - 000001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-12 16:46 - 2017-12-12 16:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-12 16:46 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-12 14:22 - 2017-12-12 14:22 - 000000000 ____D C:\32788R22FWJFW
2017-12-12 12:49 - 2017-12-12 12:48 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Tall Bob\Desktop\rkill.exe
2017-12-12 12:48 - 2017-12-12 12:48 - 008172032 _____ (Malwarebytes) C:\Users\Tall Bob\Desktop\AdwCleaner.exe
2017-12-08 10:47 - 2017-12-08 10:47 - 000000702 _____ C:\Users\Tall Bob\Desktop\BOB_YARRISON.lnk
2017-12-04 00:56 - 2017-12-04 00:56 - 000000000 _____ C:\Users\Tall Bob\AppData\Local\{4DC90FE7-24A1-4965-8CFB-497A59C03A63}
2017-12-02 11:25 - 2017-12-12 13:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\AvgSetupLog
2017-12-02 10:57 - 2017-12-02 11:09 - 000000000 ____D C:\AVG_Remover
2017-12-02 09:15 - 2017-12-02 11:29 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys.151223218238802
2017-11-30 10:00 - 2017-12-14 09:20 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\igfxmtc
2017-11-20 08:44 - 2017-11-20 08:44 - 000000165 ____H C:\Users\Tall Bob\Desktop\~$CME TOOL LIST.xlsx
2017-11-17 19:15 - 2017-11-24 11:35 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\cwcpadx
2017-11-17 18:40 - 2017-11-17 18:39 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys.151096205810802
2017-11-17 18:23 - 2017-11-17 18:27 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
2017-11-17 18:23 - 2017-11-17 18:23 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Macromedia
2017-11-17 18:22 - 2017-12-16 08:11 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\coeuvmd
2017-11-17 18:22 - 2017-12-16 06:58 - 002883072 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cokzalbsvc.exe
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Windows\SysWOW64\mbcselp
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Windows\system32\mbcselp
2017-11-17 18:22 - 2017-11-17 18:22 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\et
2017-11-17 18:21 - 2017-12-13 20:42 - 000000000 ___HD C:\Program Files (x86)\prefectures
2017-11-17 18:21 - 2017-11-17 19:04 - 000000000 ____D C:\Program Files (x86)\Solitary
2017-11-17 18:21 - 2017-11-17 18:21 - 000000020 _____ C:\Windows\b82322078
2017-11-17 18:21 - 2017-11-17 18:21 - 000000000 ___HD C:\Program Files (x86)\Saw
2017-11-17 18:20 - 2017-11-17 19:01 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\AGData
2017-11-16 17:56 - 2017-11-16 17:56 - 000035752 _____ C:\Windows\uninstaller.dat
2017-11-16 10:15 - 2017-11-16 10:15 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Temp
2017-11-16 10:14 - 2017-11-16 10:14 - 000000000 ____D C:\Program Files (x86)\USBTest
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-16 08:13 - 2009-07-13 21:34 - 020185088 _____ C:\Windows\system32\config\HARDWARE
2017-12-16 07:42 - 2009-07-14 00:13 - 000914058 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-16 07:42 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-16 07:08 - 2009-07-13 23:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-16 07:08 - 2009-07-13 23:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-16 06:58 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-16 00:16 - 2016-04-22 13:49 - 000003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA5F70D6-B3A2-4009-BB1C-8008AA73014E}
2017-12-15 13:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-12-15 12:25 - 2015-04-23 09:45 - 000000000 ____D C:\Program Files\Java
2017-12-15 12:23 - 2017-03-23 10:43 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Sun
2017-12-15 12:23 - 2015-04-23 09:47 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Oracle
2017-12-15 12:23 - 2015-03-15 11:01 - 000000000 ____D C:\ProgramData\Oracle
2017-12-15 12:23 - 2015-03-15 11:00 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\Sun
2017-12-15 12:07 - 2015-04-16 09:58 - 000000000 ____D C:\ProgramData\Kingsoft
2017-12-15 12:07 - 2015-04-16 09:57 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Kingsoft
2017-12-15 12:05 - 2017-11-09 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-15 12:05 - 2015-04-23 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-15 12:04 - 2016-05-06 08:51 - 000000000 ____D C:\Program Files (x86)\Innovative Solutions
2017-12-15 12:03 - 2017-05-11 11:05 - 000003190 _____ C:\Windows\System32\Tasks\{5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5}
2017-12-15 12:02 - 2017-06-28 08:44 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-15 12:02 - 2016-05-06 09:29 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-12-14 08:27 - 2017-03-15 11:53 - 000000000 ____D C:\Windows\Minidump
2017-12-14 08:21 - 2015-03-15 07:23 - 000000000 ____D C:\Users\Tall Bob
2017-12-14 03:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-14 03:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 03:02 - 2017-06-28 08:46 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 03:02 - 2017-06-28 08:46 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 15:43 - 2017-09-20 11:16 - 000000000 ____D C:\AdwCleaner
2017-12-13 15:03 - 2015-04-23 17:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-13 14:16 - 2016-05-09 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Time Freeze 2016
2017-12-13 14:16 - 2015-04-23 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2017-12-13 13:26 - 2017-11-08 09:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-12-12 13:51 - 2017-10-05 15:11 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Avg
2017-12-12 13:51 - 2017-10-05 15:11 - 000000000 ____D C:\ProgramData\Avg
2017-12-12 13:22 - 2015-03-16 06:13 - 000000000 ____D C:\Program Files (x86)\IObit
2017-12-12 13:12 - 2016-03-29 12:36 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2017-12-12 13:12 - 2016-03-29 12:36 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2017-12-12 13:12 - 2015-03-16 06:13 - 000000000 ____D C:\Users\Tall Bob\AppData\LocalLow\IObit
2017-12-12 13:12 - 2015-03-16 06:13 - 000000000 ____D C:\ProgramData\IObit
2017-12-12 13:07 - 2015-03-16 06:13 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\IObit
2017-12-12 13:05 - 2017-05-17 10:36 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Little_Apps
2017-12-12 10:54 - 2017-10-24 16:01 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 10:54 - 2016-10-17 16:33 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 10:54 - 2016-10-17 16:33 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 10:54 - 2016-10-17 16:33 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 10:54 - 2015-10-12 16:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 10:54 - 2015-10-12 16:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 10:37 - 2017-10-24 16:14 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-12 10:37 - 2016-05-06 09:29 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-09 10:35 - 2017-05-17 11:47 - 000000000 ____D C:\mcamx
2017-12-08 15:09 - 2017-04-17 09:30 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\CrashDumps
2017-12-08 14:24 - 2015-11-05 10:58 - 000000000 ____D C:\ProgramData\ProductData
2017-11-21 16:14 - 2017-10-12 15:47 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\mgyun
2017-11-21 08:38 - 2017-11-06 14:42 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\Syncios
2017-11-20 15:40 - 2017-10-10 06:51 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-11-20 15:40 - 2015-06-26 07:45 - 000000000 ____D C:\Users\Tall Bob\AppData\Local\Comodo
2017-11-20 11:11 - 2015-08-19 07:53 - 000000000 ____D C:\Users\Tall Bob\AppData\Roaming\GlarySoft
2017-11-17 18:47 - 2015-06-18 10:41 - 000000000 ____D C:\Program Files\Unlocker
2017-11-16 03:18 - 2015-04-15 02:33 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Files in the root of some directories =======
 
2017-10-02 06:49 - 2017-10-02 06:49 - 000000000 _____ () C:\ProgramData\cis8CF3.exe
2017-10-02 06:57 - 2017-10-02 06:57 - 000000000 _____ () C:\ProgramData\cis93B7.exe
2017-10-02 06:41 - 2017-08-28 23:52 - 004784832 _____ (COMODO) C:\ProgramData\cisF45C.exe
2017-10-02 06:45 - 2017-08-28 23:52 - 004784832 _____ (COMODO) C:\ProgramData\cisF65F.exe
2017-10-02 06:41 - 2017-08-28 23:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-12-04 00:56 - 2017-12-04 00:56 - 000000000 _____ () C:\Users\Tall Bob\AppData\Local\{4DC90FE7-24A1-4965-8CFB-497A59C03A63}
 
Some files in TEMP:
====================
2017-12-13 13:35 - 2011-08-24 20:31 - 000820480 _____ (DEVGURU Co., Ltd.) C:\Users\Tall Bob\AppData\Local\Temp\tmp_uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\nvbqtxad.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-12-09 16:47
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2017
Ran by Tall Bob (16-12-2017 08:14:14)
Running from C:\Users\Tall Bob\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-15 12:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-495565491-129709774-4068553075-500 - Administrator - Disabled)
Guest (S-1-5-21-495565491-129709774-4068553075-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-495565491-129709774-4068553075-1002 - Limited - Enabled)
Tall Bob (S-1-5-21-495565491-129709774-4068553075-1000 - Administrator - Enabled) => C:\Users\Tall Bob
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Allied Machine Insta-Code (HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\cabce8df3486f653) (Version: 10.0.0.12 - Allied Machine)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.10 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA421657}) (Version: 1.1.99.0 - COMODO) Hidden
Files Compare Tool (HKLM-x32\...\{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 151 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180151}) (Version: 8.0.1510.12 - Oracle Corporation)
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mastercam X4 (HKLM-x32\...\{B515E79E-EAE2-4515-A334-B8B8A609A43A}) (Version: 13.0.3.31 - CNC Software, Inc.) Hidden
Mastercam X4 (HKLM-x32\...\InstallShield_{B515E79E-EAE2-4515-A334-B8B8A609A43A}) (Version: 13.0.3.31 - CNC Software, Inc.)
Mastercam X4 Maintenance Update 3 (HKLM-x32\...\{04249B2E-9813-4D75-AD25-F444FE927A49}) (Version: 13.3.0.22 - CNC Software, Inc.) Hidden
Mastercam X4 Maintenance Update 3 (HKLM-x32\...\InstallShield_{04249B2E-9813-4D75-AD25-F444FE927A49}) (Version: 13.3.0.22 - CNC Software, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft USB Hub and Controller Test Tool (MUTT) v2.2 (HKLM-x32\...\{3CD9D9C8-AE23-4503-A665-FB5DF9442685}) (Version: 2.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Syncios 6.2.5 (HKLM-x32\...\Syncios) (Version: 6.2.5 - Anvsoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
ZTE 3GPhone USB Driver 5.2066.1.6 (HKLM\...\{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1) (Version: 5.2066.1.6 - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14156CAD-ED4D-41CA-A6F3-75D1994BD9C9} - \ASC10_SkipUac_Tall Bob -> No File <==== ATTENTION
Task: {4483FC5B-FB3D-439F-8F7E-542EE6494CD0} - System32\Tasks\WpsUpdateTask_Tall Bob => C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe
Task: {59E5A6B5-0EAC-498A-9F9C-F50EFB00216E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {7B3AC80A-EAB4-453D-A0FE-9224039E485A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {93D847E4-AF7A-4CA5-90AB-9F8BD6133572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {A86557FF-740D-46A7-9275-F68DD16B5DB4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {AA01F26C-2962-4CF0-90B3-B194BC4558AE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {D7F983D4-481D-4F58-8DA5-F03B39FF9FB0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {E4540CCE-5B48-431D-8AA7-33C2ADD77C5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {ED78C0BF-2CA1-4E7F-9FDA-7E7FCDA1F762} - System32\Tasks\{5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tall Bob\Downloads\AcroRdrDC1700920044_en_US.exe" -d "C:\Users\Tall Bob\Downloads"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tall Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Tall Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 16:54 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-12 16:46 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-30 16:23 - 2017-11-30 16:23 - 004608512 _____ () C:\Users\Tall Bob\AppData\Local\igfxmtc\igfxmtc.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\AdbWinUsbApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftlx0411.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftlx041e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftsrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434161.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434192.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434195.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434161.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434192.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434195.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\VMCPropertyHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmsal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VMWindow.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpchbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPCSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPCWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftlx0411.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftlx041e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftsrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IObitSmartDefragExtension.dll20160330110142.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vmsal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\b57nd60a.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\lsi_sas.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SETA034.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SETC30.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpchbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcnfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpcvmm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vusbbus.sys:$CmdTcID [64]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE trusted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-495565491-129709774-4068553075-1000\...\1-se.com -> 1-se.com
 
There are 11473 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-11-18 08:11 - 000454404 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15596 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-495565491-129709774-4068553075-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.250 - 192.168.1.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: avgnt => 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: crawfish => "C:\Program Files (x86)\Solitary\kruse.exe"
MSCONFIG\startupreg: magnifiers => "C:\Program Files (x86)\prefectures\magnifiers.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E19059D3-19CA-497E-AF2D-DCED470CDFBB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{461CFD68-5732-4872-9056-3D7B3150F003}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{56DA435A-C491-410E-BB9A-41AECEEB9694}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{CF8DEF04-5E0E-45E4-B443-F8135B9342A2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{1E112425-CAF1-469E-8818-D3DE6BD38076}] => (Allow) C:\mcamx\common\editors\CIMCOEdit5\CIMCOEdit.exe
FirewallRules: [{E31F5FC3-945A-470F-9A91-3E62E2E4F9D7}] => (Allow) C:\mcamx\common\editors\CIMCOEdit5\CIMCOEdit.exe
FirewallRules: [{51368211-2254-4DBA-AF17-000CC78F936A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{A23C7D3F-33CF-40D7-BE33-A35F1D801950}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{E02CC3F7-3130-4AB3-8B74-76E4F8C8E7E7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{364C3C05-26D3-4D9C-880F-6DF080ADB254}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{89FB3CDA-02C1-4749-A655-5C17461BD9D2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{140CADFD-F32B-47D8-AE16-455ADCDA8DE1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{A55AF755-28C1-4AE5-8A59-2C343C2184BF}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{9DB29864-DA54-479A-870D-7E874630618E}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{E5E55462-A52B-4768-9E6C-1718E294CB79}] => (Allow) C:\Program Files (x86)\Solitary\kruse.exe
FirewallRules: [{6A98EDA0-442F-4F38-AEE7-DBC946C90CD0}] => (Allow) C:\Program Files (x86)\Saw\kruse.exe
FirewallRules: [{1D5E6C70-BAA5-40D8-ACFD-F0B57B1E9A6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-12-2017 16:55:14 Installed LibreOffice 5.4.3.2
16-12-2017 07:03:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PortableVBoxDRV
Description: PortableVBoxDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PortableVBoxUSBMon
Description: PortableVBoxUSBMon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxUSBMon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2017 07:00:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 05:25:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 04:51:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 12:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 12:21:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a177d3de-df6a-4ec5-b750-3c00065d146d}
 
Error: (12/15/2017 12:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 10:42:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/15/2017 09:21:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2017 10:13:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/14/2017 03:12:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/16/2017 08:08:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-16 07:00:00.300
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-16 07:00:00.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 17:24:36.333
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 17:24:36.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 16:51:11.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 16:51:11.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:33:05.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:33:05.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:12:47.285
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-15 12:12:47.130
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vusbbus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5345 @ 2.33GHz
Percentage of memory in use: 28%
Total physical RAM: 8189.65 MB
Available physical RAM: 5886.08 MB
Total Virtual: 16377.49 MB
Available Virtual: 14045.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:463.7 GB) (Free:394.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 463.8 GB) (Disk ID: F86FF86F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 16 December 2017 - 02:23 PM



Hi,

All I asked that your disable are{
Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

Your scan looks like this.

Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Please repeat as suggested.
===

One more question. Was COMODO previously used as your Antivirus and or Firewall?

I see traces of it.

#5 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 18 December 2017 - 07:04 AM

Hello Nasdaq:

 

When I download and run MBAR, the only options I have under "Scan" are to enable/disable Drivers / Sectors / System.

The other scan options you referred to as being disabled do not appear anywhere.

And yes, I formerly used COMODO until it failed an update and then did not uninstall cleanly.

 

What do you suggest I do next?

 

Thank you.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 18 December 2017 - 08:37 AM



Hi,

Download and run the COMODO uninstaller for your operating system.

https://forums.comodo.com/news-announcements-feedback-cis/official-comodo-uninstaller-v2003-released-t121091.0.html

p.s.
Read the information on the page before proceeding.

===

When completed and after a Restart of the computer run the Farbar program one more time.

Post Fresh FRST and Addition.txt logs for my review.

Make sure you check the box to create an addition.txt file otherwise a new file will not be created.

#7 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 18 December 2017 - 10:35 AM

Unable to run the CIS Uninstaller. When I launch the application, nothing happens.

If I run the application as Administrator, the EULA flashes for only a second then aborts.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 18 December 2017 - 01:47 PM

Try to run it in Safe Mode.

#9 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 18 December 2017 - 03:06 PM

Unable to run CIS tool in Safe Mode either as User or as Administrator.

Is this a deal-breaker with the dtorzae.exe problem?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 19 December 2017 - 10:09 AM


Try this all purpose installer.

Please download and install Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select everything associated with COMODO
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished.

---

How is the computer running now?

#11 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 19 December 2017 - 01:53 PM

COMODO is not currently installed as a program, according to REVO and the built-in Windows uninstaller.

There are still numerous folders and files with COMODO in the name if one does a simple search of the C:\ drive.

Am trying to download and run the REVO PRO Uninstaller with the forced clean-up function. Will report results if successful.

 

Problem with dtorzae.exe still exists; 6 instances of the process executable are running and slowing my PC to a crawl.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 20 December 2017 - 08:00 AM



Hi,

Delete the current MBAR program and repeat these instructions.

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

If the mbar-log-TODAY'S-DATE.txt is not in the MBAR folder we will have to try an other way.

#13 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 20 December 2017 - 08:17 AM

Downloaded and ran MBAR - unselected sectors and system only - no option to select or unselect anything other than Drivers, Sectors and System.

 

No option to enable Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken

 

Report says that no malicious items found, no clean-up needed.

 

Log file appears below:

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.20.05
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18860
Tall Bob :: TALLBOB-PC [administrator]
 
12/20/2017 8:08:17 AM
mbar-log-2017-12-20 (08-08-17).txt
 
Scan type: 
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 334
Time elapsed: 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 AM

Posted 20 December 2017 - 09:45 AM



Hi,

Remnant entries from the COMODO may be preventing this fix.

Lets try the hard way.

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.

Start::
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

#15 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 20 December 2017 - 11:02 AM

Launched FRST, pasted the text in the window, hit the FIX button, log file below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Tall Bob (20-12-2017 10:59:20) Run:1
Running from C:\Users\Tall Bob\Downloads
Loaded Profiles: Tall Bob (Available Profiles: Tall Bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
 
*****************
 
C:\Windows\system32\bcdedit.exe => ":$CmdTcID" ADS removed successfully
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
aksdf                 \Device\Mup                             145900       aksdf Instance           0    
aksdf                 C:                                      145900       aksdf Instance           0    
aksdf                                                         145900       aksdf Instance           0    
aksdf                 \Device\HarddiskVolumeShadowCopy8       145900       aksdf Instance           0    
aksdf                 \Device\HarddiskVolumeShadowCopy9       145900       aksdf Instance           0    
aksdf                 G:                                      145900       aksdf Instance           0    
aksdf                 \Device\Harddisk0\DR0                   145900       aksdf Instance           0    
luafv                 C:                                      135000       luafv                    0    
udiskMgr              \Device\Mup                              45888       udiskMgr Instance        0    
udiskMgr              C:                                       45888       udiskMgr Instance        0    
udiskMgr                                                       45888       udiskMgr Instance        0    
udiskMgr              \Device\HarddiskVolumeShadowCopy8        45888       udiskMgr Instance        0    
udiskMgr              \Device\HarddiskVolumeShadowCopy9        45888       udiskMgr Instance        0    
udiskMgr              G:                                       45888       udiskMgr Instance        0    
udiskMgr              \Device\Harddisk0\DR0                    45888       udiskMgr Instance        0    
nxcaohws              \Device\Mup                              45666       nxcaohws Instance        0    
nxcaohws              C:                                       45666       nxcaohws Instance        0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy8        45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy9        45000       FileInfo                 0    
FileInfo              G:                                       45000       FileInfo                 0    
FileInfo              \Device\Harddisk0\DR0                    45000       FileInfo                 0    
 
========= End of CMD: =========
 
 
========= dir /a:-d /o:d C:\windows\system32\drivers =========
 
 Volume in drive C has no label.
 Volume Serial Number is 1AF3-C216
 
 Directory of C:\windows\system32\drivers
 
12/04/2006  10:44 AM           314,368 hardlock.sys
12/13/2006  06:14 PM            65,024 aksdf.sys
06/10/2009  03:30 PM         3,440,660 gm.dls
06/10/2009  03:30 PM               646 gmreadme.txt
06/10/2009  03:31 PM            31,232 hcw85cir.sys
06/10/2009  03:34 PM           468,480 bxvbda.sys
06/10/2009  03:34 PM         3,286,016 evbda.sys
06/10/2009  03:37 PM            23,040 secdrv.sys
06/10/2009  03:41 PM            18,432 BrFiltLo.sys
06/10/2009  03:41 PM             8,704 BrFiltUp.sys
06/10/2009  03:41 PM            47,104 BrSerWdm.sys
06/10/2009  03:41 PM            14,976 BrUsbMdm.sys
06/10/2009  03:41 PM            14,720 BrUsbSer.sys
06/10/2009  03:48 PM           426,496 spsys.sys
07/13/2009  06:19 PM            60,416 processr.sys
07/13/2009  06:19 PM            60,928 amdppm.sys
07/13/2009  06:19 PM            64,512 amdk8.sys
07/13/2009  06:19 PM            62,464 intelppm.sys
07/13/2009  06:19 PM             6,144 null.sys
07/13/2009  06:19 PM            92,160 cdfs.sys
07/13/2009  06:19 PM            26,112 msfs.sys
07/13/2009  06:19 PM            44,032 npfs.sys
07/13/2009  06:19 PM           105,472 i8042prt.sys
07/13/2009  06:25 PM            34,304 filetrace.sys
07/13/2009  06:31 PM            14,336 wmiacpi.sys
07/13/2009  06:31 PM            17,664 CmBatt.sys
07/13/2009  06:31 PM             9,728 errdev.sys
07/13/2009  06:31 PM            26,624 hidbatt.sys
07/13/2009  06:35 PM            45,056 blbdrive.sys
07/13/2009  06:37 PM            40,448 discache.sys
07/13/2009  06:37 PM            42,496 watchdog.sys
07/13/2009  06:38 PM            16,896 dxapi.sys
07/13/2009  06:38 PM            98,816 dxg.sys
07/13/2009  06:38 PM            29,184 vga.sys
07/13/2009  06:38 PM            29,184 vgapnp.sys
07/13/2009  06:38 PM           129,024 videoprt.sys
07/13/2009  06:38 PM            30,208 monitor.sys
07/13/2009  07:00 PM             6,656 beep.sys
07/13/2009  07:00 PM             6,784 mspqm.sys
07/13/2009  07:00 PM             7,168 mspclock.sys
07/13/2009  07:00 PM             8,064 mstee.sys
07/13/2009  07:00 PM            11,136 mskssrv.sys
07/13/2009  07:00 PM            20,992 ksthunk.sys
07/13/2009  07:00 PM            26,624 sermouse.sys
07/13/2009  07:00 PM            31,232 mouhid.sys
07/13/2009  07:00 PM            23,552 serenum.sys
07/13/2009  07:00 PM            20,992 smclib.sys
07/13/2009  07:00 PM            94,208 serial.sys
07/13/2009  07:00 PM            97,280 parport.sys
07/13/2009  07:00 PM            24,576 flpydisk.sys
07/13/2009  07:00 PM            29,696 fdc.sys
07/13/2009  07:01 PM            14,336 sffdisk.sys
07/13/2009  07:01 PM            16,896 sfloppy.sys
07/13/2009  07:01 PM            13,824 sffp_mmc.sys
07/13/2009  07:01 PM            29,184 tape.sys
07/13/2009  07:01 PM            22,016 mcd.sys
07/13/2009  07:02 PM            27,776 wacompen.sys
07/13/2009  07:02 PM            15,360 MTConfig.sys
07/13/2009  07:06 PM            46,592 hidir.sys
07/13/2009  07:06 PM             8,192 mshidkmdf.sys
07/13/2009  07:06 PM            45,568 circlass.sys
07/13/2009  07:06 PM            68,096 1394bus.sys
07/13/2009  07:06 PM            72,832 ohci1394.sys
07/13/2009  07:06 PM           100,864 hidbth.sys
07/13/2009  07:06 PM            72,192 bthmodem.sys
07/13/2009  07:06 PM             9,728 umpass.sys
07/13/2009  07:07 PM            24,576 vwifibus.sys
07/13/2009  07:07 PM            59,904 vwififlt.sys
07/13/2009  07:07 PM            17,920 vwifimp.sys
07/13/2009  07:08 PM            35,328 ndiscap.sys
07/13/2009  07:08 PM            77,312 mpsdrv.sys
07/13/2009  07:08 PM            60,928 lltdio.sys
07/13/2009  07:08 PM            76,800 rspndr.sys
07/13/2009  07:08 PM            17,920 irenum.sys
07/13/2009  07:09 PM           120,320 irda.sys
07/13/2009  07:09 PM            93,184 smb.sys
07/13/2009  07:09 PM            44,544 netbios.sys
07/13/2009  07:09 PM            12,800 wfplwf.sys
07/13/2009  07:09 PM            46,592 qwavedrv.sys
07/13/2009  07:10 PM            24,064 ndistapi.sys
07/13/2009  07:10 PM           116,224 ipnat.sys
07/13/2009  07:10 PM            14,848 rasacd.sys
07/13/2009  07:10 PM            23,040 asyncmac.sys
07/13/2009  07:10 PM            92,672 raspppoe.sys
07/13/2009  07:10 PM            60,416 agilevpn.sys
07/13/2009  07:10 PM            83,968 rassstp.sys
07/13/2009  07:10 PM            21,504 ws2ifsl.sys
07/13/2009  07:10 PM            11,264 rootmdm.sys
07/13/2009  07:10 PM            40,448 modem.sys
07/13/2009  07:16 PM            15,872 tdpipe.sys
07/13/2009  07:16 PM             7,680 RDPENCDD.sys
07/13/2009  07:16 PM             7,680 RDPCDD.sys
07/13/2009  07:16 PM             8,192 RDPREFMP.sys
07/13/2009  07:17 PM            24,064 rdpbus.sys
07/13/2009  07:38 PM            25,088 usbprint.sys
07/13/2009  08:01 PM            95,232 bridge.sys
07/13/2009  08:19 PM           286,720 BrSerId.sys
07/13/2009  08:43 PM            55,128 dumpfve.sys
07/13/2009  08:45 PM           128,592 ql40xx.sys
07/13/2009  08:45 PM            43,584 sisraid2.sys
07/13/2009  08:45 PM            12,352 pciide.sys
07/13/2009  08:45 PM           220,752 pcmcia.sys
07/13/2009  08:45 PM            50,768 pcw.sys
07/13/2009  08:45 PM            80,464 sisraid4.sys
07/13/2009  08:45 PM         1,524,816 ql2300.sys
07/13/2009  08:45 PM            48,720 pciidex.sys
07/13/2009  08:45 PM            19,008 spldr.sys
07/13/2009  08:45 PM            12,496 swenum.sys
07/13/2009  08:45 PM            64,080 UAGP35.SYS
07/13/2009  08:45 PM            64,592 ULIAGPKX.SYS
07/13/2009  08:45 PM            24,656 stexstor.sys
07/13/2009  08:45 PM            21,056 wd.sys
07/13/2009  08:45 PM            17,488 viaide.sys
07/13/2009  08:45 PM            36,432 vdrvroot.sys
07/13/2009  08:45 PM           161,872 vsmraid.sys
07/13/2009  08:45 PM            16,464 wmilib.sys
07/13/2009  08:45 PM            22,096 wimmount.sys
07/13/2009  08:47 PM            65,088 GAGP30KX.SYS
07/13/2009  08:47 PM            24,144 crcdisk.sys
07/13/2009  08:47 PM            28,736 Dumpata.sys
07/13/2009  08:47 PM            39,504 crashdmp.sys
07/13/2009  08:47 PM           530,496 elxstor.sys
07/13/2009  08:47 PM            70,224 fileinfo.sys
07/13/2009  08:47 PM            55,376 fsdepends.sys
07/13/2009  08:48 PM            50,768 kbdclass.sys
07/13/2009  08:48 PM            16,960 intelide.sys
07/13/2009  08:48 PM            44,112 iirsp.sys
07/13/2009  08:48 PM            65,600 lsi_sas2.sys
07/13/2009  08:48 PM           115,776 lsi_scsi.sys
07/13/2009  08:48 PM           114,752 lsi_fc.sys
07/13/2009  08:48 PM            35,392 megasas.sys
07/13/2009  08:48 PM           284,736 MegaSR.sys
07/13/2009  08:48 PM            20,544 isapnp.sys
07/13/2009  08:48 PM           122,960 NV_AGP.SYS
07/13/2009  08:48 PM            51,264 nfrd960.sys
07/13/2009  08:48 PM            15,424 msisadrv.sys
07/13/2009  08:48 PM            49,216 mouclass.sys
07/13/2009  08:48 PM            32,320 mssmbios.sys
07/13/2009  08:48 PM            60,496 mup.sys
07/13/2009  08:52 PM           194,128 amdsbs.sys
07/13/2009  08:52 PM            15,440 aliide.sys
07/13/2009  08:52 PM            87,632 arc.sys
07/13/2009  08:52 PM           491,088 adp94xx.sys
07/13/2009  08:52 PM            24,128 atapi.sys
07/13/2009  08:52 PM            97,856 arcsas.sys
07/13/2009  08:52 PM           182,864 adpu320.sys
07/13/2009  08:52 PM            28,240 battc.sys
07/13/2009  08:52 PM            15,440 amdide.sys
07/13/2009  08:52 PM           339,536 adpahci.sys
07/13/2009  08:52 PM            61,008 AGP440.sys
07/13/2009  08:52 PM            21,584 compbatt.sys
07/13/2009  08:52 PM            17,488 cmdide.sys
08/07/2010  02:19 PM            31,744 androidusb.sys
09/08/2010  09:38 AM           122,624 zghsvousb.sys
09/08/2010  09:38 AM           122,624 zghsmdm.sys
09/08/2010  09:38 AM           122,624 zghsnmea.sys
09/08/2010  09:38 AM           122,624 zghsat.sys
09/08/2010  09:38 AM           122,624 zghsdiag.sys
11/20/2010  10:23 PM            41,984 winusb.sys
11/20/2010  10:23 PM           350,208 HdAudio.sys
11/20/2010  10:23 PM            14,336 sffp_sd.sys
11/20/2010  10:23 PM           140,672 msdsm.sys
11/20/2010  10:23 PM           155,008 mpio.sys
11/20/2010  10:23 PM            38,912 CompositeBus.sys
11/20/2010  10:23 PM            12,800 acpipmi.sys
11/20/2010  10:23 PM            63,360 termdd.sys
11/20/2010  10:23 PM           122,368 hdaudbus.sys
11/20/2010  10:23 PM            71,552 volmgr.sys
11/20/2010  10:23 PM           184,704 pci.sys
11/20/2010  10:23 PM            33,280 kbdhid.sys
11/20/2010  10:23 PM            30,208 hidusb.sys
11/20/2010  10:23 PM           229,888 1394ohci.sys
11/20/2010  10:23 PM           215,936 vhdmp.sys
11/20/2010  10:23 PM           295,808 volsnap.sys
11/20/2010  10:23 PM            78,720 HpSAMD.sys
11/20/2010  10:23 PM           147,456 cdrom.sys
11/20/2010  10:23 PM           103,808 sbp2port.sys
11/20/2010  10:23 PM           334,208 acpi.sys
11/20/2010  10:23 PM            48,640 umbus.sys
11/20/2010  10:23 PM            31,104 msahci.sys
11/20/2010  10:23 PM            78,848 IPMIDrv.sys
11/20/2010  10:23 PM            46,464 vmstorfl.sys
11/20/2010  10:23 PM             6,656 vms3cap.sys
11/20/2010  10:23 PM            21,760 VMBusHID.sys
11/20/2010  10:23 PM            71,168 dmvsc.sys
11/20/2010  10:23 PM           199,552 vmbus.sys
11/20/2010  10:23 PM            52,096 winhv.sys
11/20/2010  10:23 PM            34,688 storvsc.sys
11/20/2010  10:23 PM           328,192 udfs.sys
11/20/2010  10:24 PM           171,392 scsiport.sys
11/20/2010  10:24 PM           289,664 fltMgr.sys
11/20/2010  10:24 PM            26,624 tdi.sys
11/20/2010  10:24 PM           164,352 ndiswan.sys
11/20/2010  10:24 PM           131,584 pacer.sys
11/20/2010  10:24 PM            29,696 scfilter.sys
11/20/2010  10:24 PM            32,896 USBCAMD2.sys
11/20/2010  10:24 PM            88,576 wanarp.sys
11/20/2010  10:24 PM            57,856 ndproxy.sys
11/20/2010  10:24 PM           366,976 msrpc.sys
11/20/2010  10:24 PM           125,440 tunnel.sys
11/20/2010  10:24 PM           243,712 ks.sys
11/20/2010  10:24 PM            14,720 hwpolicy.sys
11/20/2010  10:24 PM           179,072 Classpnp.sys
11/20/2010  10:24 PM            82,944 ipfltdrv.sys
11/20/2010  10:24 PM            56,832 ndisuio.sys
11/20/2010  10:24 PM           111,104 raspptp.sys
11/20/2010  10:24 PM           129,536 rasl2tp.sys
11/20/2010  10:24 PM           213,888 rdyboost.sys
11/20/2010  10:24 PM            31,744 usbrpm.sys
11/20/2010  10:24 PM           514,560 csc.sys
11/20/2010  10:25 PM           165,888 rdpdr.sys
03/11/2011  01:41 AM           107,904 amdsata.sys
03/11/2011  01:41 AM            27,008 amdxata.sys
03/11/2011  01:41 AM           410,496 iaStorV.sys
03/11/2011  01:41 AM           148,352 nvraid.sys
03/11/2011  01:41 AM           166,272 nvstor.sys
02/16/2012  11:57 PM            23,552 tdtcp.sys
03/01/2012  01:46 AM            23,408 fs_rec.sys
03/17/2012  02:58 AM            75,120 partmgr.sys
06/02/2012  09:57 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
06/20/2012  11:51 AM            20,232 massfilter_hs.sys
07/04/2012  03:26 PM            41,472 RNDISMP.sys
07/25/2012  09:26 PM           198,656 WUDFRd.sys
07/25/2012  09:26 PM            87,040 WUDFPf.sys
10/31/2012  04:02 PM            32,136 viahsets.sys
11/09/2012  03:14 PM            62,728 viahsser.sys
11/28/2012  05:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
11/28/2012  05:56 PM            54,376 WdfLdr.sys
01/24/2013  01:01 AM           223,752 fvevol.sys
02/11/2013  11:12 PM            19,968 usb8023.sys
06/25/2013  05:55 PM           785,624 Wdf01000.sys
07/02/2013  11:05 PM            32,896 hidparse.sys
07/02/2013  11:05 PM            76,800 hidclass.sys
07/12/2013  05:41 AM           100,864 usbcir.sys
08/04/2013  09:25 PM           155,584 ataport.sys
09/11/2013  02:26 PM           175,808 zghsnet.sys
02/03/2014  09:35 PM            27,584 Diskdump.sys
02/03/2014  09:35 PM           274,880 msiscsi.sys
02/03/2014  09:35 PM           190,912 storport.sys
03/17/2014  09:58 AM           133,960 zghsser.sys
07/16/2014  08:21 PM           212,480 rdpwd.sys
03/15/2015  07:29 AM                 0 Msft_User_WpdFs_01_09_00.Wdf
04/10/2015  10:19 PM            69,888 stream.sys
04/23/2015  10:18 AM                 0 Msft_Kernel_WinUSB_01007.Wdf
04/29/2015  11:07 AM                 0 Msft_Kernel_WinUSB_01009.Wdf
06/26/2015  02:24 PM            40,960 vusbbus.sys
07/08/2015  07:24 AM            30,208 TsUsbGD.sys
07/08/2015  07:24 AM            19,456 rdpvideominiport.sys
07/25/2015  09:29 AM           360,832 vpcvmm.sys
07/25/2015  09:29 AM           194,944 vpchbus.sys
07/25/2015  09:29 AM            95,232 vpcusb.sys
07/25/2015  09:29 AM            59,392 vpcnfltr.sys
10/09/2015  10:48 AM                 0 Msft_Kernel_androidusb_01005.Wdf
10/09/2015  11:17 AM                 0 Msft_User_WpdMtpDr_01_09_00.Wdf
11/13/2015  08:30 AM           950,720 ndis.sys
12/14/2015  04:16 PM           146,944 rmcast.sys
01/13/2016  03:33 AM             5,632 drmkaud.sys
01/13/2016  03:33 AM           116,736 drmk.sys
01/13/2016  03:33 AM           230,400 portcls.sys
03/28/2016  03:45 PM            91,648 USBSTOR.SYS
03/30/2016  10:12 AM            73,664 disk.sys
11/16/2016  10:23 AM           467,736 b57nd60a.sys
12/05/2016  02:32 PM           520,032 trufos.sys
12/21/2016  02:52 PM            40,240 revoflt.sys
01/24/2017  10:00 AM            46,080 tcpipreg.sys
01/24/2017  10:12 AM            90,112 bowser.sys
01/24/2017  10:12 AM           106,496 dfsc.sys
01/24/2017  10:12 AM           142,336 mrxdav.sys
01/24/2017  10:12 AM           467,392 cng.sys
01/24/2017  10:12 AM           663,552 PEAuth.sys
03/07/2017  02:22 PM           438,808 iaStor.sys
03/21/2017  03:48 PM           129,032 lsi_sas.sys
03/21/2017  03:49 PM            56,832 TsUsbFlt.sys
04/03/2017  04:04 PM            40,664 tap0901.sys
04/04/2017  09:53 AM           496,128 afd.sys
04/19/2017  11:22 AM           205,312 fastfat.sys
04/19/2017  11:22 AM           195,584 exfat.sys
05/02/2017  11:43 AM        12,905,016 nvlddmkm.sys
05/07/2017  10:33 AM            94,440 mountmgr.sys
05/16/2017  10:35 AM           265,448 dxgmms1.sys
05/16/2017  10:35 AM           986,856 dxgkrnl.sys
05/29/2017  11:56 PM           287,976 FWPKCLNT.SYS
05/29/2017  11:56 PM           377,576 netio.sys
05/29/2017  11:56 PM         1,895,656 tcpip.sys
06/15/2017  03:23 PM           753,664 http.sys
06/30/2017  06:07 AM           112,152 cmdcss.sys
07/05/2017  02:29 AM            50,856 isedrv.sys
07/07/2017  10:33 AM           363,752 volmgrx.sys
07/29/2017  09:56 AM           117,248 tdx.sys
08/07/2017  11:50 PM            31,664 cmderd.sys
08/07/2017  11:50 PM           844,584 cmdguard.sys
08/07/2017  11:50 PM            57,504 cmdhlp.sys
08/07/2017  11:50 PM           122,520 inspect.sys
08/11/2017  12:58 AM            26,112 nsiproxy.sys
08/11/2017  01:00 AM           262,656 netbt.sys
08/13/2017  04:45 PM            40,448 tssecsrv.sys
09/07/2017  09:55 AM           168,448 srvnet.sys
09/07/2017  09:55 AM           405,504 srv2.sys
09/07/2017  09:55 AM           461,312 srv.sys
09/13/2017  09:53 AM           129,536 mrxsmb20.sys
09/13/2017  09:53 AM           291,328 mrxsmb10.sys
09/13/2017  09:53 AM           159,744 mrxsmb.sys
09/13/2017  10:00 AM            62,464 appid.sys
09/13/2017  10:05 AM           324,608 nwifi.sys
09/13/2017  10:32 AM            95,464 ksecdd.sys
09/13/2017  10:32 AM           154,856 ksecpkg.sys
10/01/2017  03:55 AM         7,715,332 fvstore.dat
10/02/2017  07:00 AM         1,474,832 sfi.dat
10/11/2017  07:20 PM           113,152 luafv.sys
10/11/2017  07:20 PM           317,440 rdbss.sys
10/16/2017  11:48 AM           196,040 VBoxNetAdp6.sys
10/16/2017  11:48 AM           138,432 VBoxUSB.sys
10/16/2017  11:48 AM           206,976 VBoxNetLwf.sys
10/16/2017  06:07 PM         1,680,616 ntfs.sys
10/17/2017  09:06 PM             7,808 usbd.sys
10/17/2017  09:06 PM            30,720 usbuhci.sys
10/17/2017  09:06 PM            25,600 usbohci.sys
10/17/2017  09:06 PM           327,168 usbport.sys
10/17/2017  09:06 PM            56,320 usbehci.sys
10/17/2017  09:06 PM            99,840 usbccgp.sys
10/17/2017  09:06 PM           344,064 usbhub.sys
11/07/2017  12:55 PM            20,160 GUBootStartup.sys
11/17/2017  06:27 PM            37,552 WinDivert64.sys
11/17/2017  06:39 PM           447,800 avgSP.sys.151096205810802
12/02/2017  11:29 AM           447,800 avgSP.sys.151223218238802
12/13/2017  03:03 PM           255,928 5175EFB0.sys
12/16/2017  08:08 AM           255,928 3747A46A.sys
12/16/2017  08:35 AM           255,928 63679735.sys
12/18/2017  07:55 AM           255,928 54745689.sys
12/20/2017  08:07 AM           192,952 mbamchameleon.sys
12/20/2017  08:08 AM           255,928 F65464FF.sys
12/20/2017  08:40 AM           140,112 nvbadhkn.sys
             332 File(s)     73,052,276 bytes
               0 Dir(s)  427,491,753,984 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 10:59:21 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users